MAL-2026-2663 Malicious code in tether-wrk-base (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e816f71a9a4581a5adacb19f57871ba8a9118bb980fbcb97c74d6b601a7e517f The package tether-wrk-base was found to contain malicious code. Source: ghsa-malware dd91537dad139a68aee6f4c63c4f9afb6bd315f2d76ee0e8e998dde7a421ef4...

Addressing the OWASP Top 10 Risks in Agentic AI with Microsoft Copilot Studio

Agentic AI is moving fast from pilots to production. That shift changes the security conversation. These systems do not just generate content. They can retrieve sensitive data, invoke tools, and take action using real identities and permissions. When something goes wrong, the failure is not limit...

MAL-2026-987 Malicious code in vl-ui-accessibility (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0a7e52c3145cd55d304bb64380b4ac900f8fcda605ef0d88ad4b445709c1fa6f The package vl-ui-accessibility was found to contain malicious code. Source: ossf-package-analysis...

EUVD-2026-4986

The $uri$args concatenation in nginx configuration file present in Open Security Issue Management OSIM prior v2025.9.0 allows path traversal attacks via query parameters...

CVE-2026-1616 osim: Path Traversal via query parameters in Nginx configuration

The $uri$args concatenation in nginx configuration file present in Open Security Issue Management OSIM prior v2025.9.0 allows path traversal attacks via query parameters...

PT-2026-5268

The $uri$args concatenation in nginx configuration file present in Open Security Issue Management OSIM prior v2025.9.0 allows path traversal attacks via query parameters...

[SECURITY] Fedora 43 Update: complyctl-0.1.2-1.fc43

complyctl leverages OSCAL to perform compliance assessment activities, using plugins for each stage of the life-cycle...

CVE-2022-37176

Tenda AC6AC1200 v5.0 Firmware v02.03.01.114 and below contains a vulnerability which allows attackers to remove the Wi-Fi password and force the device into open security mode via a crafted packet sent to goform/setWizard...

GHSA-9C48-W39G-HM26 rsa crate has potential panic on a prime being equal to 1

When creating a RSA private key from its components, the construction panics, instead of returning an error, when one of the primes is 1. Discovered by Christian Reitter from Radically Open Security during a security review for Proton AG...

[SECURITY] Fedora 43 Update: complyctl-0.1.0-1.fc43

complyctl leverages OSCAL to perform compliance assessment activities, using plugins for each stage of the life-cycle...

Fedora 43 : complyctl (2025-b527f8a1ee)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-b527f8a1ee advisory. First minor release of complyctl - a new command line Interface for Fedora compliance assessment. It features a decoupled plug-in architecture for flexibilit...

[SECURITY] Fedora 42 Update: complyctl-0.1.0-1.fc42

complyctl leverages OSCAL to perform compliance assessment activities, using plugins for each stage of the life-cycle...

Base Digitale Centrax Open PSIM 安全漏洞

Base Digitale Centrax Open PSIM is a platform for physical security management from Base Digitale, Italy. A security vulnerability exists in Base Digitale Centrax Open PSIM version 6.1 that stems from the cmd component not validating the sender parameter, which could lead to an SQL injection atta...

EUVD-2017-14088

Malware in sbrugna...

EUVD-2022-39829

Malicious code in bioql PyPI...

gulu-ui (>=0.0.6 <=0.0.7) potentially affected by unknown CVE via dev-test (=0.0.1-security)

dev-test NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on dev-test and may be impacted: - gulu-ui =0.0.6, =0.0.7 Source cves: unknown CVE Source advisory: OSV:MAL-2025-18345...

Malicious code in wallet-history-demo-backend (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 58e10d053f3cba02a172ebaf54943b9da709bd08e031437c58279fd60849064f The OpenSSF Package Analysis project identified 'wallet-history-demo-backend' @ 1.1.0 npm as malicious. It is considered malicious because: - Th...

CVE-2023-25067

Missing Authorization vulnerability in Noah Hearle, Design Extreme We’re Open! allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects We’re Open!: from n/a through 1.45...

UBUNTU-CVE-2024-45616

A vulnerability was found in OpenSC, OpenSC tools, PKCS11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. The following problems were caused by insufficient control of the response AP...

GHSA-CHCR-X7HC-8FP8 Devise-Two-Factor vulnerable to brute force attacks

Advisory withdrawn The backing CVE has been rejected Devise-Two-Factor does not throttle or otherwise restrict login attempts at the server by default. When combined with the Time-based One Time Password algorithm's TOTP inherent entropy limitations, it's possible for an attacker to bypass the 2F...