Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990769)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990769 advisory. In the Linux kernel, the following vulnerability has been resolved: sctp: clear outcurr if all frag chunks of current msg are pruned A crash was reported by Zhen Che...

Slackware Linux 15.0 / current mozilla-thunderbird Vulnerability (SSA:2025-316-01)

The version of mozilla-thunderbird installed on the remote host is prior to 140.5.0esr. It is, therefore, affected by a vulnerability as referenced in the SSA:2025-316-01 advisory. New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix security issues. Tenable has...

[slackware-security] mozilla-firefox

New mozilla-firefox packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/mozilla-firefox-140.5.0esr-i686-1slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more...

MAL-2025-132656 Malicious code in current_toad_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d54b5b2c772e76f6f43277f88ed5d636ccc212b46187e249b2ed7c6830d3e568 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

CVE-2025-61838

Format Plugins versions 1.1.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2025-61819

Photoshop Desktop versions 26.8.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2025-61832 InDesign Desktop | Heap-based Buffer Overflow (CWE-122)

InDesign Desktop versions 20.5, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

Malicious code in current_felidae_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf6a07061d46208851fa5084da3f780d8578a7b0a97f7df7d5b0ca5591eacbdf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-92630

Malicious code in currentfelidaez3n npm...

EUVD-2025-92628

Malicious code in currentherringz3n npm...

Malicious code in current_crow_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3932af8b701605c0ad8f077d14427d801e82189da7f5f96f1db3311d89500362 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-79481

Malicious code in currentcrowz3n npm...

EUVD-2025-82302

Malicious code in currenttermitereplicateautomation npm...

Malicious code in current_gazelle_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1cb0e412adc58ae45c63e1b1717954e8e2be72ef467032f4e362084e3d5f23f8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-64666

Malicious code in currentapez3n npm...

EUVD-2025-64663

Malicious code in currentpantherz3n npm...

MAL-2025-84312 Malicious code in current_tyrannosaurus_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 98ff019357eab64d9e25b63d8161211f7dbac0aaee41b519da1dfc431cf48d24 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

CVE-2025-12658

The Preload Current Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'complete' parameter in the 'preloadprogressbar' shortcode in all versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping on user supplied attributes...

MAL-2025-67591 Malicious code in current-lime-owl (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 105535008099d234fc5a7a2e4aba4de479b82d6f6c0f03e0767b8b8f9dce6ce7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-55058

Malicious code in current-lime-owl npm...