Malicious code in 0x2ai-demo3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a36d5f023e4740169d1e1e7a56ebe32552cfdc4a05bf50ecc0b648ecea502c0d On npm install, scripts/postinstall.cjs copies the entire payload/ tree into process.env.INITCWD the directory the developer ran the install from usi...

GHSA-53P3-C7VP-4MCC Trix is vulnerable to XSS through JSON deserialization bypass in drag-and-drop (Level0InputController)

Impact The Trix editor, in versions prior to 2.1.18, is vulnerable to XSS when a crafted application/x-trix-document JSON payload is dropped into the editor in environments using the fallback Level0InputController e.g., embedded WebViews lacking Input Events Level 2 support. The...

Exploit for Path Traversal in Rarlab Winrar

CVE-2025-8088-WinRAR-builder A POC exploit for WinRAR vulnerab...

Exploit for Deserialization of Untrusted Data in Microsoft

ToolShell-CVE-2025-53770-SharePoint-Exploit-Lab-LetsDefend TL...

New Adobe Flash Zero-Day Exploit Found Hidden Inside MS Office Docs

Cybersecurity researchers have discovered a new zero-day vulnerability in Adobe Flash Player that hackers are actively exploiting in the wild as part of a targeted campaign appears to be attacking a Russian state health care institution. The vulnerability, tracked as CVE-2018-15982 , is a...