EUVD-2025-37128

Malicious code in epic-native-client-utils npm...

MAL-2025-49165 Malicious code in epic-native-client-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 50379c5aba661d07876a66cc65e88471f28e19562f8de1e384cb65a77d3abd20 The package epic-native-client-utils was found to contain malicious code...

[SECURITY] Fedora 42 Update: qt6-qtwebview-6.9.3-1.fc42

Qt WebView provides a way to display web content in a QML application without necessarily including a full web browser stack by using native APIs where it makes sense...

AAGATE: A NIST AI RMF-Aligned Governance Platform for Agentic AI

This paper introduces the Agentic AI Governance Assurance & Trust Engine AAGATE, a Kubernetes-native control plane designed to address the unique security and governance challenges posed by autonomous, language-model-driven agents in production. Recognizing the limitations of traditional...

CVE-2025-61385

SQL injection vulnerability in tlocke pg8000 1.31.4 allows remote attackers to execute arbitrary SQL commands via a specially crafted Python list input to function pg8000.native.literal...

EUVD-2025-36226

pg8000 SQL injection vulnerability via a specially crafted Python list input...

pg8000 SQL injection vulnerability via a specially crafted Python list input

SQL injection vulnerability in tlocke pg8000 1.31.4 allows remote attackers to execute arbitrary SQL commands via a specially crafted Python list input to function pg8000.native.literal...

GHSA-WQ2G-R956-J8CC pg8000 SQL injection vulnerability via a specially crafted Python list input

SQL injection vulnerability in tlocke pg8000 1.31.4 allows remote attackers to execute arbitrary SQL commands via a specially crafted Python list input to function pg8000.native.literal...

CVE-2025-61385

SQL injection vulnerability in tlocke pg8000 1.31.4 allows remote attackers to execute arbitrary SQL commands via a specially crafted Python list input to function pg8000.native.literal...

CVE-2025-61385

CVE-2025-61385 affects pg8000 1.31.4. The SQL injection occurs via a specially crafted Python list input to pg8000.native.literal, enabling remote execution of arbitrary SQL. The CVSS 3.1 base score is 9.6 with Network attack vector, low complexity, no privileges, required user interaction, and i...

CVE-2025-61385

SQL injection vulnerability in tlocke pg8000 1.31.4 allows remote attackers to execute arbitrary SQL commands via a specially crafted Python list input to function pg8000.native.literal...

PT-2025-44000

Name of the Vulnerable Software and Affected Versions pg8000 version 1.31.4 Description A SQL injection flaw exists in pg8000. This issue allows remote attackers to execute arbitrary SQL commands by providing a specially crafted Python list as input to the pg8000.native.literal function. The...

CVE-2025-61385

SQL injection vulnerability in tlocke pg8000 1.31.4 allows remote attackers to execute arbitrary SQL commands via a specially crafted Python list input to function pg8000.native.literal...

Linux Distros Unpatched Vulnerability : CVE-2025-11719

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Starting in Thunderbird 143, the use of the native messaging API by web extensions on Windows could lead to crashes caused by use-after-free memory corruption...

Malicious code in native-integration (npm)

The package native-integration was found to contain malicious code...

MAL-2025-48743 Malicious code in native-integration (npm)

The package native-integration was found to contain malicious code...

Bouncy Castle Vulnerable to Uncontrolled Resource Consumption

Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java FIPS bc-fips on All API modules, Legion of the Bouncy Castle Inc. Bouncy Castle for Java LTS bcprov-lts8on on All API modules allows Excessive Allocation. This vulnerability is associated wi...

Vulnerabilities fixed in Oracle Communications products

Oracle has fixed several vulnerabilities in its Communications products, including Unified Assurance and Cloud Native Core. The vulnerabilities in Oracle Communications products allow malicious actors to gain unauthorized access, which can lead to partial or full Denial-of-Service DoS attacks...

Why Organizations Are Abandoning Static Secrets for Managed Identities

As machine identities explode across cloud environments, enterprises report dramatic productivity gains from eliminating static credentials. And only legacy systems remain the weak link. For decades, organizations have relied on static secrets, such as API keys, passwords, and tokens, as unique...

Red Hat OpenShift Virtualization 4 安全漏洞

Red Hat OpenShift Virtualization 4 is a virtual machine management component from Red Hat USA. A security vulnerability exists in Red Hat OpenShift Virtualization 4 that stems from the /etc/passwd file in the Container-native Virtualization component being set to group-writable permissions at bui...