Malicious code in jquery.validate.additional-methods-br (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 38146e8961491ebc882527395be69e281eeb62c0a44bba6abe87a8c037614c59 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-24989

An improper access control vulnerability in Power Pages allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control. This vulnerability has already been mitigated in the service and all affected customers have been notified. This update...

Hard drives containing sensitive medical data found in flea market

Somebody bought a batch of 15 GB hard drives from a flea market, and during a routine check of the contents they found medical data about hundreds of patients. After some more investigation in the Netherlands, it turned out the data came from a software provider in the medical industry which had...

CVE-2024-12651

Exposed Dangerous Method or Function vulnerability in PTT Inc. HGS Mobile App allows Manipulating User-Controlled Variables. This issue affects HGS Mobile App: before 6.5.0...

CVE-2024-29735

Improper Preservation of Permissions vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.8.2 through 2.8.3. Airflow's local file task handler in Airflow incorrectly set permissions for all parent folders of log folder, in default configuration adding write access to Unix grou...

Firefox + custom elements + iframes bug

Over at Shopify we've been building a bunch of web components to use internally and in third party contexts. All of a sudden, we found some strange errors in our logs, all from Firefox. This is the post I wish existed when we discovered it. Update: This is now fixed, and should land in Firefox 15...

CLSA-2025-1739387678 tomcat: Fix of CVE-2023-42795

CVE-2023-42795: improve handling of failures during recycle methods...

Moderate: Red Hat Security Advisory: doxygen security update

An update for doxygen is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods

A flaw was found in jQuery. HTML containing \ elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity...

jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods

A flaw was found in jQuery. HTML containing \ elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity...

jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods

A flaw was found in jQuery. HTML containing \ elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity...

Description of the security update for SharePoint Server Subscription Edition: February 11, 2025 (KB5002681)

Description of the security update for SharePoint Server Subscription Edition: February 11, 2025 KB5002681 Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and...

Description of the security update for Office 2016: February 11, 2025 (KB5002686)

Description of the security update for Office 2016: February 11, 2025 KB5002686 Summary This security update resolves a Microsoft Office remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2025-21392. Note: To apply th...

Description of the security update for Excel 2016: February 11, 2025 (KB5002687)

Description of the security update for Excel 2016: February 11, 2025 KB5002687 Summary This security update resolves a Microsoft Excel remote code execution vulnerability. To learn more about the vulnerability, see the following security advisories: Microsoft Common Vulnerabilities and Exposures...

RHEL 8 : doxygen (RHSA-2025:1314)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1314 advisory. Doxygen can generate an online class browser in HTML and/or a reference manual in LaTeX from a set of documented source files. The documentation is...

jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods

A flaw was found in jQuery. HTML containing \ elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity...

jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods

A flaw was found in jQuery. HTML containing \ elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity...

jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods

A flaw was found in jQuery. HTML containing \ elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity...

Azure Linux 3.0 Security Update: python3 (CVE-2024-0397)

The version of python3 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-0397 advisory. - A defect was discovered in the Python ssl module where there is a memory race condition with the...

OESA-2025-1092 infinispan security update

Infinispan is an extremely scalable, highly available data grid platform - 100% open source, and written in Java. The purpose of Infinispan is to expose a data structure that is highly concurrent, designed ground-up to make the most of modern multi-processor/multi-core architectures while at the...