MAL-2025-148256 Malicious code in standard-markdown-pdf-lyra-exec (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9734af3a6b4cfc3fe7e3af82e68cffb82ac31f0c0474818b7ab95d397e331d8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148371 Malicious code in superagent-atlas-thuban-exec (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9e878b4e6fd11733f8146f15b3f2adb704edf92f18598b0e9acf12cafcb3a9c8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140809 Malicious code in cli-rimraf-callback-exec (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 507b5deb9e378a4729ae079af92904564d22a267bae8b21fe5e7db7342c1e2cf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143204 Malicious code in heka-exec-terser-webpack-plugin-start (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 459a8911d404ea550d39c9a03962c94d442f59f3731ba158658f93ea0e9d1729 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148161 Malicious code in spica-eris-spica-exec (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b8fc462d3d14f04b10e59cf89cab9fe1da14d121a76001f960b85f460b21562 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140990 Malicious code in commitlint-jovian-exec-figures (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b2a83712f940d043472046dfe7c051ea32c09b485d15a401d1e980e1167464e1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Linux Distros Unpatched Vulnerability : CVE-2025-40166

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/xe/guc: Check GuC running state before deregistering exec queue In normal operation, a registered exec queue is disabled and deregistered through the GuC, a...

PT-2025-46529

Name of the Vulnerable Software and Affected Versions Lite XL versions 2.1.8 and prior Description Lite XL is a lightweight, cross-platform text editor written in Lua and C, designed for extensibility via plugins and project-specific modules. The application executes project-level Lua modules and...

CVE-2025-12875

A weakness has been identified in mruby 3.4.0. This vulnerability affects the function aryfillexec of the file mrbgems/mruby-array-ext/src/array.c. Executing a manipulation of the argument start/length can lead to out-of-bounds write. The attack needs to be launched locally. The exploit has been...

UBUNTU-CVE-2025-12875

A weakness has been identified in mruby 3.4.0. This vulnerability affects the function aryfillexec of the file mrbgems/mruby-array-ext/src/array.c. Executing a manipulation of the argument start/length can lead to out-of-bounds write. The attack needs to be launched locally. The exploit has been...

CVE-2025-12875

A weakness has been identified in mruby 3.4.0. This vulnerability affects the function aryfillexec of the file mrbgems/mruby-array-ext/src/array.c. Executing a manipulation of the argument start/length can lead to out-of-bounds write. The attack needs to be launched locally. The exploit has been...

mruby 缓冲区错误漏洞

mruby is a lightweight implementation of the Ruby language open-sourced by makesoftwaresafe. A buffer error vulnerability exists in mruby version 3.4.0, which stems from incorrect manipulation of the start/length parameters of the function aryfillexec in the file...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990489)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990489 advisory. In the Linux kernel, the following vulnerability has been resolved: exec: Fix ToCToU between perm check and set-uid/gid usage When opening a file for exec via...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990553)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990553 advisory. In the Linux kernel, the following vulnerability has been resolved: exec: Force single empty string when argv is empty Quoting1 Ariadne Conill: In several other...

Malicious code in jito-prop-exec (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d2a17a99c383a4fa9a1c8e550e6f511297b7600b954644d178923e8073d3a9c5 The package jito-prop-exec was found to contain malicious code. Source: ghsa-malware 5a0c01062e391db56237859b73d9b8bbc69c940292f96aed7a72b1f2f7dd7d09...

EUVD-2025-37870

Malicious code in jito-prop-exec npm...

Malicious Package

Overview jito-prop-exec is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2025-49359 Malicious code in jito-prop-exec (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d2a17a99c383a4fa9a1c8e550e6f511297b7600b954644d178923e8073d3a9c5 The package jito-prop-exec was found to contain malicious code. Source: ghsa-malware 5a0c01062e391db56237859b73d9b8bbc69c940292f96aed7a72b1f2f7dd7d09...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990367)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990367 advisory. In the Linux kernel, the following vulnerability has been resolved: exec: Fix ToCToU between perm check and set-uid/gid usage When opening a file for exec via...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990131)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990131 advisory. In the Linux kernel, the following vulnerability has been resolved: exec: Fix ToCToU between perm check and set-uid/gid usage When opening a file for exec via...