MAL-2025-1256 Malicious code in pnpm-sync-api-tests (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7ff8a3208b0a7303df5e44ee0ec9bcc028b58bffe1fdabfbea89ab56a78cf841 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2020-11079

node-dns-sync npm module dns-sync through 0.2.0 allows execution of arbitrary commands . This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This has been fixed in 0.2.1...

CVE-2024-12152

The MIPL WC Multisite Sync plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1.5 via the 'miplwcsyncdownloadlog' action. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain...

CVE-2024-32082

Cross-Site Request Forgery CSRF vulnerability in Kamlesh Parmar Sync Post With Other Site sync-post-with-other-site allows Cross Site Request Forgery.This issue affects Sync Post With Other Site: from n/a through = 1.9.1...

CVE-2024-54422

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tgw365 Evernote Sync evernote-sync allows Reflected XSS.This issue affects Evernote Sync: from n/a through = 3.0.0...

CVE-2024-31851

A path traversal vulnerability exists in the Java version of CData Sync 23.4.8843 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain access to sensitive information and perform limited actions...

Vulnerabilities fixed in Zimbra Collaboration

Zimbra has fixed several vulnerabilities in Zimbra Collaboration. The vulnerabilities included an SQL injection in the ZimbraSyncService SOAP endpoint and an SSRF vulnerability in the RSS feed parser that allowed unauthorized access and manipulation of the database, as well as unauthorized...

CVE-2025-24371

CVE-2025-24371 affects CometBFT’s blocksync protocol. If a peer first reports a non-existent latest height X and then a lower Y (X>Y), a node may continually try to catch up and become blocked, potentially impacting availability. This is a networked, low-complexity issue with high impact on av...

CVE-2025-24371 Malicious peer can make node stuck in blocksync in github.com/cometbft/cometbft

CometBFT is a distributed, Byzantine fault-tolerant, deterministic state machine replication engine. In the blocksync protocol peers send their base and latest heights when they connect to a new node A, which is syncing to the tip of a network. base acts as a lower ground and informs A that the...

CVE-2025-25064

SQL injection vulnerability in the ZimbraSync Service SOAP endpoint in Zimbra Collaboration 10.0.x before 10.0.12 and 10.1.x before 10.1.4 due to insufficient sanitization of a user-supplied parameter. Authenticated attackers can exploit this vulnerability by manipulating a specific parameter in...

Malicious code in apple-sync (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b0c8a2862682c8b22d925c82e7abc361ea6cb147190926513d7f7c09af233899 Any computer that has this package installed or running should be considered...

MAL-2025-1014 Malicious code in apple-sync (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b0c8a2862682c8b22d925c82e7abc361ea6cb147190926513d7f7c09af233899 Any computer that has this package installed or running should be considered...

CometBFT allows a malicious peer to make node stuck in blocksync

Name: ASA-2025-001: Malicious peer can disrupt node's ability to sync via blocksync Component: CometBFT OUTDATED Criticality: Medium Considerable Impact; Possible Likelihood per ACMv1.2 Update of Criticality on 2026-03-06: We've made a mistake and over-rated the criticality of this bug in our...

PT-2025-20511

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A issue in the Linux kernel has been identified where the task management thread accesses an invalid queue ID, set by the reset thread, which points to unallocated memory, causing a cras...

WordPress Woocommerce osCommerce Sync plugin <= 2.0.20 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Woocommerce osCommerce Sync versions = 2.0.20...

acedeploy (>=2.4.15 <=2.4.115), arreyy (=0.0.1) +87 more potentially affected by CVE-2025-24794 via snowflake-connector-python (>=2.7.12 <=3.13.0)

snowflake-connector-python PYPI version =2.7.12, =2.4.15, =0.4.0, =0.1.3, =0.1.0, =1.13.21, =20230717.1.0, =0.4.0, =1.0.8, =1.0.5, =0.3.1, =1.1.4 - datacontract-cli =0.10.4 - dataligo =0.7.3 and more Source cves: CVE-2025-24794 Source advisory: OSV:PYSEC-2025-27...

Bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync

...

Malicious code in meli-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 793bfcfb95a79b8cd268833db69c5dc0bc95766ce7acef8947614e19d8e27afc The OpenSSF Package Analysis project identified 'meli-sync' @ 999.9.9 npm as malicious. It is considered malicious because: - The package...

MAL-2025-564 Malicious code in meli-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 793bfcfb95a79b8cd268833db69c5dc0bc95766ce7acef8947614e19d8e27afc The OpenSSF Package Analysis project identified 'meli-sync' @ 999.9.9 npm as malicious. It is considered malicious because: - The package...

Malicious code in lyft-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis bad08278af65d859072402dbc935300d4c8d6036f2f214644533c0af1b8f7b8e The OpenSSF Package Analysis project identified 'lyft-sync' @ 999.9.9 npm as malicious. It is considered malicious because: - The package...