Malicious code in no-unsupported-browser-features (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e421e834a041473c40faa9f19e564697a54e65c126010d4916e2927c757c4e78 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

EUVD-2025-36551

Contrast has insecure LUKS2 persistent storage partitions may be opened and used...

Files or Directories Accessible to External Parties

Overview Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties via the secure persistent volume feature. An attacker can access confidential data stored in persistent volumes by providing a crafted LUKS2 volume with a null key-encryption algorithm...

GHSA-F5P4-P5Q5-JV3H Contrast has insecure LUKS2 persistent storage partitions may be opened and used

Summary A malicious host may provide a crafted LUKS2 volume to a Contrast pod VM that uses the secure persistent volume feature. The guest will open the volume and write secret data using a volume key known to the attacker. LUKS2 volume metadata is a not authenticated and b supports null...

Contrast has insecure LUKS2 persistent storage partitions may be opened and used

Summary A malicious host may provide a crafted LUKS2 volume to a Contrast pod VM that uses the secure persistent volume feature. The guest will open the volume and write secret data using a volume key known to the attacker. LUKS2 volume metadata is a not authenticated and b supports null...

CVE-2025-12103

A flaw was found in Red Hat Openshift AI Service. The TrustyAI component is granting all service accounts and users on a cluster permissions to get, list, watch any pod in any namespace on the cluster. TrustyAI is creating a role trustyai-service-operator-lmeval-user-role and a CRB...

CVE-2025-12103

A flaw was found in Red Hat Openshift AI Service. The TrustyAI component is granting all service accounts and users on a cluster permissions to get, list, watch any pod in any namespace on the cluster. TrustyAI is creating a role trustyai-service-operator-lmeval-user-role and a CRB...

Attention Augmented GNN RNN-Attention Models for Advanced Cybersecurity Intrusion Detection

In this paper, we propose a novel hybrid deep learning architecture that synergistically combines Graph Neural Networks GNNs, Recurrent Neural Networks RNNs, and multi-head attention mechanisms to significantly enhance cybersecurity intrusion detection capabilities. By leveraging the comprehensiv...

kernel: pstore/ram: Check start of empty przs during init

An out of bounds array vulnerability exists in the linux kernel, such that a missing check on the start field of a PRZ persistent ram zone during initialization leads to damage to the availability and integrity of the system...

CVE-2025-58356 Constellation allows insecure use of LUKS2 persistent storage partitions

Constellation is the first Confidential Kubernetes. The Constellation CVM image uses LUKS2-encrypted volumes for persistent storage. When opening an encrypted storage device, the CVM uses the libcryptsetup function cryptactivatebypasshrase. If the VM is successful in opening the partition with th...

CVE-2025-32785 Pi-hole Admin Interface vulnerable to persistent XSS on Subscribed lists group management (Adress Field)

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface versions prior to 6.3 are vulnerable to cross-site scripting XSS via the Address field in the Subscribed Lists group management section...

EUVD-2025-36204

Constellation has insecure LUKS2 persistent storage partitions which may be opened and used...

Constellation has insecure LUKS2 persistent storage partitions which may be opened and used

Summary A malicious host may provide a crafted LUKS2 volume to a confidential computing guest that is using the OpenCryptDevice feature. The guest will open the volume and write secret data using a volume key known to the attacker. The attacker can also pre-load data on the device, which could...

GHSA-HQ76-6GH2-5G4Q Constellation has insecure LUKS2 persistent storage partitions which may be opened and used

Summary A malicious host may provide a crafted LUKS2 volume to a confidential computing guest that is using the OpenCryptDevice feature. The guest will open the volume and write secret data using a volume key known to the attacker. The attacker can also pre-load data on the device, which could...

New ChatGPT Atlas Browser Exploit Lets Attackers Plant Persistent Hidden Commands

Cybersecurity researchers have discovered a new vulnerability in OpenAI's ChatGPT Atlas web browser that could allow malicious actors to inject nefarious instructions into the artificial intelligence AI-powered assistant's memory and run arbitrary code. "This exploit can allow attackers to infect...

CVE-2025-34502

Deck Mate 2 lacks a verified secure-boot chain and runtime integrity validation for its controller and display modules. Without cryptographic boot verification, an attacker with physical access can modify or replace the bootloader, kernel, or filesystem and gain persistent code execution on reboo...

CVE-2025-59459

An attacker that gains SSH access to an unprivileged account may be able to disrupt services including SSH, causing persistent loss of availability...

CVE-2025-59459 Denial-of-service (DoS) via resource consumption

An attacker that gains SSH access to an unprivileged account may be able to disrupt services including SSH, causing persistent loss of availability...

PT-2025-43923

Name of the Vulnerable Software and Affected Versions versions prior to 2025-10-27 Description An attacker obtaining SSH access to an unprivileged account may disrupt services, including SSH, leading to persistent unavailability. The issue involves a denial-of-service condition caused by resource...

CVE-2025-34503

Deck Mate 1 executes firmware directly from an external EEPROM without verifying authenticity or integrity. An attacker with physical access can replace or reflash the EEPROM to run arbitrary code that persists across reboots. Because this design predates modern secure-boot or signed-update...