Malicious code in optional-native-module-xyz (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 91d8c0e42c231414befecab31d6e25c851443c94c0f8eaf179aa62012264967e Any computer that has this package installed or running should be considered...

MAL-2025-48393 Malicious code in optional-native-module-xyz (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 91d8c0e42c231414befecab31d6e25c851443c94c0f8eaf179aa62012264967e Any computer that has this package installed or running should be considered...

EUVD-2022-55133

Malicious code in bioql PyPI...

EUVD-2022-0640

Malicious code in bioql PyPI...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : cairo (SUSE-SU-2025:03449-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:03449-1 advisory. - CVE-2025-50422: Fixed Poppler crash on malformed input bsc1247589 - Update to version 1.18.4: - The...

Security update for cairo

This update for cairo fixes the following issues: CVE-2025-50422: Fixed Poppler crash on malformed input bsc1247589 Update to version 1.18.4: The dependency on LZO has been made optional through a build time configuration toggle. You can build Cairo against a Freetype installation that does not...

SUSE-SU-2025:03449-1 Security update for cairo

This update for cairo fixes the following issues: - CVE-2025-50422: Fixed Poppler crash on malformed input bsc1247589 - Update to version 1.18.4: + The dependency on LZO has been made optional through a build time configuration toggle. + You can build Cairo against a Freetype installation that do...

Malicious Package

Overview optional-native-module is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

Linux Distros Unpatched Vulnerability : CVE-2021-20335

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - For MongoDB Ops Manager versions prior to and including 4.2.24 with multiple OM application servers, that have SSL turned on for their MongoDB processes, the...

CVE-2025-59042

CVE-2025-59042 is a PyInstaller-related issue. In PyInstaller builds older than 6.0.0, the bootstrap process appends a special entry to sys.path and may load an optional bytecode-decryption module, enabling an unprivileged attacker to execute arbitrary Python code if they can place a file/dir nex...

CVE-2025-54261

ColdFusion versions 2025.3, 2023.15, 2021.21 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to arbitrary code execution by an attacker. The victim must have optional configurations enabled. Scope is changed...

PT-2025-36997

Name of the Vulnerable Software and Affected Versions: PyInstaller versions prior to 6.0.0 Description: PyInstaller packages Python applications and their dependencies into a single package. A specially crafted entry appended to sys.path during the bootstrap process of a PyInstaller-frozen...

Access API Moves to Spring Security Access

Five years ago, Spring Security began the journey of modernizing its authorization API. This has paved the way for a number of exciting features like Authorized POJOs, value masking, and, planned for Spring Security 7, Multi-Factor Authentication. This also deprecated the majority of the Access...

Malicious code in optional-native-module (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cb3a52068ea70ee162c5956b77baeabb8d46582ae8c096ce97fc7ba4fb7ef37a Any computer that has this package installed or running should be considered...

MAL-2025-45475 Malicious code in optional-native-module (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cb3a52068ea70ee162c5956b77baeabb8d46582ae8c096ce97fc7ba4fb7ef37a Any computer that has this package installed or running should be considered...

Exploit for CVE-2024-28397

CVE-2024-28397 RCE Script Default reverse shell payload and o...

Linux Distros Unpatched Vulnerability : CVE-2024-45159

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Mbed TLS 3.x before 3.6.1. With TLS 1.3, when a server enables optional authentication of the client, if the client-provided...

Hotfix update for Exchange Server 2019 CU14: April 18, 2025 (KB5050673)

Hotfix update for Exchange Server 2019 CU14: April 18, 2025 KB5050673 Hotfix update for Microsoft Exchange Server 2019 CU14 was released on April 18, 2025. It includes fixes for non-security issues and introduces new features. These fixes and features will also be included in later cumulative...

Linux Distros Unpatched Vulnerability : CVE-2022-31608

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NVIDIA GPU Display Driver for Linux contains a vulnerability in an optional D-Bus configuration file, where a local user with basic capabilities can impact...

DEBIAN-CVE-2025-49812

In some modssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade. Only configurations using "SSLEngine optional" to enable TLS upgrades are affected. Users are recommend...