Forge JavaScript library impacted by a vulnerability in signature verification.

Overview The Forge JavaScript library provides TLS-related cryptographic utilities. A vulnerability that allows signature verification to be bypassed through crafted manipulation of ASN.1 structures, particularly in fields such as Message Authentication Code MAC data, was identified. Users of the...

PT-2025-48075

Name of the Vulnerable Software and Affected Versions node-forge versions 1.3.1 and earlier Description An interpretation-conflict issue exists in node-forge. Unauthenticated attackers can create specific ASN.1 structures that disrupt schema validations. This can lead to a difference in how data ...

Revive Adserver Cross-Site Scripting Vulnerability

Revive Adserver is an open source ad serving system that allows advertisers, publishers, and networks to place ads on multiple platforms e.g., websites, apps, video players and supports ad effectiveness tracking, campaign management, and placement rule definition. Revive Adserver suffers from a...

haproxy: denial of service vulnerability in HAProxy mjson library

A flaw was found in haproxy. A stemming from an inefficient algorithmic complexity issue within its bundled mjson parsing library. This vulnerability is triggered when haproxy is configured to analyze JSON content, such as with the jsonquery or jwtpayloadquery function...

EUVD-2025-177079

Malicious code in prettier-json-publish-quito npm...

MAL-2025-178127 Malicious code in polymer-tresfd-teahdteh (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b135f395b30f6bcd280c538e7f92c8309e2c106a77283da31a32a9c4587dab2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in nokire-nanali26 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dd9af8aa8860239eea73f6e1e367dcd4739f5d81d25d70c37fdd41e7521ca87d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-112383

Malicious code in iota-json-release-it-chai npm...

EUVD-2025-124676

Malicious code in mysql-commitlint-json-standard npm...

Malicious code in equal_roadrunner_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ad9e43de418f9273f8be1908158ec4dcc1939e22569ebfbb682184828304fec6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in vida-ruwet21-breki (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 06c591f7dc40735d4bc0f6b4c2be536b82c24d5b446e123e4235557a5ad6525c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in riana-kupat67-ruro (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d7dc21121619bf1922ef22c34ddfaa459d33ae817ea142851c5d23f7599c1d1c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in dian-pecel83-tititugel (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cfa1523b7221ebb0f67275b1491ff64e358c2cf4d4cdaa418c770be98daee318 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

CVE-2025-42940

CVE-2025-42940 affects SAP CommonCryptoLib. The issue is boundary checks during pre-authentication parsing of manipulated ASN.1 data over the network, leading to memory corruption and an application crash. Impact is high on availability, with no confidentiality or integrity impact stated. Connect...

PT-2025-46240

Name of the Vulnerable Software and Affected Versions SAP CommonCryptoLib affected versions not specified Description SAP CommonCryptoLib does not perform necessary boundary checks during pre-authentication parsing of manipulated ASN.1 data over the network. This can lead to memory corruption and...

MAL-2025-57797 Malicious code in necessary_gull_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e2af84618efa5ccc22dad9037732e4b853516157ce2a1477e554e30acb5bc762 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-54870 Malicious code in sinta-lupis56-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9e56239a379c39078e5d3fb0de06f8cac95b2126e5434bf7f73fa75085eebc00 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in bambang-jus39-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2fae25e5a9258fd0c80bed5883f3bbba3f6747826bb7c46b3a85130827526458 The package bambang-jus39-riris was found to contain malicious code. This package appears to be part of the tea.xyz token reward campaign that floode...

[SECURITY] Fedora 43 Update: python-jiter-0.11.1-1.fc43

Fast iterable JSON parser...

GHSA-4766-X535-JW3R kgateway is missing xDS authorization

Summary The xDS interface in Kgateway versions 2.0.0 through 2.0.4 lacks authentication, allowing any client with unrestricted network access to the xDS port to retrieve potentially sensitive configuration data including certificate data, backend service information, routing rules, and cluster...