MAL-2025-26609 Malicious code in module-templates-shared-modules (npm)

The package module-templates-shared-modules was found to contain malicious code...

MAL-2025-7993 Malicious code in @help_center/modules (npm)

The package @helpcenter/modules was found to contain malicious code...

MAL-2025-9674 Malicious code in @womhla6s/ui-modules-menu (npm)

The package @womhla6s/ui-modules-menu was found to contain malicious code...

MAL-2025-17577 Malicious code in core-modules (npm)

The package core-modules was found to contain malicious code...

CVE-2025-7353

A security issue exists due to the web-based debugger agent enabled on Rockwell Automation ControlLogix® Ethernet Modules. If a specific IP address is used to connect to the WDB agent, it can allow remote attackers to perform memory dumps, modify memory, and control execution flow...

CVE-2025-7353

CVE-2025-7353 affects Rockwell Automation ControlLogix Ethernet Modules via the web-based debugger agent (WDB). The connected PT-2025-33275 entry specifies affected software versions pre-12.001 and explains that connecting to the WDB agent from a specific IP can enable remote attackers to perform...

CVE-2025-7353 Rockwell Automation ControlLogix® Ethernet Remote Code Execution Vulnerability

A security issue exists due to the web-based debugger agent enabled on Rockwell Automation ControlLogix® Ethernet Modules. If a specific IP address is used to connect to the WDB agent, it can allow remote attackers to perform memory dumps, modify memory, and control execution flow...

CVE-2025-7353 Rockwell Automation ControlLogix® Ethernet Remote Code Execution Vulnerability

A security issue exists due to the web-based debugger agent enabled on Rockwell Automation ControlLogix® Ethernet Modules. If a specific IP address is used to connect to the WDB agent, it can allow remote attackers to perform memory dumps, modify memory, and control execution flow...

CVE-2024-41982

A vulnerability has been identified in SmartClient modules Opcenter QL Home SC All versions = V13.2 = V13.2 = V13.2 V2506. The affected application does not have adequate encryption of sensitive information. This could allow an authenticated attacker to gain access of sensitive information...

CVE-2024-41985

A vulnerability has been identified in SmartClient modules Opcenter QL Home SC All versions = V13.2 = V13.2 = V13.2 V2506. The affected application does not expire the session without logout. This could allow an attacker to get unauthorized access if the session is left idle...

CVE-2024-41986

A vulnerability has been identified in SmartClient modules Opcenter QL Home SC All versions = V13.2 = V13.2 = V13.2 V2506. The affected application support insecure TLS 1.0 and 1.1 protocol. An attacker could achieve a man-in-the-middle attack and compromise confidentiality and integrity of data...

Rockwell Automation ArmorBlock Series 安全漏洞

Rockwell Automation ArmorBlock Series is a series of secure I/O modules designed for harsh industrial environments from Rockwell Automation, Inc. A security vulnerability exists in the Rockwell Automation ArmorBlock Series that stems from a predictable web server session number increment interval...

Fedora 42 : perl-Authen-SASL (2025-fddaaaf9f0)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-fddaaaf9f0 advisory. 2.1900 Fixed - CVE-2025-40918 Insecure source of randomness, required addition of dependency on Crypt::URandom Changed - Modules Authen::SASL::Perl::CRAMMD5,...

Fedora: Security Advisory (FEDORA-2025-fddaaaf9f0)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview checkov is an Infrastructure as code static analysis Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere when cloning external modules from private registries. An attacker can obtain sensitive access keys by...

CVE-2025-8941

A flaw was found in linux-pam. The pamnamespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020. Mitigation Disable the pamnamespace...

app.cash.trifle:common (>=0.2.9 <=0.2.10), app.cash.trifle:jvm (>=0.1.0 <=0.2.10) +893 more potentially affected by CVE-2025-8916 via org.bouncycastle:bcpkix-jdk15to18 (>=1.63 <=1.78.1)

org.bouncycastle:bcpkix-jdk15to18 MAVEN version =1.63, =0.2.9, =0.1.0, =0.2.1, =0.2.0, =1.0.0, =1.0.1, =0.2.0, =0.2.0, =3.5.0.0, =2.6.4, =2.6.4, =2.6.4, =2.6.4, =2.6.4, =0.1.1, =0.1.4.2 and more Source cves: CVE-2025-8916 Source advisory: OSV:GHSA-4CX2-FC23-5WG6...

CVE-2025-8916

Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. BC Java bcpkix on All API modules, Legion of the Bouncy Castle Inc. BC Java bcprov on All API modules, Legion of the Bouncy Castle Inc. BCPKIX FIPS bcpkix-fips on All API modules allows Excessiv...

CVE-2025-8916 Possible DOS in processing large name constraint structures in PKIXCertPathReveiwer

Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. BC Java bcpkix on All API modules, Legion of the Bouncy Castle Inc. BC Java bcprov on All API modules, Legion of the Bouncy Castle Inc. BCPKIX FIPS bcpkix-fips on All API modules allows Excessiv...

Keras vulnerable to CVE-2025-1550 bypass via reuse of internal functionality

Summary It is possible to bypass the mitigation introduced in response to CVE-2025-1550, when an untrusted Keras v3 model is loaded, even when “safemode” is enabled, by crafting malicious arguments to built-in Keras modules. The vulnerability is exploitable on the default configuration and does n...