MAL-2025-190630 Malicious code in parse-session (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e6800038c1b56247a0767faecf501d0c74de134197bb0edbae2d27b8a958547 The package parse-session was found to contain malicious code. Source: ghsa-malware 5b04d6ff25ce91de5057fed89547b08687055f2ca7a217a2886eecb79c06f9e9...

TencentOS Server 2: unbound (TSSA-2023:0126)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0126 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

libsoup: Out of bounds reads in soup_headers_parse_request()

A flaw was found in libsoup, where the soupheadersparserequest function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted HTTP request to crash the HTTP server...

CVE-2025-9501

CVE-2025-9501 - W3 Total Cache (WordPress) : The vulnerability affects the WordPress W3 Total Cache plugin up to version 2.8.13. The root cause is a command injection in the _parse_dynamic_mfunc function that allows unauthenticated users to submit a malicious payload in a post comment to execute ...

CVE-2025-9501 W3 Total Cache < 2.8.13 - Unauthenticated Command Injection

The W3 Total Cache WordPress plugin before 2.8.13 is vulnerable to command injection via the parsedynamicmfunc function, allowing unauthenticated users to execute PHP commands by submitting a comment with a malicious payload to a post...

OESA-2025-2648 golang security update

. Security Fixes: tar.Reader in the Go archive/tar component did not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions could cause a Reader to read an unbounded amount of data fr...

Improper Input Validation

github.com/nyaruka/phonenumbers is vulnerable to Improper Input Validation. The vulnerability is due to insufficient validation of syntactic correctness in the phonenumbers.Parse function, which allows an attacker to provide crafted input and cause a panic resulting in a “runtime error: slice...

EUVD-2025-177646

Malicious code in neptunology-husky-dotenv-parse-variables-got npm...

EUVD-2025-175486

Malicious code in xi-abstract-user-alert-parse npm...

EUVD-2025-179708

Malicious code in cloud-star-parse-fork-sandbox npm...

EUVD-2025-179209

Malicious code in easy-parse-async-xi-analyze npm...

EUVD-2025-179007

Malicious code in event-bootes-dotenv-parse-variables-ursa npm...

EUVD-2025-179265

Malicious code in dotenv-parse-variables-heliophysics-wasat-metalsmith npm...

EUVD-2025-178493

Malicious code in hugo-wavefunction-dotenv-parse-variables-parallax npm...

EUVD-2025-177319

Malicious code in parse-array-slow-emulate-notify npm...

EUVD-2025-177960

Malicious code in markdown-cors-janus-dotenv-parse-variables npm...

EUVD-2025-179267

Malicious code in dotenv-parse-variables-astrobiology-readable-magellan npm...

EUVD-2025-176694

Malicious code in report-good-error-user-parse npm...

EUVD-2025-176212

Malicious code in static-transpile-sanitize-emulate-parse npm...

EUVD-2025-179115

Malicious code in enum-parse-protected-kernel-refactor npm...