Astra Linux - уязвимость в open-vm-tools

open-vm-tools contains a file descriptor hijacking vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor, allowing them to simulate user inputs...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005506)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005506 advisory. In the Linux kernel, the following vulnerability has been resolved: arm64: probes: Remove broken LDR literal uprobe support The simulateldrliteral and...

CloudCharge 访问控制错误漏洞

CloudCharge is a website for electric vehicle charging management developed by the Swedish company CloudCharge. CloudCharge has a security vulnerability related to access control. This vulnerability stems from the lack of proper authentication mechanisms at WebSocket endpoints, which could allow...

A CISO’s Guide to Threat Management Platforms

Attackers don’t see your organization as a list of CVEs. They see a web of interconnected assets, looking for a single weak link that will give them a path to your most valuable data. A traditional vulnerability scanner might miss these dangerous connections, but a threat management platform is...

Exploit for Deserialization of Untrusted Data in Facebook React

$$\ $$\ $$$$$$$\ $$\ $$\ $$$$$$$$\ $$\ $...

EUVD-2025-178092

Malicious code in link-cron-simulate-assert-log npm...

EUVD-2025-177407

Malicious code in orchestrate-web-simulate-float-abstract npm...

EUVD-2025-178379

Malicious code in integer-pipe-beta-orchestrate-simulate npm...

EUVD-2025-179216

Malicious code in earth-small-scale-simulate-static npm...

MAL-2025-187468 Malicious code in info-byte-simulate-cat-sudo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0027d2338d6014bc490d64b292626df8d2de44402c81596a7920b4d4fc8d485b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-176944

Malicious code in psi-sudo-key-simulate-double npm...

EUVD-2025-175953

Malicious code in thread-simulate-meta-small-cat npm...

EUVD-2025-175847

Malicious code in uglify-view-stub-simulate-short npm...

EUVD-2025-179319

Malicious code in deserialize-double-simulate-interpret-tau npm...

EUVD-2025-176373

Malicious code in simulate-refactor-java-route-beta npm...

EUVD-2025-176798

Malicious code in rain-theta-thread-star-simulate npm...

EUVD-2025-176141

Malicious code in sun-kernel-nu-tree-simulate npm...

EUVD-2025-176388

Malicious code in sigma-compile-simulate-integer-bash npm...

EUVD-2025-177037

Malicious code in process-simulate-parse-integer-wind npm...

MAL-2025-189734 Malicious code in sun-kernel-nu-tree-simulate (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f141bd5fca02000c7a777fd6e35b11424efcb7585261ffaf7bc4962dacb06186 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...