CVE-2025-48628

In validateIconUserBoundary of PrintManagerService.java, there is a possible cross-user image leak due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-40334 drm/amdgpu: validate userq buffer virtual address and size

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate userq buffer virtual address and size It needs to validate the userq object virtual address to determine whether it is residented in a valid vm mapping...

CVE-2025-40335

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate userq input args This will help on validating the userq input args, and rejecting for the invalid userq request at the IOCTLs first place...

EUVD-2025-201741

In validateIconUserBoundary of PrintManagerService.java, there is a possible cross-user image leak due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

Inside Hive Pro: A Complete Platform Review

Knowing you have a vulnerability is one thing; knowing if you’re truly exposed is another. A critical vulnerability might exist on a server, but can an attacker actually reach it? Will your firewall block the attempt? Will your EDR detect the payload? Traditional vulnerability management can't...

Malicious code in session-validate (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 91001b31023cb6f1a30d084b1c484e703936c4378ac7b76fc85dd023771cd8d2 The package session-validate was found to contain malicious code...

MAL-2025-191586 Malicious code in session-validate (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 91001b31023cb6f1a30d084b1c484e703936c4378ac7b76fc85dd023771cd8d2 The package session-validate was found to contain malicious code...

Malicious code in cookie-validate (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 759ee3039b2e22e1b76401c70ec7d3a1954d903ec6aa70da0a3721d65c1d3937 The package cookie-validate was found to contain malicious code...

MAL-2025-191569 Malicious code in cookie-validate (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 759ee3039b2e22e1b76401c70ec7d3a1954d903ec6aa70da0a3721d65c1d3937 The package cookie-validate was found to contain malicious code...

ASB-A-376462130

In validateIconUserBoundary of PrintManagerService.java, there is a possible cross-user image leak due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

Malicious Package

Overview cookie-validate is a malicious package. This package contains malicious code associated with a social engineering campaign called "Contagious Interview." The attackers target developers through fake job interviews or coding test assignments that require the installation of this package...

kernel: ALSA: usb-audio: Validate UAC3 power domain descriptors, too

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 power domain descriptors, too UAC3 power domain descriptors need to be verified with its variable bLength for avoiding the unexpected OOB accesses by malicious firmware, too...

Malicious Package

Overview @validate-pubkey/hex is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in @validate-pubkey/hex (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 05db2afe6b0d7557f2c2153dd15df68ab69667e8402bf92f2b2e2d900eb5728f The package @validate-pubkey/hex was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-198623

Malicious code in @validate-pubkey/hex npm...

MAL-2025-190634 Malicious code in @validate-pubkey/hex (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 05db2afe6b0d7557f2c2153dd15df68ab69667e8402bf92f2b2e2d900eb5728f The package @validate-pubkey/hex was found to contain malicious code. Source: ghsa-malware...

Exploit for Missing Authentication for Critical Function in Langflow

CVE-2025-3248: Langflow Unauthenticated RCE Vulnerability Scan...

CVE-2025-12528

CVE-2025-12528 concerns the Pie Forms for WP WordPress plugin (versions <= 1.6). The issue is an Arbitrary File Upload due to insufficient file-type validation: validate_classic checks extensions but does not stop the upload, enabling unauthenticated attackers to upload dangerous extensions (e...

CVE-2025-60694

A stack-based buffer overflow exists in the validatestaticroute function of the httpd binary on Linksys E1200 v2 routers Firmware E1200v2.0.11.001us.tar.gz. The function improperly concatenates user-supplied CGI parameters routeipaddr03, routenetmask03, routegateway03 into fixed-size buffers v6,...

EUVD-2025-175327

A stack-based buffer overflow exists in the validatestaticroute function of the httpd binary on Linksys E1200 v2 routers Firmware E1200v2.0.11.001us.tar.gz. The function improperly concatenates user-supplied CGI parameters routeipaddr03, routenetmask03, routegateway03 into fixed-size buffers v6,...