FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security Patches

The U.S. Cybersecurity and Infrastructure Security Agency CISA has revealed that an unnamed federal civilian agency's Cisco Firepower device running Adaptive Security Appliance ASA software was compromised in September 2025 with a new malware called FIRESTARTER. FIRESTARTER, per CISA and the U.K....

SUSE-SU-2026:20904-1 Security update for cosign

This update for cosign fixes the following issues: Update to version 3.0.5: - CVE-2026-24122: Fixed improper validation of certificates that outlive expired CA certificates bsc1258542 - CVE-2026-26958: Fixed filippo.io/edwards25519: failure to initialize receiver in MultiScalarMult can produce...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : cosign (SUSE-SU-2026:0777-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0777-1 advisory. Update to version 3.0.5 jscSLE-23879. Security issues fixed: - CVE-2025-11065:...

SUSE-SU-2026:0777-1 Security update for cosign

This update for cosign fixes the following issues: Update to version 3.0.5 jscSLE-23879. Security issues fixed: - CVE-2025-11065: github.com/go-viper/mapstructure/v2: sensitive Information leak in logs bsc1250620. - CVE-2025-58181: golang.org/x/crypto/ssh: invalidated number of mechanisms can cau...

GHSA-86RF-68F4-2CPH Duplicate Advisory: go-viper's mapstructure May Leak Sensitive Information in Logs When Processing Malformed Data

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2464-8j7c-4cjm. This link is maintained to preserve external references. Original Description A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using...

AZL-75389 CVE-2025-11065 affecting package cert-manager 1.12.15-4

A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...

AZL-75416 CVE-2025-11065 affecting package docker-compose 2.27.0-6

A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...

AZL-75458 CVE-2025-11065 affecting package cri-o for versions less than 1.22.3-20

A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...

AZL-75428 CVE-2025-11065 affecting package influxdb 2.7.5-10

A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...

AZL-75419 CVE-2025-11065 affecting package gh 2.62.0-10

A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...

AZL-75573 CVE-2025-11065 affecting package skopeo for versions less than 1.14.2-14

A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...

AZL-75402 CVE-2025-11065 affecting package podman 5.6.1-7

A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...

CVE-2025-11065 Github.com/go-viper/mapstructure/v2: go-viper's mapstructure may leak sensitive information in logs in github.com/go-viper/mapstructure

A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...

mapstructure security vulnerability

MapStructure is a Go language library developed by Viper. There is a security vulnerability in MapStructure. This vulnerability arises from the use of MapStructure.WeakDecode; errors during this process may lead to sensitive input values being leaked, potentially causing information leaks...

OPENSUSE-SU-2025:20143-1 Security update for git-bug

This update for git-bug fixes the following issues: Changes in git-bug: - Revendor to include fixed version of depending libraries: - GO-2025-4116 CVE-2025-47913, bsc1253506 upgrade golang.org/x/crypto to v0.43.0 - GO-2025-3900 GHSA-2464-8j7c-4cjm upgrade github.com/go-viper/mapstructure/v2 to...

EUVD-2025-117120

Malicious code in rich-ivory-viper npm...

EUVD-2025-100717

Malicious code in vividviperz3n npm...

EUVD-2025-100757

Malicious code in chillyviperz3n npm...

Malicious code in vivid_viper_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 63d40c5e52ebf06af24f18897761a7b616b6aac6a1c7e1a2daec8e9f0a8022bd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in shivering_viper_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d03e3ac6ee999d2a2f4d22a3a61838f8286e10deb70b85f22272d694dd1cf48 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...