Malicious Package

Overview beep-types is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Malicious Package

Overview remark-mdx2.3 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Exploit for CVE-2025-55182

RSC Report Lab – CVE-2025-55182 React 19.2.0 Учебный стенд,...

OSV-2025-965 Stack-use-after-scope in Assimp::FBX::FBXExportProperty::FBXExportProperty

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=465494996 Crash type: Stack-use-after-scope READ 1 Crash state: Assimp::FBX::FBXExportProperty::FBXExportProperty Assimp::FBX::FBXExportProperty std::1::vectorAssimp::FBX::FBXExportProperty, Assimp::FBXExporter::WriteObjects...

Python DoS Vulnerability (Dec 2025) - Linux

Python is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python";...

Linux Distros Unpatched Vulnerability : CVE-2025-12744

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the ABRT daemon's handling of user-supplied mount information.ABRT copies up to 12 characters from an untrusted input and places them direct...

CVE-2025-66453 Rhino vulnerable high CPU usage and potential DoS when passing specific numbers to toFixed() function

Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1, when an application passed an attacker controlled float poing number into the toFixed function, it might lead to high CPU consumption and a potential Denial of Service. Small...

PSF-2025-16

When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorithm is quadratic. Availability can be impacted when building excessively nested documents...

Rhino has high CPU usage and potential DoS when passing specific numbers to `toFixed()` function

When an application passed an attacker controlled float poing number into the toFixed function, it might lead to high CPU consumption and a potential Denial of Service. Small numbers go through this call stack: NativeNumber.numTo DToA.JSdtostr DToA.JSdtoa DToA.pow5mult where pow5mult attempts to...

BIT-ACTIVEMQ-2021-21347 XStream is vulnerable to an Arbitrary Code Execution attack

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who follow...

Malicious Package

Overview buffer-envjs is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Fileless protection explained: Blocking the invisible threat others miss

Most antivirus software for personal users scans your computer for malware hiding in files. This is, after all, how most malware is traditionally spread. But what about attacks that never create files? Fileless malware is a fast-growing threat that evades traditional antivirus software, because...

CVE-2025-13837

A flaw was found in the plistlib module in the Python standard library. The amount of data to read from a Plist file is specified in the file itself. This issue allows a specially crafted Plist file to cause an application to allocate a large amount of memory, potentially resulting in allocations...

Malicious Package

Overview kwp-router is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Devolutions Server SQL Injection Vulnerability

Devolutions Server is a security solution for managing privileged accounts and sessions, designed to help organizations centrally store and manage sensitive information such as passwords and credentials. Devolutions Server suffers from an SQL injection vulnerability that stems from the...

ROS-20251203-05

A vulnerability in the Java library for handling Apache Commons Configuration files is related to the fact that, the application does not properly control internal resource consumption when loading a specially crafted configuration file. created configuration file. Exploitation of the vulnerabili...

Devolutions Server < 2025.2.21 / 2025.3.x < 2025.3.9 Multiple Vulnerabilities (DEVO-2025-0018)

The version of Devolutions Server installed on the remote host is prior to 2025.2.21, or 2025.3.x prior to 2025.3.8, and is, therefore, affected by multiple vulnerabilities: - SQL Injection vulnerability in last usage logs in Devolutions Server. This issue affects Devolutions Server: through...

FreeBSD : MongoDB Server -- Improper Certificate Validation (d2f2c691-cd42-11f0-85d4-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the d2f2c691-cd42-11f0-85d4-b42e991fc52e advisory. https://jira.mongodb.org/browse/SERVER-105783 reports: Clients may successfully perform a TLS handshake...

CVE-2025-66458 Lookyloo has multiple XSS due to unsafe use of f-strings in Markup

Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to 1.35.3, there are multiple XSS due to unsafe use of f-strings in Markup. The issue requires a malicious 3rd party server responding with a JSON document...

Malicious Package

Overview eslint-plugin-unicorn-ts-2 is a malicious package. This package uses typosquatting techniques, which are intended to trick users into downloading and installing the malicious package instead of the intended legitimate one. The malicious payload attempts to exfiltrate sensitive data from...