GO-2025-4101 OpenTofu affected denials of service in "tofu init" with maliciously-crafted module package responses in github.com/opentofu/opentofu

OpenTofu affected denials of service in "tofu init" with maliciously-crafted module package responses in github.com/opentofu/opentofu...

MAL-2025-108209 Malicious code in rough_tarantula_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66288a80f08f582676d3edd0dac24daa62ad4f41033219812d321cea824a9532 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-38692 Malicious code in vulcan-jupiter-scripts-module (npm)

The package vulcan-jupiter-scripts-module was found to contain malicious code...

Malicious code in sadr-cache-update-module (npm)

The package sadr-cache-update-module was found to contain malicious code...

MAL-2025-38684 Malicious code in vuetify-electron-builder-pulsar-module (npm)

The package vuetify-electron-builder-pulsar-module was found to contain malicious code...

MAL-2025-5404 Malicious code in es6-module-package (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8ba0c43a1f7b9408d4c635c3862281a3d3c970336ed789bd8a02920546e626da Any computer that has this package installed or running should be considered...

Security update for ovmf

This update for ovmf fixes the following issues: CVE-2024-1298: MdeModulePkg: Potential UINT32 overflow in S3 ResumeCount bsc1225889 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run th...

OESA-2022-1988 edk2 security update

Security Fixes: Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access.CVE-2019-11098...

OESA-2022-1986 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local access.CVE-2019-14584 Insufficie...

lsmmdma (>=0.0.4 <=0.1.7), tpu-tf2 (=1.0.0) potentially affected by CVE-2022-23576 via tensorflow-cpu (=2.7.0)

tensorflow-cpu PYPI version =2.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-cpu and may be impacted: - lsmmdma =0.0.4, =0.1.7 - tpu-tf2 =1.0.0 Source cves: CVE-2022-23576 Source advisory: OSV:GHSA-WM93-F238-7V37...

PT-2020-14932

Name of the Vulnerable Software and Affected Versions Ansible Engine versions 2.7.x through 2.9.x Description A flaw was found in Ansible Engine when the module package or service is used and the parameter use is not specified. If a previous task is executed with a malicious user, the module sent...

PT-2019-6169 · Intel +5 · Edk Ii +5

Name of the Vulnerable Software and Affected Versions: EDKII affected versions not specified Description: The issue is related to insufficient input validation in the MdeModulePkg component of EDKII, which may allow an unauthenticated user with physical access to potentially enable escalation of...

w3bcms Gaestebuch 3.0.0 - Blind SQL Injection

w3bcms Gaestebuch 3.0.0 - Blind SQL Injection !/usr/bin/perl use LWP::UserAgent; use HTTP::Request::Common qwPOST; use Getopt::Long; '/ -.- ------------------oOO------OOo----------------- | | | / / / / | | / / / / / / / / / / / | | // // / / / // / // / // | | ///,// /./,/, // | | Security...