4323 matches found
Next.js - Critical - Access bypass - SA-CONTRIB-2025-122
This module enables integration between Next.js and Drupal for headless CMS functionality. When installed, the module automatically enables cross-origin resource sharing CORS with insecure default settings Access-Control-Allow-Origin: , overriding any services.yml CORS configuration. This allows...
Fedora 42 : drupal7 (2025-f8a08bb335)
The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-f8a08bb335 advisory. - https://www.drupal.org/project/drupal/releases/7.99 - https://www.drupal.org/project/drupal/releases/7.100 -...
Fedora 41 : drupal7 (2025-d645721ca4)
The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-d645721ca4 advisory. - https://www.drupal.org/project/drupal/releases/7.99 - https://www.drupal.org/project/drupal/releases/7.100 -...
Advisory ROSA-SA-2025-3106
Software: c-ares 1.13.0 OS: ROSA Virtualization 2.1 packageevrstring: c-ares-1.13.0-11.rv3 CVE-ID: CVE-2020-22217 BDU-ID: 2023-05898 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the aresparsesoareply function of the C-ares asynchronous DNS query library is related to an operation exceeding...
EUVD-2025-199035
Malicious code in sa-company-registration-number-regex npm...
Malicious code in sa-company-registration-number-regex (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f15485422c9807206afeb3c43ed1e03d2f2499b0c689d8bf253e663cf72d7fa7 The package sa-company-registration-number-regex was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-199034
Malicious code in sa-id-gen npm...
MAL-2025-191009 Malicious code in sa-id-gen (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector df00f4b56b9be72c09e3f99938b4c41900b44a98e65eb46896c30209f7f0810d The package sa-id-gen was found to contain malicious code. Source: ghsa-malware 3f0da651d111107f348b8807e1fabc4c0ad1125e1af1e268745224c9d81c77fc Any...
Malicious code in sa-id-gen (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector df00f4b56b9be72c09e3f99938b4c41900b44a98e65eb46896c30209f7f0810d The package sa-id-gen was found to contain malicious code. Source: ghsa-malware 3f0da651d111107f348b8807e1fabc4c0ad1125e1af1e268745224c9d81c77fc Any...
CVE-2025-36118
IBM Storage Virtualize versions 8.4, 8.5, 8.7, and 9.1 are affected by CVE-2025-36118 due to an information disclosure flaw in the IKEv1 Security Association negotiation, allowing remote attackers to read sensitive memory data. The root cause is an IKEv1 implementation issue (heap/memory handling...
Alibaba Cloud Linux 3 : 0175: java-17-openjdk (ALINUX3-SA-2025:0175)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2025:0175 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-53057: Vulnerability in the Oracl...
SUSE CVE-2025-40127
In the Linux kernel, the following vulnerability has been resolved: hwrng: ks-sa - fix division by zero in kssarnginit Fix division by zero in kssarnginit caused by missing clock pointer initialization. The clkgetrate call is performed on an uninitialized clk pointer, resulting in division by zer...
MAL-2025-178813 Malicious code in tanuri-sa-dafa (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 44e92f08eb288153cd4b9762677bf8fe5b57339a9749bcdd8376a107a49bef0a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in ter-sohyun-sa (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5b9ae942e6a6f95ec1cf9b575e06faf6f3ebba1c6674be25c8ffa41101d65d82 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-135688
Malicious code in ter-sohyun-sa npm...
EUVD-2025-135689
Malicious code in ter-sohyun-sa npm...
EUVD-2025-136240
Malicious code in tanabr-sa-dafa npm...
MAL-2025-178731 Malicious code in tanabufir-sa-dafa (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ee13844ea03d38cab5812a3b49d3d555de75701d352740a3e8a830e2f7fe81af This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-178733 Malicious code in tanabufir-sa-duagfa (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 005f223d0c855c7f7cbcfa6867b58f4db707289f06b9c7b1c41b4decd9b3e976 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-136076
Malicious code in tanuria-sa-dafa npm...