MAL-2025-8439 Malicious code in @local-unit/ui-kit (npm)

The package @local-unit/ui-kit was found to contain malicious code...

MAL-2025-39386 Malicious code in wms-web-ui (npm)

The package wms-web-ui was found to contain malicious code...

MAL-2025-21903 Malicious code in graviton-semantic-ui-eigenstate-photon (npm)

The package graviton-semantic-ui-eigenstate-photon was found to contain malicious code...

MAL-2025-8435 Malicious code in @lineman/ui (npm)

The package @lineman/ui was found to contain malicious code...

MAL-2025-37358 Malicious code in twentyoverten-ui-library (npm)

The package twentyoverten-ui-library was found to contain malicious code...

CVE-2025-49755

User interface ui misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network...

CVE-2025-49736

The ui performs the wrong action in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network...

CVE-2025-20306

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an authenticated, remote attacker with Administrator-level privileges to execute arbitrary commands on the underlying operating system. This vulnerability is due to insufficie...

CVE-2025-20265 Cisco Secure Firewall Management Center Software Radius Remote Code Execution Vulnerability

A vulnerability in the RADIUS subsystem implementation of Cisco Secure Firewall Management Center FMC Software could allow an unauthenticated, remote attacker to inject arbitrary shell commands that are executed by the device. This vulnerability is due to a lack of proper handling of user input...

Malicious Package

Overview soonje22 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for socia...

Malicious Package

Overview njongtozon is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for...

Malicious Package

Overview nblogduo is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for socia...

Malicious Package

Overview deltago4 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for socia...

Malicious Package

Overview deltago is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for social...

Malicious Package

Overview duoboardcrawling is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools f...

Malicious Package

Overview backlinkzon is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for...

CVE-2025-27845

In ESPEC North America Web Controller 3 before 3.3.4, /api/v4/auth/ with any invalid authentication request results in exposing a JWT secret. This allows for elevated permissions to the UI...

Exploit for Path Traversal in Rarlab Winrar

CVE-2025-8088 WinRAR Exploit Advanced WinRAR Path Traver...

CVE-2025-27845

CVE-2025-27845 affects ESPEC North America Web Controller, versions prior to 3.3.4. An invalid authentication request to /api/v4/auth/ exposes the JWT secret, permitting elevated permissions to the UI. The CVSSv3.1 base score is 9.8 (CRITICAL). Remediation: upgrade to 3.3.4 or later (per PT-2025-...

CVE-2025-27845

In ESPEC North America Web Controller 3 before 3.3.4, /api/v4/auth/ with any invalid authentication request results in exposing a JWT secret. This allows for elevated permissions to the UI...