MAL-2025-44738 Malicious code in izar-magellan-readable-nodejs (npm)

The package izar-magellan-readable-nodejs was found to contain malicious code...

Malicious code in quasarjet-stratigraphy-readable-parallax (npm)

The package quasarjet-stratigraphy-readable-parallax was found to contain malicious code...

Malicious code in mdx-readable-passport-betelgeuse (npm)

The package mdx-readable-passport-betelgeuse was found to contain malicious code...

Malicious code in callback-cybernetics-readable-eridanus (npm)

The package callback-cybernetics-readable-eridanus was found to contain malicious code...

MAL-2025-45151 Malicious code in mdx-readable-passport-betelgeuse (npm)

The package mdx-readable-passport-betelgeuse was found to contain malicious code...

CVE-2025-55748 XWiki Platform's configuration files can be accessed through jsx and sx endpoints

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 4.2-milestone-2 through 16.10.6, configuration files are accessible through jsx and sx endpoints. It's possible to access and read configuration files by using URLs such as...

Linux Distros Unpatched Vulnerability : CVE-2021-3917

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the coreos-installer, where it writes the Ignition config to the target system with world-readable access permissions. This flaw allows a...

Linux Distros Unpatched Vulnerability : CVE-2020-12458

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An information-disclosure flaw was found in Grafana through 6.7.3. The database directory /var/lib/grafana and database file /var/lib/grafana/grafana.db are wor...

CVE-2025-58061

OpenEBS Local PV RawFile allows dynamic deployment of Stateful Persistent Node-Local Volumes & Filesystems for Kubernetes. Prior to version 0.10.0, persistent volume data is world readable and that would allow non-privileged users to access sensitive data such as databases of k8s workload. The...

Linux Distros Unpatched Vulnerability : CVE-2024-46958

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files between the server and client may become world writable or world readable. This i...

Linux Distros Unpatched Vulnerability : CVE-2024-23301

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Relax-and-Recover aka ReaR through 2.7 creates a world-readable initrd when using GRUBRESCUE=y. This allows local attackers to gain access to system secrets...

CVE-2025-58061

OpenEBS Local PV RawFile allows dynamic deployment of Stateful Persistent Node-Local Volumes & Filesystems for Kubernetes. Prior to version 0.10.0, persistent volume data is world readable and that would allow non-privileged users to access sensitive data such as databases of k8s workload. The...

CVE-2025-58061 OpenEBS Local PV RawFile persistent volume data is world readable

OpenEBS Local PV RawFile allows dynamic deployment of Stateful Persistent Node-Local Volumes & Filesystems for Kubernetes. Prior to version 0.10.0, persistent volume data is world readable and that would allow non-privileged users to access sensitive data such as databases of k8s workload. The...

CVE-2025-58061 OpenEBS Local PV RawFile persistent volume data is world readable

OpenEBS Local PV RawFile allows dynamic deployment of Stateful Persistent Node-Local Volumes & Filesystems for Kubernetes. Prior to version 0.10.0, persistent volume data is world readable and that would allow non-privileged users to access sensitive data such as databases of k8s workload. The...

CVE-2025-58061 OpenEBS Local PV RawFile persistent volume data is world readable

OpenEBS Local PV RawFile allows dynamic deployment of Stateful Persistent Node-Local Volumes & Filesystems for Kubernetes. Prior to version 0.10.0, persistent volume data is world readable and that would allow non-privileged users to access sensitive data such as databases of k8s workload. The...

CVE-2025-58061

OpenEBS Local PV RawFile before v0.10.0 stores persistent volume data under /var/csi/rawfile/ with world-readable permissions, enabling non-privileged users to access potentially sensitive data such as databases in Kubernetes workloads. The issue is fixed in v0.10.0. Affected product: OpenEBS Loc...

PT-2025-35146

Name of the Vulnerable Software and Affected Versions: OpenEBS versions prior to 0.10.0 Description: OpenEBS Local PV RawFile allows dynamic deployment of Stateful Persistent Node-Local Volumes & Filesystems for Kubernetes. Prior to version 0.10.0, persistent volume data is world readable,...

CVE-2025-30063

The configuration file containing database logins and passwords is readable by any local user...

Linux Distros Unpatched Vulnerability : CVE-2020-12831

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in FRRouting FRR aka Free Range Routing through 7.3.1. When using the split- config feature, the init script creates an empty config fil...

Linux Distros Unpatched Vulnerability : CVE-2022-21704

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - log4js-node is a port of log4js to node.js. In affected versions default file permissions for log files created by the file, fileSync and dateFile appenders are...