EUVD-2025-12152

Malicious code in bioql PyPI...

EUVD-2025-12155

Malicious code in bioql PyPI...

CVE-2025-27581

NIH BRICS aka Biomedical Research Informatics Computing System through 14.0.0-67 allows users who lack the InET role to access the InET module via direct requests to known endpoints...

CVE-2025-27580

NIH BRICS aka Biomedical Research Informatics Computing System through 14.0.0-67 generates predictable tokens that depend on username, time, and the fixed 7Dl9dj- string and thus allows unauthenticated users with a Common Access Card CAC to escalate privileges and compromise any account, includin...

CVE-2025-27580

NIH BRICS aka Biomedical Research Informatics Computing System through 14.0.0-67 generates predictable tokens that depend on username, time, and the fixed 7Dl9dj- string and thus allows unauthenticated users with a Common Access Card CAC to escalate privileges and compromise any account, includin...

CVE-2025-27580

NIH BRICS aka Biomedical Research Informatics Computing System through 14.0.0-67 generates predictable tokens that depend on username, time, and the fixed 7Dl9dj- string and thus allows unauthenticated users with a Common Access Card CAC to escalate privileges and compromise any account, includin...

CVE-2025-27581

NIH BRICS aka Biomedical Research Informatics Computing System through 14.0.0-67 allows users who lack the InET role to access the InET module via direct requests to known endpoints...

CVE-2025-27580

NIH BRICS aka Biomedical Research Informatics Computing System through 14.0.0-67 generates predictable tokens that depend on username, time, and the fixed 7Dl9dj- string and thus allows unauthenticated users with a Common Access Card CAC to escalate privileges and compromise any account, includin...

CVE-2025-27580

CVE-2025-27580 affects NIH BRICS (Biomedical Research Informatics Computing System) up to version 14.0.0-67. The issue is that token generation is predictable, depending on the user’s username, time, and a fixed string (7Dl9#dj-), which enables unauthenticated users with a CAC to escalate privile...

CVE-2025-27581

CVE-2025-27581 affects NIH BRICS (Biomedical Research Informatics Computing System) up to version 14.0.0-67, where users lacking the InET role can access the InET module via direct requests to known endpoints. The issue originates from insufficient access controls on InET endpoints, enabling unau...

CVE-2025-27580

NIH BRICS aka Biomedical Research Informatics Computing System through 14.0.0-67 generates predictable tokens that depend on username, time, and the fixed 7Dl9dj- string and thus allows unauthenticated users with a Common Access Card CAC to escalate privileges and compromise any account, includin...

CVE-2025-27581

NIH BRICS aka Biomedical Research Informatics Computing System through 14.0.0-67 allows users who lack the InET role to access the InET module via direct requests to known endpoints...

PT-2025-17677 · Nih · Nih Brics

Name of the Vulnerable Software and Affected Versions: NIH BRICS aka Biomedical Research Informatics Computing System versions 14.0.0-67 and earlier Description: The issue allows users without the InET role to access the InET module by making direct requests to known endpoints. Recommendations: F...

PT-2025-17676 · Nih · Nih Brics

Name of the Vulnerable Software and Affected Versions: NIH BRICS aka Biomedical Research Informatics Computing System versions 14.0.0 through 14.0.0-67 Description: The issue allows unauthenticated users with a Common Access Card CAC to escalate privileges and compromise any account, including...

CVE-2025-27581

NIH BRICS aka Biomedical Research Informatics Computing System through 14.0.0-67 allows users who lack the InET role to access the InET module via direct requests to known endpoints...

Friday Squid Blogging: Protecting Cephalopods in Medical Research

From Nature: Cephalopods such as octopuses and squid could soon receive the same legal protection as mice and monkeys do when they are used in research. On 7 September, the US National Institutes of Health NIH asked for feedback on proposed guidelines that, for the first time in the United States...

Malicious code in nih-ncats-translator (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9e67f5740c5ce182405289e271e61d13cf17dfa6f71f6192824078c73035d5ac Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-4852 Malicious code in nih-ncats-translator (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9e67f5740c5ce182405289e271e61d13cf17dfa6f71f6192824078c73035d5ac Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

All Vulnerabilities for nih.moh.gov.my Patched via Open Bug Bounty

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| nih.moh.gov.my ---|--- Open Bug Bounty...

discover.nci.nih.gov Cross Site Scripting vulnerability OBB-2164620

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...