EUVD-2025-198297

When zx is invoked with --prefer-local=, the CLI creates a symlink named ./nodemodules pointing to /nodemodules. Due to a logic error in src/cli.ts linkNodeModules / cleanup, the function returns the target path instead of the alias symlink path. The later cleanup routine removes what it received...

Use of Incorrectly-Resolved Name or Reference

Overview zx is an A tool for writing better scripts Affected versions of this package are vulnerable to Use of Incorrectly-Resolved Name or Reference via the linkNodeModules function. An attacker can cause deletion of arbitrary directories by supplying a crafted path to the --prefer-local...

CVE-2025-13437 Arbitrary node_modules Directory Deletion in Google zx

When zx is invoked with --prefer-local=, the CLI creates a symlink named ./nodemodules pointing to /nodemodules. Due to a logic error in src/cli.ts linkNodeModules / cleanup, the function returns the target path instead of the alias symlink path. The later cleanup routine removes what it received...

zx 安全漏洞

zx is a Google open source tool for writing scripts. A security vulnerability exists in zx that stems from a logic error that could lead to the deletion of the external nodemodules directory...

TencentOS Server 3: python39:3.9 and python39-devel:3.9 (TSSA-2024:0768)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0768 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

PT-2025-47601

Name of the Vulnerable Software and Affected Versions zx affected versions not specified Description A flaw exists in zx where, when invoked with the --prefer-local option pointing to a specific path, the command-line interface creates a symbolic link named ./node modules to the specified path’s...

dev.savantly.nexus:agents-module (=3.4.0), dev.savantly.nexus:common-types-module (=3.4.0) +156 more potentially affected by CVE-2025-64408 via org.apache.causeway.commons:causeway-commons (>=2.0.0-RC1 <=3.4.0)

org.apache.causeway.commons:causeway-commons MAVEN version =2.0.0-RC1, =3.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.causeway.commons:causeway-commons and may be impacted: - dev.savantly.nexus:agents-module =3.4.0 -...

dev.savantly.nexus:agents-module (=3.4.0), dev.savantly.nexus:common-types-module (=3.4.0) +152 more potentially affected by CVE-2025-64408 via org.apache.causeway.core:causeway-applib (>=2.0.0-RC1 <=3.4.0)

org.apache.causeway.core:causeway-applib MAVEN version =2.0.0-RC1, =3.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.causeway.core:causeway-applib and may be impacted: - dev.savantly.nexus:agents-module =3.4.0 -...

dev.savantly.nexus:agents-module (=3.4.0), dev.savantly.nexus:flow-module (=3.4.0) +43 more potentially affected by CVE-2025-64408 via org.apache.causeway.core:causeway-core-runtimeservices (>=2.0.0-RC1 <=3.4.0)

org.apache.causeway.core:causeway-core-runtimeservices MAVEN version =2.0.0-RC1, =3.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.causeway.core:causeway-core-runtimeservices and may be impacted: - dev.savantly.nexus:agents-module =3.4....

dev.savantly.nexus:agents-module (=3.4.0), dev.savantly.nexus:common-types-module (=3.4.0) +156 more potentially affected by CVE-2025-64408 via org.apache.causeway.commons:causeway-commons (>=2.0.0-RC1 <=3.4.0)

org.apache.causeway.commons:causeway-commons MAVEN version =2.0.0-RC1, =3.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.causeway.commons:causeway-commons and may be impacted: - dev.savantly.nexus:agents-module =3.4.0 -...

dev.savantly.nexus:agents-module (=3.4.0), dev.savantly.nexus:flow-module (=3.4.0) +129 more potentially affected by CVE-2025-64408 via org.apache.causeway.core:causeway-core-metamodel (>=2.0.0-RC1 <=3.4.0)

org.apache.causeway.core:causeway-core-metamodel MAVEN version =2.0.0-RC1, =3.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.causeway.core:causeway-core-metamodel and may be impacted: - dev.savantly.nexus:agents-module =3.4.0 -...

dev.savantly.nexus:agents-module (=3.4.0), dev.savantly.nexus:flow-module (=3.4.0) +135 more potentially affected by CVE-2025-64408 via org.apache.causeway.core:causeway-core-config (>=2.0.0-RC1 <=3.4.0)

org.apache.causeway.core:causeway-core-config MAVEN version =2.0.0-RC1, =3.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.causeway.core:causeway-core-config and may be impacted: - dev.savantly.nexus:agents-module =3.4.0 -...

OPENSUSE-SU-2025:20074-1 Security update for certbot

This update for certbot fixes the following issues: This update adds the certbot stack. python modules: ConfigArgParse, acme, certbot, certbot-nginx, josepy, pyRFC3339...

esm.sh 代码注入漏洞

esm.sh is a content delivery network of esm.sh open source. A code injection vulnerability exists in versions prior to esm.sh 136, which stems from a template literal injection vulnerability in the CSS to JavaScript module functionality that could lead to a cross-site scripting attack or remote...

CVE-2025-41737

Due to webserver misconfiguration an unauthenticated remote attacker is able to read the source of php modules...

CVE-2025-41737

CVE-2025-41737 involves METZ CONNECT devices (EWIO2 family and related controllers) where a webserver misconfiguration allows an unauthenticated remote attacker to read the source of PHP modules. The entry is corroborated by multiple sources (Red Hat, ENISA EUVD, CISA ICS advisory, CVE lists) des...

PT-2025-47294

Name of the Vulnerable Software and Affected Versions versions affected versions not specified Description A webserver misconfiguration allows an unauthenticated remote attacker to read the source code of PHP modules. Recommendations At the moment, there is no information about a newer version th...

GO-2025-4122 Mattermost Incorrect Authorization vulnerability in github.com/mattermost/mattermost

Mattermost Incorrect Authorization vulnerability in github.com/mattermost/mattermost...

GO-2025-4124 ZITADEL is vulnerable to Account Takeover with deactivated Instance IdP in github.com/zitadel/zitadel

ZITADEL is vulnerable to Account Takeover with deactivated Instance IdP in github.com/zitadel/zitadel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

org.keycloak.testframework:keycloak-test-framework-clustering (>=26.3.0 <=26.4.2), org.keycloak.testframework:keycloak-test-framework-core (>=26.1.0 <=26.4.2) +16 more potentially affected by CVE-2025-11538 via org.keycloak:keycloak-quarkus-dist (>=26.0.0 <=26.4.2)

org.keycloak:keycloak-quarkus-dist MAVEN version =26.0.0, =26.3.0, =26.1.0, =26.4.0, =26.1.0, =26.1.0, =26.1.0, =26.1.0, =26.1.0, =26.4.0, =26.1.0, =26.2.0, =26.2.0, =26.1.0, =26.1.0, =26.1.0, =26.4.2...