Malicious code in index-ulid (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5acad250c58c9c27804a14b640d17438998fbaabd43b77c69008c7180014f361 index-ulid impersonates the legitimate ulid/ulidx ULID generator reuses ulid's description and links its homepage to github.com/ulid/javascript but i...

CVE-2025-7003 Avira antivirus engine heap buffer OOB read when scanning a malformed PDF file (variant 1)

Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.56...

PT-2026-49046

Name of the Vulnerable Software and Affected Versions Avira Antivirus versions prior to 8.3.70.104 Description A heap buffer out-of-bounds write occurs due to an integer overflow in the antivirus engine when scanning a malformed MS-DOS executable file. This can lead to local execution of code or ...

MAL-2026-4865 Malicious code in @car-loans/close-flow-module (npm)

Part of a dependency confusion attack campaign targeting the @car-loans, @fb-deposit, and @debit-ib npm scopes. The attacker npm user pik-libs published 25 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version resolution,...

Stable Channel Update for Desktop

The Stable channel has been updated to 148.0.7778.167/168 for Windows/Mac and 148.0.7778.167 for Linux, which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log Security Fixes and Rewards Note: Access to bug details and links may be kept...

Multi-OS Cyberattacks: How SOCs Close a Critical Risk in 3 Steps

Your attack surface no longer lives on one operating system, and neither do the campaigns targeting it. In enterprise environments, attackers move across Windows endpoints, executive MacBooks, Linux infrastructure, and mobile devices, taking advantage of the fact that many SOC workflows are still...

Stable Channel Update for Desktop

The Stable channel has been updated to 146.0.7680.164/165 for Windows/Mac and 146.0.7680.164 for Linux, which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log Security Fixes and Rewards Note: Access to bug details and links may be kept...

Stable Channel Update for Desktop

The Stable channel has been updated to 146.0.7680.80 for Windows/Mac and 146.0.7680.80 for Linux, which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log Security Fixes and Rewards Note: Access to bug details and links may be kept restricted...

Stable Channel Update for Desktop

The Stable channel has been updated to 146.0.7680.75/76 for Windows/Mac and 146.0.7680.75 for Linux, which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log Security Fixes and Rewards Updated 2026-03-13: The previous version of these notes...

CVE-2026-30796 RustDesk Client Transmits Preset Address Book Password Verbatim in Heartbeat Sync

Cleartext Transmission of Sensitive Information, Insufficiently Protected Credentials vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android Address book sync, Heartbeat sync loop modules allows Sniffing Attacks. The client places the preset...

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 145 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 145.0.7632.45 Linux 145.0.7632.45/46 Windows/Mac contains a number of fixes and improvements -- a list of changes is availab...

Stable Channel Update for Desktop

The Stable channel has been updated to 143.0.7499.146/.147 for Windows/Mac and 143.0.7499.146 for Linux, which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log. 2025-12-12: Updated to include more details for bug number 466192044 Security Fixe...

CVE-2025-12385 Improper validation of <img> tag size in Text component parser

Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows Excessive Allocation. This issue affects users of the Text component in Qt Quick...

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 141 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 141.0.7390.54 Linux 141.0.7390.54/55 Windows and Mac contains a number of fixes and improvements -- a list of changes is...

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 137 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 137.0.7151.55 Linux 137.0.7151.55/56 Windows and Mac contains a number of fixes and improvements -- a list of changes is...

Stable Channel Update for Desktop

The Stable channel has been updated to 133.0.6943.141/.142 for Windows, Mac and 133.0.6943.141 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log. 2025-11-20: Updated to correct the security bugs included in the release Security...

Stable Channel Update for Desktop

The Stable and extended stable channel has been updated to 112.0.5615.121 for Windows Mac and Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the log. M112 Stable Update for Desktop - v112.0.5615.121 Security Fixes and Rewards Note: Acces...

CVE-2023-1656

Cleartext Transmission of Sensitive Information vulnerability in ForgeRock Inc. OpenIDM and Java Remote Connector Server RCS LDAP Connector on Windows, MacOS, Linux allows Remote Services with Stolen Credentials.This issue affects OpenIDM and Java Remote Connector Server RCS: from 1.5.20.9 throug...

SUSE CVE-2012-0773

The NetStream class in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228 on Windows, Mac OS X, and Linux; Flash Player before 10.3.183.18 and 11.x before 11.2.202.223 on Solaris; Flash Player before 11.1.111.8 on Android 2.x and 3.x; and AIR before 3.2.0.2070 allows attackers to...

SUSE CVE-2013-0643

The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, does not properly restrict privileges, which makes it easier for remote attackers to execute arbitrary code via crafted...