CVE-2025-10702

CVE-2025-10702 is a code-injection vulnerability in Progress DataDirect JDBC family (DataDirect Connect for JDBC, OpenAccess JDBC, and Hybrid Data Pipeline). The issue centers on the SpyAttribute connection option, which can be used with an undocumented syntax to load an arbitrary class on the cl...

CVE-2025-10702

Improper Control of Generation of Code 'Code Injection' vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion. The SpyAttribute connection option implemented by the DataDirect Connect for JD...

CVE-2025-42940

CVE-2025-42940 affects SAP CommonCryptoLib. The issue is boundary checks during pre-authentication parsing of manipulated ASN.1 data over the network, leading to memory corruption and an application crash. Impact is high on availability, with no confidentiality or integrity impact stated. Connect...

PT-2025-46240

Name of the Vulnerable Software and Affected Versions SAP CommonCryptoLib affected versions not specified Description SAP CommonCryptoLib does not perform necessary boundary checks during pre-authentication parsing of manipulated ASN.1 data over the network. This can lead to memory corruption and...

GO-2025-3987 Vulnerable to Improper Validation of Syntactic Correctness of Input in github.com/nyaruka/phonenumbers

Vulnerable to Improper Validation of Syntactic Correctness of Input in github.com/nyaruka/phonenumbers...

OESA-2025-2612 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write.Impact summary:...

Malicious code in syntax-dynamic-import (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1fec79d7a70cef5393761c1bf6598e27804e363c0873d62590fe06b49d3bfc4d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

EUVD-2025-36765

Malicious code in syntax-dynamic-import npm...

MAL-2025-49046 Malicious code in syntax-dynamic-import (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1fec79d7a70cef5393761c1bf6598e27804e363c0873d62590fe06b49d3bfc4d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview syntax-dynamic-import is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

CVE-2025-58185 Parsing DER payload can cause memory exhaustion in encoding/asn1

Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion...

GO-2025-4011 Parsing DER payload can cause memory exhaustion in encoding/asn1

Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the SharpShowTextField component when rendering user-supplied input containing Vue template syntax. An attacker can execute arbitrary JavaScript or inject malicious HTML by submitting specially crafted...

CVE-2025-62798 Sharp user-provided input can be evaluated in a SharpShowTextField with Vue template syntax

Sharp is a content management framework built for Laravel as a package. Prior to 9.11.1, a Cross-Site Scripting XSS vulnerability was discovered in code16/sharp when rendering content using the SharpShowTextField component. In affected versions, expressions wrapped in & were evaluated by Vue. Thi...

CVE-2025-62798 Sharp user-provided input can be evaluated in a SharpShowTextField with Vue template syntax

Sharp is a content management framework built for Laravel as a package. Prior to 9.11.1, a Cross-Site Scripting XSS vulnerability was discovered in code16/sharp when rendering content using the SharpShowTextField component. In affected versions, expressions wrapped in & were evaluated by Vue. Thi...

CVE-2025-62798

The CVE-2025-62798 issue affects the code16/sharp package (Sharp) used with Laravel, specifically the SharpShowTextField component. In vulnerable versions prior to 9.11.1, Vue evaluated expressions wrapped in {{ ... }} when rendering content, allowing attacker-controlled input to execute arbitrar...

SUSE-SU-2025:3826-1 Security update 4.3.16.1 for SUSE Manager Server 4.3 LTS

This update fixes the following issues: susemanager-build-keys: - Update SUSE GPG key and make it available for Salt bsc1250911 susemanager-sls: - Version 4.3.50-0 Fix OS Family grain name bsc1250911 - Version 4.3.49-0 Fixed syntax error in Salt state - Version 4.3.48-0 Automatically deploy the...

Advisory ROSA-SA-2025-3042

Software: gnutls 3.6.16 OS: ROSA Virtualization 3.0 unaffected versions = gnutls-3.6.16-8.0.0.1.rv30.4 affected versions gnutls-3.6.16-8.0.1.1.rv30.4 CVE-ID: CVE-2024-12243 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in GnuTLS when processing ASN.1 data via libtasn1 could result in...

OESA-2025-2505 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary:...

OESA-2025-2503 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary:...