EUVD-2025-150356

Anubis is a Web AI Firewall Utility that challenges users' connections in order to protect upstream resources from scraper bots. Prior to version 1.23.0, when using subrequest authentication, Anubis did not perform validation of the redirect URL and redirects user to any URL scheme. While most...

SUSE CVE-2025-13016

Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5...

SUSE CVE-2025-13024

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 145 and Thunderbird 145...

Vega 跨站脚本漏洞

Vega is a Javscript-based software from the Vega team that can be used to create interactive visual displays. The software can describe data visualizations using JSON format and generate interactive views using HTML5 Canvas or SVG. A cross-site scripting vulnerability exists in Vega versions prio...

RHEL 9 : firefox (RHSA-2025:21280)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:21280 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

Linux Distros Unpatched Vulnerability : CVE-2025-64718

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and 3.14.2, it's possible for an attacker to modify the prototype of the result of a...

xCally Omnichannel 跨站脚本漏洞

xCally Omnichannel is an integrated communication platform from the Italian company xCally. A cross-site scripting vulnerability exists in xCally Omnichannel version v3.30.1, which stems from reflective cross-site scripting and could lead to an attacker executing malicious JavaScript code...

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: Mitigation bypass in the DOM: Security component CVE-2025-13018 firefox: Use-after-free in the Audio/Video component CVE-2025-13014 firefox: Incorrect boundary...

Malicious code in odasv-knu-bobacuvolavafin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c4d5b1ebe95593e9683cc2e31bb0158747f738f5b7787695f8dc8047d8cbaabc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-136510

Malicious code in indea-fodio-agajonaifau npm...

EUVD-2025-138088

Malicious code in avarage-olios-noilagagi npm...

EUVD-2025-137939

Malicious code in flights-lutuig-adio npm...

EUVD-2025-136267

Malicious code in itale-adci-gnuygujkujri npm...

EUVD-2025-136836

Malicious code in imugay-avig-ij npm...

EUVD-2025-137830

Malicious code in flights-tuiga-alumabivza npm...

EUVD-2025-132793

Malicious code in @akunsansan0/karedok33 npm...

EUVD-2025-132315

Malicious code in roti41 npm...

EUVD-2025-50820

changedetection.io: Stored XSS in Watch update via API...

EUVD-2025-134558

Malicious code in kisut-afncg-akifiacufub npm...

EUVD-2025-134352

Malicious code in kiudt-acog-efiuivcafav npm...