EUVD-2025-7801

Malicious code in bioql PyPI...

EUVD-2023-32623

Malicious code in bioql PyPI...

EUVD-2024-39195

Malicious code in bioql PyPI...

EUVD-2025-21448

Malicious code in bioql PyPI...

CVE-2025-53622 DSpace has path traversal vulnerability in Simple Archive Format (SAF) package import via contents file

DSpace open source software is a repository application which provides durable access to digital resources. Prior to versions 7.6.4, 8.2, and 9.1, a path traversal vulnerability is possible during the import of an archive in Simple Archive Format, either from command-line ./dspace import command ...

Rockwell Automation FactoryTalk Historian ThingWorx

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to launch XXE-based attacks on applications that accept malicious log4net configuration files. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this...

MAL-2025-3050 Malicious code in @hongfangze/pack (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7e73a080830e05ba03056d448f8fc7711301bb1c7c5e13797c1f192b7373be10 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

BELL-CVE-2025-21823

Bulletin has no description...

CERTFR-2022-ALE-003

creationtimestamp| type| source ---|---|--- 2025-01-29 16:41:35+00:00| seen| https://bsky.app/profile/tuxpanik.bsky.social/post/3lgvfxrxuqp2t...

Ossur Mobile Logic Application

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker unauthorized access to sensitive information. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize network...

OpenRefine's SQLite integration allows filesystem access, remote code execution (RCE)

Summary In the database extension, the "enableloadextension" property can be set for the SQLite integration, enabling an attacker to load local or remote extension DLLs and so run arbitrary code on the server. The attacker needs to have network access to the OpenRefine instance. Details The...

@hoppscotch/cli affected by Sandbox Escape in @hoppscotch/js-sandbox leads to RCE

Observations The Hoppscotch desktop app takes multiple precautions to be secure against arbitrary JavaScript and system command execution. It does not render user-controlled HTML or Markdown, uses Tauri instead of Electron, and sandboxes pre-request scripts with a simple yet secure implementation...

GHSA-6CF6-8HVR-R68W dectalk-tts Uses Unencrypted HTTP Request

Impact In [email protected], network requests to the third-party API are sent over HTTP, which is unencrypted. Unencrypted traffic can be easily intercepted and modified by attackers. Anyone who uses the package could be the victim of a man-in-the-middle MITM attack. Theft Because dectalk-tts is ...

Plane sailing for ticket scammers: How to keep your flight plans safe

You may be getting ready to jump on a plane and head off for a few days or weeks of rest and relaxation. So the last thing you need before flying is a technology related horror show. Sadly, scammers are aware of families getting ready to hit the skies, and have tailored their threats accordingly...

Florida hospital takes entire IT systems offline after 'ransomware attack'

Tallahassee Memorial Healthcare TMH, a major hospital system in northern Florida, has reportedly been experiencing an "IT security issue" since Thursday evening, which impacted some of its IT systems. When TMH learned of the issue, it took its entire IT systems offline as a precaution and contact...

PT-2022-28023 · Tenda · Tenda Ac15

Name of the Vulnerable Software and Affected Versions: Tenda A15 version 15.13.07.13 Description: A stack overflow issue was discovered via the wepkey parameter at the "/goform/WifiBasicSet" API endpoint. Recommendations: For Tenda A15 version 15.13.07.13, avoid using the wepkey parameter in the...

Medtronic's MiniMed 600 series insulin pumps potentially at risk of compromise, says FDA

The US FDA Food and Drug Administration has warned users of Medtronic's MiniMed 600 Series Insulin Pump System--specifically, models for MiniMed 630G and MiniMed 670G--that their medical devices have a cybersecurity issue with its communication protocol. If compromised, attackers could gain...

Initial spam of proposals

Lines of code Vulnerability details Impact In the initial phase, when not many tokens are minted, a malicious actor can start submitting proposals and later execute them. E.g. when the first token is minted, this first owner can instantly submit proposals to retrieve all the eth back from the...

Fraudulent cryptocurrency investment apps are duping investors

Together with the Department of Homeland Security DHS and the Cybersecurity and Infrastructure Security Agency CISA, the FBI has released a warning about cybercriminals creating fraudulent cryptocurrency investment apps in order to defraud cryptocurrency investors. The threat actors convince...

MAL-2022-2545 Malicious code in dobbin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware deb1c9279adf748904986590c04fc1e3429fd8d5803d27b5b4d170e411422e2c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...