libsoup: Out of bounds reads in soup_headers_parse_request()

A flaw was found in libsoup, where the soupheadersparserequest function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted HTTP request to crash the HTTP server...

CVE-2025-9501 W3 Total Cache < 2.8.13 - Unauthenticated Command Injection

The W3 Total Cache WordPress plugin before 2.8.13 is vulnerable to command injection via the parsedynamicmfunc function, allowing unauthenticated users to execute PHP commands by submitting a comment with a malicious payload to a post...

CVE-2025-9501

CVE-2025-9501 - W3 Total Cache (WordPress) : The vulnerability affects the WordPress W3 Total Cache plugin up to version 2.8.13. The root cause is a command injection in the _parse_dynamic_mfunc function that allows unauthenticated users to submit a malicious payload in a post comment to execute ...

OESA-2025-2648 golang security update

. Security Fixes: tar.Reader in the Go archive/tar component did not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions could cause a Reader to read an unbounded amount of data fr...

Improper Input Validation

github.com/nyaruka/phonenumbers is vulnerable to Improper Input Validation. The vulnerability is due to insufficient validation of syntactic correctness in the phonenumbers.Parse function, which allows an attacker to provide crafted input and cause a panic resulting in a “runtime error: slice...

EUVD-2025-177317

Malicious code in parse-key-lambda-new-socket npm...

EUVD-2025-176346

Malicious code in slides-install-dynamo-dotenv-parse-variables npm...

EUVD-2025-177319

Malicious code in parse-array-slow-emulate-notify npm...

EUVD-2025-180388

Malicious code in apollo-dotenv-parse-variables-stratigraphy-private npm...

Malicious code in scale-parse-await-book-private (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector faf23bd6ac11aee950532e019d12d27aef2b746a2fcd39db0eafe766558432d0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-179634

Malicious code in commitlint-config-angular-forever-dotenv-parse-variables-google npm...

EUVD-2025-176140

Malicious code in sun-serialize-parse-validate-alert npm...

EUVD-2025-179007

Malicious code in event-bootes-dotenv-parse-variables-ursa npm...

EUVD-2025-175875

Malicious code in triton-proxima-impulse-dotenv-parse-variables npm...

EUVD-2025-177114

Malicious code in polaris-build-event-dotenv-parse-variables npm...

MAL-2025-186619 Malicious code in dotenv-parse-variables-public-cosmiconfig-zenobia (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9e2cf5e995e7be6217368c91ec8ecf853022838cc7a763cbcc73d49e0c23b00 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-179090

Malicious code in epsilon-protected-reject-parse-benchmark npm...

EUVD-2025-179264

Malicious code in dotenv-parse-variables-init-child-process-genomics npm...

EUVD-2025-177133

Malicious code in playwright-dotenv-parse-variables-parcel-less npm...

EUVD-2025-176212

Malicious code in static-transpile-sanitize-emulate-parse npm...