CVE-2025-34502

Deck Mate 2 lacks a verified secure-boot chain and runtime integrity validation for its controller and display modules. Without cryptographic boot verification, an attacker with physical access can modify or replace the bootloader, kernel, or filesystem and gain persistent code execution on reboo...

CVE-2025-34502 Shuffle Master Deck Mate 2 Missing Secure Boot

Deck Mate 2 lacks a verified secure-boot chain and runtime integrity validation for its controller and display modules. Without cryptographic boot verification, an attacker with physical access can modify or replace the bootloader, kernel, or filesystem and gain persistent code execution on reboo...

CVE-2025-34502 Shuffle Master Deck Mate 2 Missing Secure Boot

Deck Mate 2 lacks a verified secure-boot chain and runtime integrity validation for its controller and display modules. Without cryptographic boot verification, an attacker with physical access can modify or replace the bootloader, kernel, or filesystem and gain persistent code execution on reboo...

PT-2025-43689

Name of the Vulnerable Software and Affected Versions Deck Mate 1 affected versions not specified Description Deck Mate 1 executes firmware directly from an external EEPROM without verifying its authenticity or integrity. An attacker with physical access can replace or reflash the EEPROM to execu...

PT-2025-43688

Name of the Vulnerable Software and Affected Versions Deck Mate 2 affected versions not specified Description The Deck Mate 2 device does not have a verified secure-boot chain or runtime integrity validation for its controller and display modules. Without cryptographic boot verification, an...

Light & Wonder Deck Mate 安全漏洞

Light & Wonder Deck Mate is an automated licensing device from Light & Wonder, UK. A security vulnerability exists in Light & Wonder Deck Mate that stems from a lack of secure boot chain validation and runtime integrity validation, which could allow a physically accessible attacker to modify or...

CVE-2025-54808

Oxford Nanopore Technologies' MinKNOW software at or prior to version 24.11 stores authentication tokens in a file located in the system's temporary directory /tmp on the host machine. This directory is typically world-readable, allowing any local user or application to access the token. If the...

CVE-2025-1679

Cross-site Scripting has been identified in Moxa’s Ethernet switches, which allows an authenticated administrative attacker to inject malicious scripts to an affected device’s web service that could impact authenticated users interacting with the device’s web interface. This vulnerability is...

EUVD-2025-35687

Cross-site Scripting has been identified in Moxa’s Ethernet switches, which allows an authenticated administrative attacker to inject malicious scripts to an affected device’s web service that could impact authenticated users interacting with the device’s web interface. This vulnerability is...

CVE-2025-1679

CVE-2025-1679 and CVE-2025-1680 concern Moxa Ethernet switches. CVE-2025-1679 is a stored Cross-site Scripting (XSS) in the device web interface: an authenticated admin can inject scripts that affect authenticated users, with impact on the subsequent system’s confidentiality and integrity but not...

PT-2025-43452

Name of the Vulnerable Software and Affected Versions versions prior to 2025-22432 Description A persistent connection may occur due to improper input validation within the notifyTimeout function of the CallRedirectionProcessor.java component. This could potentially allow for local escalation of...

MAL-2025-48533 Malicious code in hash-script (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 797126e9eb0f67390ff12806c31b6cca28e65c31d1eb9b186dbb591b0db9c941 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-48518 Malicious code in dist-decoder (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9d6276f9115715018347a416b17686c81064ab130b386dacfdbe52f80bf1a2d4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Stored Cross-Site Scripting (XSS)

decap-cms is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to insufficient sanitization and escaping of user-controlled input fields such as title, description, tags, and body in the admin preview pane, which allows an attacker with low-privilege access to inject...

F5 Breach Exposes BIG-IP Source Code — Nation-State Hackers Behind Massive Intrusion

U.S. cybersecurity company F5 on Wednesday disclosed that unidentified threat actors broke into its systems and stole files containing some of BIG-IP's source code and information related to undisclosed vulnerabilities in the product. It attributed the activity to a "highly sophisticated...

Malicious code in scr-database (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3902b02c9664e32f82d280e45ac58ec3cd3bb57766bfbffdb7a11b845f20b9ab Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in andes-react-floater (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 63aced74061cbadf118f22491f4edb9450b8ab612b289b34f3b0acefd7860d61 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-60869

Publii CMS v0.46.5 (build 17089) is affected by a stored XSS in configuration fields (e.g., Site Description, Footer Follow Buttons). The issue arises from unsanitized input, allowing injected JavaScript to be stored in the project and executed in visitors’ browsers when viewing the generated sta...

MAL-2025-48269 Malicious code in vite-next-loggers (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 349c5908fb3c2430a77d9a6c96edebbbbda04c5d50a0826b4c0f7e8d002ba345 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in vite-configs-viewer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bb19ecaeacbca9e361ca15d50c99cbfa3ad023b63d06465ae2ad9d9988ab5a63 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...