236 matches found
EUVD-2023-1089
Malicious code in bioql PyPI...
EUVD-2023-43029
Malicious code in bioql PyPI...
EUVD-2023-29925
Malicious code in bioql PyPI...
EUVD-2024-17577
Malicious code in bioql PyPI...
EUVD-2024-21276
Malicious code in bioql PyPI...
EUVD-2025-0216
Malicious code in bioql PyPI...
EUVD-2023-0345
Malicious code in bioql PyPI...
EUVD-2023-1969
Malicious code in bioql PyPI...
EUVD-2023-46897
Malicious code in bioql PyPI...
EUVD-2022-41752
Malicious code in bioql PyPI...
[email protected] contains malware after npm account takeover
Impact On 8 September 2025, an npm publishing account for error-ex was taken over after a phishing attack. Version 1.3.3 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's own...
CVE-2025-6013
Vault and Vault Enterprise’s “Vault” ldap auth method may not have correctly enforced MFA if usernameasalias was set to true and a user had multiple CNs that are equal but with leading or trailing spaces. Fixed in Vault Community Edition 1.20.2 and Vault Enterprise 1.20.2, 1.19.8, 1.18.13, and...
Microsoft Releases Urgent Patch for SharePoint RCE Flaw Exploited in Ongoing Cyber Attacks
Microsoft on Sunday released security patches for an actively exploited security flaw in SharePoint and also disclosed details of another vulnerability that it said has been addressed with "more robust protections." The tech giant acknowledged it's "aware of active attacks targeting on-premises...
EulerOS 2.0 SP13 : vim (EulerOS-SA-2025-1711)
According to the versions of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Vim is a greatly improved version of the good old UNIX editor Vi. Vim allows to redirect screen messages using the :redir ex command to register,...
CVE-2025-52464
Meshtastic versions 2.5.0–2.6.10 expose a vulnerability where flashing procedures can duplicate public/private keys and the RNG may have low entropy, allowing an attacker to decrypt Direct Messages after collecting compromised keys. This is caused by key generation timing and insufficient randomn...
TencentOS Server 4: java-8-konajdk (TSSA-2024:0998)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0998 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
TencentOS Server 3: jbig2dec (TSSA-2022:0036)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2022:0036 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
TencentOS Server 4: jetty (TSSA-2025:0022)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0022 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
CVE-2025-49587 XWiki does not require right warnings for notification displayer objects
XWiki is an open-source wiki software platform. When a user without script right creates a document with an XWiki.Notifications.Code.NotificationDisplayerClass object, and later an admin edits and saves that document, the possibly malicious content of that object is output as raw HTML, allowing X...
CVE-2025-49131 FastGPT Sandbox Vulnerable to Sandbox Bypass
FastGPT is an open-source project that provides a platform for building, deploying, and operating AI-driven workflows and conversational agents. The Sandbox container fastgpt-sandbox is a specialized, isolated environment used by FastGPT to safely execute user-submitted or dynamically generated...