GHSA-7XVH-C266-CFR5 @dependencytrack/frontend vulnerable to Persistent Cross-Site-Scripting via welcome message

Description Since version 4.12.0, Dependency-Track users with the SYSTEMCONFIGURATION permission can configure a "welcome message", which is HTML that is to be rendered on the login page for branding purposes. When rendering the welcome message, Dependency-Track versions before 4.13.6 did not...

MAL-2025-190502 Malicious code in application-phskck (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6943455b71ad210483f41c6aad1617346d5cf05804711e7d3c08a94cd5d35084 The package application-phskck was found to contain malicious code. Source: ghsa-malware...

MAL-2025-190507 Malicious code in integrator-2830 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 115be0b5028ffab5a29306a2d2d83f0f5f3dc669567f3e0615c37a1d3ebb6181 The package integrator-2830 was found to contain malicious code. Source: ghsa-malware a63fa08d4b3a438ab307f36f34faddc4f6d7f1fa928c42c3ae3318e3384748b...

GHSA-X7RP-QJ2H-GHGW Flowise Fails to Invalidate Existing Sessions After Password Changes

Summary Failure to Invalidate Existing Sessions After Password Change Persistent Session / Session Invalidity Failure. Details After a user changes their password, the application does not invalidate other active sessions or session tokens that were established before the change. An attacker who...

Flowise Fails to Invalidate Existing Sessions After Password Changes

Summary Failure to Invalidate Existing Sessions After Password Change Persistent Session / Session Invalidity Failure. Details After a user changes their password, the application does not invalidate other active sessions or session tokens that were established before the change. An attacker who...

Directus 跨站脚本漏洞

Directus is a real-time Api and application dashboard from Directus Open Source. It is used to manage Sql database content. A cross-site scripting vulnerability exists in Directus versions prior to 11.13.0, which stems from a stored cross-site scripting vulnerability in the Block Editor interface...

kernel: pstore/ram: Check start of empty przs during init

An out of bounds array vulnerability exists in the linux kernel, such that a missing check on the start field of a PRZ persistent ram zone during initialization leads to damage to the availability and integrity of the system...

kernel: pstore/ram: Check start of empty przs during init

An out of bounds array vulnerability exists in the linux kernel, such that a missing check on the start field of a PRZ persistent ram zone during initialization leads to damage to the availability and integrity of the system...

kernel: pstore/ram: Check start of empty przs during init

An out of bounds array vulnerability exists in the linux kernel, such that a missing check on the start field of a PRZ persistent ram zone during initialization leads to damage to the availability and integrity of the system...

kernel: pstore/ram: Check start of empty przs during init

An out of bounds array vulnerability exists in the linux kernel, such that a missing check on the start field of a PRZ persistent ram zone during initialization leads to damage to the availability and integrity of the system...

CVE-2025-12869 aEnrich｜eHRD - Stored Cross-Site Scripting

The a+HRD developed by aEnrich has a Stored Cross-Site Scripting vulnerability, allowing remote attackers with administrator privileges to inject persistent JavaScript codes that are executed in users' browsers upon page load...

CVE-2025-12869

CVE-2025-12869 affects the a+HRD product by aEnrich. The issue is a Stored Cross-Site Scripting vulnerability that allows remote attackers with administrator privileges to inject persistent JavaScript executed in users’ browsers on page load. Documents consistently describe this as stored XSS in ...

Malicious code in persistent-green-tiger (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6344b006626a07523e1fd1ee1a20498631a2c9826f40bf950145bf5d7685e350 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-117170

Malicious code in persistent-green-tiger npm...

kernel: pstore/ram: Check start of empty przs during init

An out of bounds array vulnerability exists in the linux kernel, such that a missing check on the start field of a PRZ persistent ram zone during initialization leads to damage to the availability and integrity of the system...

PT-2025-46571

Name of the Vulnerable Software and Affected Versions a+HRD affected versions not specified Description The software contains a Stored Cross-Site Scripting issue. This allows remote attackers with administrator privileges to inject persistent JavaScript code. This code is executed in users'...

An Explainable Recursive Feature Elimination to Detect Advanced Persistent Threats Using Random Forest Classifier

Intrusion Detection Systems IDS play a vital role in modern cybersecurity frameworks by providing a primary defense mechanism against sophisticated threat actors. In this paper, we propose an explainable intrusion detection framework that integrates Recursive Feature Elimination RFE with Random...

EUVD-2025-103044

Malicious code in persistentmongoosez3n npm...

EUVD-2025-103045

Malicious code in persistentcardinalz3n npm...

MAL-2025-117973 Malicious code in wati-kupat33-miaww (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bf5eb946f2f453f3b83a1da4aae782d6d49e114d68cdcb8df2befa307e296bb0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...