Lucene search
K

1302 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/11 4:25 a.m.3 views

Malicious code in ogi-bubur96-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 21171646a3a4d2baa42adccb56b158f72ab4fcd366349cbf8396388520fdaa51 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/11 4:25 a.m.2 views

Malicious code in mahesa-botok66-miaww (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 15fc78c705548cc542f7713c0eceeedfd1a3a21af72dcdb74ae0a9b5c3746bbe This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSV
OSV
added 2025/11/11 4:25 a.m.1 views

MAL-2025-91642 Malicious code in utomo-serabi78-kyuki (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0061e5719c2cd563bf932fcca7b128784f8e1b660b290407c089a17d7867fed5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2025/11/11 3:48 a.m.2 views

MAL-2025-79090 Malicious code in iwan-mieayam79-sukiwir (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6a4dde431838509c96dc300d4bd47254f2d4b10ec7ac6b6e3c4b9001fb4c2684 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
CNNVD
CNNVD
added 2025/11/11 12:0 a.m.3 views

WordPress plugin Hydra Booking — Appointment Scheduling & Booking Calendar 安全特征问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin Hydra...

5.3CVSS6.7AI score0.0026EPSS
Exploits0References2
OSV
OSV
added 2025/11/10 5:21 p.m.2 views

MAL-2025-59464 Malicious code in wawan-soto84-sukiwir (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0771ad3d65c6ba6fc0caa2fd1700ce27ae0ecde1508bccf76911a3bba1ffc789 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/11/10 12:0 a.m.3 views

RHEL 9 : bind9.18 (RHSA-2025:19950)

"The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:19950 advisory. BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which...

8.6CVSS6.6AI score0.1096EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2025/11/10 12:0 a.m.5 views

RockyLinux 8 : bind9.16 (RLSA-2025:19793)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:19793 advisory. bind: Cache poisoning attacks with unsolicited RRs CVE-2025-40778 bind: Cache poisoning due to weak PRNG CVE-2025-40780 Tenable has extracted the...

8.6CVSS6.7AI score0.00509EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/11/09 12:0 a.m.6 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from not ensuring that setent is always present, which could lead to problems with cryptographic random number...

5AI score0.00186EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2025/11/06 3:50 p.m.7 views

Important: Red Hat Security Advisory: bind security update

An update for bind is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

8.6CVSS6.7AI score0.1096EPSS
Exploits1References4
OSV
OSV
added 2025/11/06 9:1 a.m.5 views

RLSA-2025:19793 Important: bind9.16 security update

The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server is operating correctly. Security Fixes:...

8.6CVSS6.8AI score0.00509EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/11/06 6:13 a.m.14 views

CVE-2025-21078

Use of insufficiently random value of secretKey in Smart Switch prior to version 3.7.68.6 allows adjacent attackers to access backup data from applications...

8.8CVSS6.8AI score0.00187EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/11/05 12:1 p.m.8 views

bind: Cache poisoning due to weak PRNG

A vulnerability was found in BIND resolvers caused by a weakness in the Pseudo Random Number Generator PRNG. This weakness allows an attacker to potentially predict the source port and query ID used by BIND, enabling cache poisoning attacks. If successful, the attacker can inject malicious DNS...

8.6CVSS6.1AI score0.00454EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/11/05 12:1 p.m.6 views

Important: Red Hat Security Advisory: bind9.16 security update

An update for bind9.16 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

8.6CVSS6.7AI score0.00509EPSS
Exploits1References3
CVE
CVE
added 2025/11/05 5:41 a.m.18 views

CVE-2025-21078

CVE-2025-21078 affects Samsung Smart Switch prior to version 3.7.68.6. The root cause is the use of an insufficiently random value for the secretKey, which could allow adjacent attackers to access application backups. Public sources in the connected documents consistently describe this impact and...

8.8CVSS6.4AI score0.00187EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/11/05 5:41 a.m.6 views

CVE-2025-21078

Use of insufficiently random value of secretKey in Smart Switch prior to version 3.7.68.6 allows adjacent attackers to access backup data from applications...

8.8CVSS0.00187EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/05 5:41 a.m.3 views

CVE-2025-21078

Use of insufficiently random value of secretKey in Smart Switch prior to version 3.7.68.6 allows adjacent attackers to access backup data from applications...

8.8CVSS6.4AI score0.00187EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2025/11/05 12:0 a.m.2 views

Certified Randomness Amplification by Dynamically Probing Remote Random Quantum States

Cryptography depends on truly unpredictable numbers, but physical sources emit biased or correlated bits. Quantum mechanics enables the amplification of imperfect randomness into nearly perfect randomness, but prior demonstrations have required physically co-located, loophole-free Bell tests,...

6.6AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/11/05 12:0 a.m.7 views

PT-2025-45078

Name of the Vulnerable Software and Affected Versions Smart Switch versions prior to 3.7.68.6 Description The use of an insufficiently random value for the secretKey in Smart Switch allows nearby attackers to gain access to backup data from applications. Recommendations Update to version 3.7.68.6...

8.8CVSS6.8AI score0.00187EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/11/05 12:0 a.m.2 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988777)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988777 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: use getrandomu32 instead of prandom bh might occur while updating per-cpu rndstate fro...

7.8CVSS5.4AI score0.00283EPSS
Exploits0References4
Rows per page
Query Builder