USN-7893-1 valkey vulnerabilities

Benny Isaacs, Nir Brakha, and Sagi Tzadik discovered that Valkey incorrectly handled memory when running Lua scripts. An authenticated attacker could use this vulnerability to trigger a use-after-free condition, and potentially achieve remote code execution on the Valkey server. CVE-2025-49844 It...

Cross-site Scripting (XSS)

Overview getformwork/formwork is an a file-based Content Management System CMS to make and manage simple sites. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the blog tag field. An attacker can execute arbitrary scripts in the context of another user's browser...

Hackers Hijack Blender 3D Assets to Deploy StealC V2 Data-Stealing Malware

Cybersecurity researchers have disclosed details of a new campaign that has leveraged Blender Foundation files to deliver an information stealer known as StealC V2. "This ongoing operation, active for at least six months, involves implanting malicious .blend files on platforms like CGTrader,"...

kinvey-flex-scripts (>=0.1.4 <=0.5.0) potentially affected by unknown CVE via eslint-config-kinvey-flex-service (>=0.0.2-alpha.0 <=0.1.0)

eslint-config-kinvey-flex-service NPM version =0.0.2-alpha.0, =0.1.4, =0.5.0 Source cves: unknown CVE Source advisory: OSV:MAL-2025-191395...

WordPress AuthorSure plugin cross-site request forgery vulnerability

WordPress AuthorSure plugin is an open source plugin designed for the WordPress platform, mainly used to manage the submission process of multi-author sites. WordPress AuthorSure plugin has a cross-site request forgery vulnerability, the vulnerability stems from the lack of random number validati...

RockyLinux 10 : valkey (RLSA-2025:21936)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:21936 advisory. redis: Lua library commands may lead to integer overflow and potential RCE CVE-2025-46817 Redis: Redis: Authenticated users can execute LUA scripts as ...

Malicious code in kinvey-flex-scripts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2db8900040473f66489c468a226e662892ffd1324837d5096c33e16fc43bdd7a The package kinvey-flex-scripts was found to contain malicious code. Source: ghsa-malware...

MAL-2025-191119 Malicious code in kinvey-flex-scripts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2db8900040473f66489c468a226e662892ffd1324837d5096c33e16fc43bdd7a The package kinvey-flex-scripts was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-199128

Malicious code in kinvey-flex-scripts npm...

kinvey-flex-scripts (>=0.1.8 <=0.5.0) potentially affected by unknown CVE via kinvey-cli-wrapper (>=0.0.2 <=0.3.0)

kinvey-cli-wrapper NPM version =0.0.2, =0.1.8, =0.5.0 Source cves: unknown CVE Source advisory: OSV:MAL-2025-191118...

Malicious code in jsonschemex (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 21f678f82847db32c68ab5a95a827f755d13b5d4cd371667eb584f25ed28ed01 Malicious clone of a legitimate package with hidden code that downloads the next stage scripts. Analysed payloads had just exfiltrated basic infos --- Category...

MAL-2025-191769 Malicious code in jsonschemex (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 21f678f82847db32c68ab5a95a827f755d13b5d4cd371667eb584f25ed28ed01 Malicious clone of a legitimate package with hidden code that downloads the next stage scripts. Analysed payloads had just exfiltrated basic infos --- Category...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

EUVD-2025-198815

Malicious code in zapier-scripts npm...

Malicious code in zapier-scripts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3ba8a867b632a8d6da937fdbfc075adef06017c7ab8a6b17924da7ac6d13470 The package zapier-scripts was found to contain malicious code. Source: ghsa-malware a7ff5378c64d4e7f1b2a7f36f2ed69279219f697dd2cff8098a4de7e70f34ff0...

MAL-2025-190861 Malicious code in zapier-scripts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3ba8a867b632a8d6da937fdbfc075adef06017c7ab8a6b17924da7ac6d13470 The package zapier-scripts was found to contain malicious code. Source: ghsa-malware a7ff5378c64d4e7f1b2a7f36f2ed69279219f697dd2cff8098a4de7e70f34ff0...

CVE-2025-41087

Cross-Site Scripting XSS vulnerability stored in tha Taclia web application, where the uploaded SVG images are not properly sanitized. This allows to the attackers to embed malicious scripts in SVG files such as image profiles, which are then stored on the server and executed in the context of an...

EUVD-2025-198629

Cross-Site Scripting XSS vulnerability stored in tha Taclia web application, where the uploaded SVG images are not properly sanitized. This allows to the attackers to embed malicious scripts in SVG files such as image profiles, which are then stored on the server and executed in the context of an...

Redis: Redis is vulnerable to DoS via specially crafted LUA scripts

A vulnerability was found in Redis where an authenticated user to run a crafted Lua script that can read out‑of‑bounds memory or crash the server, leading to information disclosure and denial of service...

redis: Lua library commands may lead to integer overflow and potential RCE

An integer overflow present in the Redis Lua scripting engine that allows an authenticated client to submit a specially crafted Lua script for example via EVAL/EVALSHA that can trigger memory corruption and potentially lead to remote code execution within the Redis server process...