8 matches found
Malicious Visual Studio Code Extensions Hide Trojan in Fake PNG Files
VS Code developers beware: ReversingLabs found 19 malicious extensions hiding trojans inside a popular dependency, disguising the final malware payload as a standard PNG image file...
MAL-2025-5016 Malicious code in 0vulns-dependency-confusion-poc (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d282025fb2ec1b4012e3b979cec1f66520e643fcadfd2864e54989de50dd00d The package.json preinstall script runs wget against an attacker-controlle...
OPENSUSE-SU-2025:0103-1 Security update for cadvisor
This update for cadvisor fixes the following issues: - update to 0.52.1: Make resctrl optional/pluggable - update to 0.52.0: bump containerd related deps: api v1.8.0; errdefs v1.0.0; ttrpc v1.2.6 chore: Update Prometheus libraries bump runc to v1.2.4 Add Pressure Stall Information Metrics Switch ...
1game-texas-holdem (>=1.2.0 <=1.11.1), @1studio/ui (>=1.0.0-beta.1 <=3.9.0) +995 more potentially affected by CVE-2020-26308 via validate.js (>=0.10.0 <=0.13.1)
validate.js NPM version =0.10.0, =1.2.0, =1.0.0-beta.1, =5.0.1, =0.1.0, =1.0.6, =3.3.20, =2.0.0-alpha.1, =0.3.9, =1.3.0, =1.2.1, =0.3.12, =1.3.12, =0.1.1, =0.1.26 and more Source cves: CVE-2020-26308 Source advisory: OSV:GHSA-RV73-9C8W-JP4C...
OPENSUSE-SU-2021:0552-1 Security update for python-bleach
This update for python-bleach fixes the following issues: - CVE-2021-23980: Fixed mutation XSS on bleach.clean with specific combinations of allowed tags boo1184547 Update to 3.1.5: replace missing setuptools dependency with packaging. Thank you Benjamin Peterson. Update to 3.1.4 boo1168280,...
SUSE-SU-2020:2872-1 Security update for hexchat
This update for hexchat fixes the following issues: - CVE-2016-2087: A directory traversal was possible if a user could be convinced to connect to a server with a hostname with '..' in its name. bsc1020739. This non-security issue was fixed: - Add dependency on iso-codes and hwdata as hexchat tri...
GHSA-6354-6MHV-MVV5 Regular Expression Denial of Service in jadedown
The jadedown package is affected by a regular expression denial of service vulnerability when certain types of user input are passed in. Proof of concept js var jadedown = require'jadedown'; var genstr = function len, chr var result = ""; for i=0; i=len; i++ result = result + chr; return result;...
Java for Mac OS X 10.5 Update 7
The remote host is missing Java for Mac OS X 10.5 Update 7. SPDX-FileCopyrightText: 2010 LSS Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...