CVE-2025-11538 Keycloak-server: debug default bind address

A vulnerability exists in Keycloak's server distribution where enabling debug mode --debug insecurely defaults to binding the Java Debug Wire Protocol JDWP port to all network interfaces 0.0.0.0. This exposes the debug port to the local network, allowing an attacker on the same network segment to...

CVE-2025-11538

A vulnerability exists in Keycloak's server distribution where enabling debug mode --debug insecurely defaults to binding the Java Debug Wire Protocol JDWP port to all network interfaces 0.0.0.0. This exposes the debug port to the local network, allowing an attacker on the same network segment to...

EUVD-2025-176328

Malicious code in small-interpret-java-reject-data npm...

EUVD-2025-177749

Malicious code in mu-mu-psi-zero-java npm...

EUVD-2025-178290

Malicious code in java-short-string-java-yaml npm...

EUVD-2025-176539

Malicious code in sandbox-export-integer-alpha-java npm...

EUVD-2025-178288

Malicious code in java-socket-cluster-decode-catch npm...

EUVD-2025-178287

Malicious code in java-theta-theta-zero-static npm...

EUVD-2025-178289

Malicious code in java-simple-void-fork-sudo npm...

EUVD-2025-176799

Malicious code in rain-interface-java-bundle-wind npm...

EUVD-2025-177463

Malicious code in omicron-module-export-java-bundle npm...

EUVD-2025-178428

Malicious code in index-short-java-phi-virtualize npm...

EUVD-2025-176304

Malicious code in socket-mock-java-rho-spy npm...

EUVD-2025-175636

Malicious code in water-catch-cloud-upsilon-java npm...

Malicious code in socket-mock-java-rho-spy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c73783490d318eb38b0f589f800124ffffafbe09192fd2fb01fc5ce1f82b4195 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-178377

Malicious code in integer-slow-java-object-string npm...

EUVD-2025-177471

Malicious code in omega-big-zero-export-java npm...

EUVD-2025-180270

Malicious code in async-eta-try-balance-java npm...

Malicious code in omega-big-zero-export-java (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6452494d4a91b262c8f8c973f098395e47d3fd525719d07e2c95a4915fae749b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in omicron-module-export-java-bundle (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a8baa5da2116892ab1c8ca6241a6768c919d67b33a8bef9202824403296618e6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...