budibase (>=0.0.3 <=0.0.31) potentially affected by CVE-2026-45717 via @budibase/server (>=0.0.1 <=0.0.9)

@budibase/server NPM version =0.0.1, =0.0.3, =0.0.31 Source cves: CVE-2026-45717 Source advisory: OSV:GHSA-44M2-CRH7-F4Q2...

@paperclipai/server (>=2026.3.17-canary.2 <=2026.416.0-canary.1), companies.sh (>=2026.324.0-canary.0 <=2026.325.0-canary.3) +4 more potentially affected by unknown CVE via @paperclipai/db (>=2026.318.0-canary.0 <=2026.416.0-canary.1)

@paperclipai/db NPM version =2026.318.0-canary.0, =2026.3.17-canary.2, =2026.324.0-canary.0, =2026.3.17-canary.3, =0.6.5, =0.6.6 Source cves: unknown CVE Source advisory: SNYK:JS-PAPERCLIPAIDB-16421488...

GHSA-5RQ4-664W-9X2C vulnerabilities

Vulnerabilities for packages: opensearch-dashboards, code-server, langfuse...

CLEANSTART-2026-AU31441 excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate

Multiple security vulnerabilities affect the metrics-server-fips package. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. See references for individual vulnerability details...

GHSA-3F26-J6R7-9Q8V vulnerabilities

Vulnerabilities for packages: xorg-server...

GHSA-6RW7-VPXM-498P vulnerabilities

Vulnerabilities for packages: arangodb, kibana, opensearch-dashboards, json-server, tileserver-gl, librechat, saf, redisinsight, argo-workflows, opensearch-dashboards-fips, langfuse-fips, langfuse, thingsboard, code-server, renovate, kubeflow-centraldashboard, kubeflow-pipelines,...

@nocobase/devtools (>=2.0.0-alpha.2 <=2.0.0-alpha.51), @nocobase/server (>=2.0.0-alpha.2 <=2.0.0-alpha.51) +1 more potentially affected by CVE-2025-13877 via @nocobase/auth (>=2.0.0-alpha.2 <=2.0.0-alpha.51)

@nocobase/auth NPM version =2.0.0-alpha.2, =2.0.0-alpha.2, =2.0.0-alpha.2, =2.0.0-alpha.2, =2.0.0-alpha.51 Source cves: CVE-2025-13877 Source advisory: SNYK:JS-NOCOBASEAUTH-14287473...

EUVD-2025-124231

Malicious code in npm-server-mui-pm2 npm...

EUVD-2025-35680

Malicious code in demo-mercadopago-mcp-server npm...

EUVD-2020-0650

Malware in sbrugna...

MAL-2025-42116 Malicious code in wealthsimple-mcp-server (npm)

The package wealthsimple-mcp-server was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 7cd49239ea1d9566f39581393c8553ea1a1733f9ddb3a6dfc09ef5ad0c507122 This package installs a dependency hosted on a custom domain that...

MAL-2025-39296 Malicious code in win-server (npm)

The package win-server was found to contain malicious code...

openSUSE Security Advisory (SUSE-SU-2025:02564-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2025-774aa2765e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-4230-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-5947-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-7573-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[slackware-security] xorg-server

New xorg-server packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/xorg-server-1.20.14-i586-17slack15.0.txz: Rebuilt. Check for another possible integer overflow once we get a complete xReq with...

CVE-2025-49180

A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate...

CVE-2025-49175

A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and potential crash...