php: Fix of CVE-2026-6735

CVE-2026-6735: fix XSS within FPM status endpoint...

Fedora 42 : php (2026-3a58db70ca)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-3a58db70ca advisory. PHP version 8.4.21 07 May 2026 Core: Fixed bug GH-19983 GC assertion failure with fibers, generators and destructors. iliaal Fixed bug GH-21478...

PT-2026-40295

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, 8.5. before 8.5.6, due to improper sanitation of user data, it allows an attacker to compose an URL, which will cause the target to execute arbitrary JavaScript code XSS on the target's machine when the target is viewing...

ConcreteCMS is vulnerable to Denial of Service During Bulk Downloads

ConcreteCMS v9.4.7 contains a Denial of Service DoS vulnerability in the File Manager component. The 'download' method in 'concrete/controllers/backend/file.php' improperly manages memory when creating zip archives. It uses 'ZipArchive::addFromString' combined with 'filegetcontents', which loads...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NPM. They contain malicious code, and its content was NOT yet...

Embedded Malicious Code

Overview @emilgroup/process-manager-sdk is an A new version of the package Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released...

[SECURITY] Fedora 44 Update: systemd-259.5-1.fc44

systemd is a system and service manager that runs as PID 1 and starts the rest of the system. It provides aggressive parallelization capabilities, uses sock et and D-Bus activation for starting services, offers on-demand starting of daemons, keeps track of processes using Linux control groups,...

EUVD-2025-176284

Malicious code in solis-semantic-release-pm2-css-minimizer-webpack-plugin npm...

EUVD-2025-178522

Malicious code in higgs-ichnology-paleoceanography-pm2 npm...

EUVD-2025-175409

Malicious code in zephyr-mongodb-wavefunction-pm2 npm...

EUVD-2025-115232

Malicious code in comet-gacrux-pm2-middleware npm...

EUVD-2025-120875

Malicious code in ursa-dotenv-safe-nconf-pm2 npm...

EUVD-2025-123610

Malicious code in pm2-run-script-eslint-plugin-leda npm...

EUVD-2025-111478

Malicious code in magellan-got-pm2-jest npm...

EUVD-2025-115496

Malicious code in chakra-ui-cypress-juno-pm2 npm...

EUVD-2025-111804

Malicious code in less-cross-env-enif-pm2 npm...

MAL-2025-146311 Malicious code in pm2-run-script-eslint-plugin-leda (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a817f06ae0a4d8dc0d41ca305b9e56576f1bd8664d47548dc7532d0c54975083 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-114481

Malicious code in development-query-pm2-uglify-js npm...

EUVD-2008-3999

Malware in sbrugna...

EUVD-2020-25693

Malware in sbrugna...