237 matches found
CVE-2025-62631
An insufficient session expiration vulnerability CWE-613 vulnerability in Fortinet FortiOS 7.4.0, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions allows attacker to maintain access to network resources via an active SSLVPN session not terminated after a user's passwor...
Fortinet FortiOS 代码问题漏洞
Fortinet FortiOS is a set of security operating systems dedicated to the FortiGate network security platform from the U.S. company Fiat Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. A code issue...
CVE-2025-66289 OrangeHRM is Vulnerable to Persistent Session Access Due to Missing Invalidation After User Disable and Password Change
OrangeHRM is a comprehensive human resource management HRM system. From version 5.0 to 5.7, the application does not invalidate existing sessions when a user is disabled or when a password change occurs, allowing active session cookies to remain valid indefinitely. As a result, a disabled user, o...
CVE-2025-40604
Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore access to modify system files and gain persistent arbitrary code execution...
aap-gateway: Improper Path Validation in Gateway Allows Credential Exfiltration
A flaw was found in the Red Hat Ansible Automation Platform Gateway route creation component. This vulnerability allows credential theft via the creation of misleading routes using a double-slash // prefix in the gatewaypath. A malicious or socially engineered administrator can configure a...
Flowise Fails to Invalidate Existing Sessions After Password Changes
Summary Failure to Invalidate Existing Sessions After Password Change Persistent Session / Session Invalidity Failure. Details After a user changes their password, the application does not invalidate other active sessions or session tokens that were established before the change. An attacker who...
MAL-2025-55022 Malicious code in chai-as-sorted (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b0a3502254657767ec819133929d33c2b84f1d9607acc89e9557de2b80e9bed The package chai-as-sorted was found to contain malicious code. Source: ghsa-malware 0a769064bb46785af26b5ee4af98633de26f88bcad7b199c113bdf52940e195a...
MAL-2025-49017 Malicious code in labelbox-custom-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 620f8e1935cc780dbeb838d123c1a770b38e6db7bca472c4afc955229d09fafe Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in ing-web-es (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a7cea7c30f8d070d425cd30f9b983aebec3169313c6ae647f53073d7dc60f2c5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2025-54808
Oxford Nanopore Technologies' MinKNOW software at or prior to version 24.11 stores authentication tokens in a file located in the system's temporary directory /tmp on the host machine. This directory is typically world-readable, allowing any local user or application to access the token. If the...
MAL-2025-48533 Malicious code in hash-script (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 797126e9eb0f67390ff12806c31b6cca28e65c31d1eb9b186dbb591b0db9c941 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
F5 Breach Exposes BIG-IP Source Code — Nation-State Hackers Behind Massive Intrusion
U.S. cybersecurity company F5 on Wednesday disclosed that unidentified threat actors broke into its systems and stole files containing some of BIG-IP's source code and information related to undisclosed vulnerabilities in the product. It attributed the activity to a "highly sophisticated...
Malicious code in andes-react-floater (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 63aced74061cbadf118f22491f4edb9450b8ab612b289b34f3b0acefd7860d61 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in redirect-5cxzgs (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 82c7824f510b00329610cd86418ba60edbb31cd9ee4fe7a69481bd817d5437e7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @testcarrot/supply6 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1879de03e36cf280adcff93d8fbfe8537bb68de7e372b70c0e6b80adbdfe21bd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
EUVD-2021-26223
Malware in sbrugna...
EUVD-2024-38706
Malicious code in bioql PyPI...
EUVD-2025-27775
Malicious code in bioql PyPI...
Malicious code in postman-converters (npm)
The package postman-converters was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f892ed43c85774f667cf9303e6d7ca7d30763a23dc3c6bb4e2261954dfee9070 Any computer that has this package installed or running should be considered fully...
UNC5221 Uses BRICKSTORM Backdoor to Infiltrate U.S. Legal and Technology Sectors
Companies in the legal services, software-as-a-service SaaS providers, Business Process Outsourcers BPOs, and technology sectors in the U.S. have been targeted by a suspected China-nexus cyber espionage group to deliver a known backdoor referred to as BRICKSTORM. The activity, attributed to UNC52...