Malicious code in vee-validate-latest (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 63ace977c863bcb637c683acad480db2f66f9fba7f0c318b7adaed074fbe08db Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-4033 Malicious code in vee-validate-latest (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 63ace977c863bcb637c683acad480db2f66f9fba7f0c318b7adaed074fbe08db Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2025-21246 · Oa System · Oa System

Name of the Vulnerable Software and Affected Versions: OA System versions prior to 2025.01.01 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter at the "/inform/InformManageController.java...

CVE-2025-40621

SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was found in each of the following parameters according to the vulnerability identifier ‘User’...

CVE-2025-40620

SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was found in each of the following parameters according to the vulnerability identifier ‘User’...

mrdoc 安全漏洞

mrdoc is a python based online documentation system by the individual developer of zmister2016. A security vulnerability exists in mrdoc 0.9.5 and earlier versions, which stems from the validateurl function leading to server-side request forgery...

Configuration Change Detected (Low)

The system detected a change in the controller code that was made via the network. An attacker may use code changes to disrupt normal operations, to cause production losses, or to create a security threat. This plugin only works with Tenable.ot. Please visit...

accel/qaic: Fix integer overflow in qaic_validate_req()

...

CLSA-2025-1745586793 cups-filters: Fix of CVE-2024-47076

CVE-2024-47076: cfGetPrinterAttributes5 Validate response attributes before return...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the validateUpdateTaskActions function used by the UpdateRunTaskActions GraphQL operation. Due to the lack of limitation on task action uniqueness and quantity, a user can cause an...

UBUNTU-CVE-2025-22114

In the Linux kernel, the following vulnerability has been resolved: btrfs: don't clobber ret in btrfsvalidatesuper Commit 2a9bb78cfd36 "btrfs: validate system chunk array at btrfsvalidatesuper" introduces a call to validatesyschunkarray in btrfsvalidatesuper, which clobbers the value of ret set...

CVE-2025-22118

In the Linux kernel, the following vulnerability has been resolved: ice: validate queue quanta parameters to prevent OOB access Add queue wraparound prevention in quanta configuration. Ensure endqid does not overflow by validating startqid and numqueues...

CVE-2025-22114 btrfs: don't clobber ret in btrfs_validate_super()

In the Linux kernel, the following vulnerability has been resolved: btrfs: don't clobber ret in btrfsvalidatesuper Commit 2a9bb78cfd36 "btrfs: validate system chunk array at btrfsvalidatesuper" introduces a call to validatesyschunkarray in btrfsvalidatesuper, which clobbers the value of ret set...

Langflow Code Injection

Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an incorrect overwrite of the ret value in the btrfsvalidatesuper function, which could result in an invalid...

VulnCheck KEV: CVE-2025-3248

Langflow contains a missing authentication vulnerability in the /api/v1/validate/code endpoint that allows a remote, unauthenticated attacker to execute arbitrary code via crafted HTTP requests...

CVE-2025-3248

Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code...

PYSEC-2025-36

Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrarycode...

Missing Authentication for Critical Function

Overview langflow is an A Python package with a built-in web application Affected versions of this package are vulnerable to Missing Authentication for Critical Function at the /api/v1/validate/code endpoint, which allows an attacker to execute arbitrary code by sending malicious HTTP requests...

CVE-2025-2075

The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.3.0.2. This is due to addrole and userrole functions missing proper capability checks performed through the...