CVE-2026-46210 media: iris: fix use-after-free of fmt_src during MBPF check

In the Linux kernel, the following vulnerability has been resolved: media: iris: fix use-after-free of fmtsrc during MBPF check During concurrency testing, multiple instances can run in parallel, and each instance uses its own inst-lock while the core-lock protects the list of active instances. T...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: bsg: Set bsgqueue to NULL after removal. Currently, this does not cause any issues, but I believe it is necessary to set bsgqueue to NULL after removing it to prevent potential use-after-free UAF accesses...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the channel search API endpoint. An attacker can access information about all public channels within a private team by querying the API after being removed from the team. Remediation Upgrade...

Malicious code in rxjs-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a82756fe99cd57d9fc69d12a33d81146a6d0c78b3afa5926fa2531e1b3ced4eb The package rxjs-js was found to contain malicious code. Source: ghsa-malware b3538568871fe17ed55bb2e7a707cf1ca517f047348a754b2be9ec8798ab2997 Any...

Malicious code in piclite (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d776815ebc9f644d4e180897c8faecdb8179b86900d868934148989047d6ef55 The package piclite was found to contain malicious code. Source: ghsa-malware 298d5c66cb85081f480bec9e5c38bc7c2d419d609714be7346d3bafb0b2525eb Any...

MAL-2025-190562 Malicious code in node-calculator-3e62 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1703fc5c6d064d50b797ea676b0a02186a5cce75afc97191661b8aaa82624543 The package node-calculator-3e62 was found to contain malicious code. Source: ghsa-malware...

Malicious code in wm-tests-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 121558d6ec677ddacd0f0a5568a855ebf1afa527ad4e25ad97ab770b89ba16fa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in redirect-ltlpoj (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 60e036fe612d489b34542b0ed229362f48d70c93f15f0854358ca3370e220afc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

EUVD-2025-30825

Malicious code in bioql PyPI...

Malicious code in volehai-poc (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 695b1f1647ff88855017c178d47ab04527b14c3817e9b4ed343c1220cc7b18df Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in novacredit-global2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e08d91b667c736598ff5998d53a62bc833b8a740b0cd678a4ff9b2a33c99866a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-21453

Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur...

scsi: ufs: bsg: Set bsg_queue to NULL after removal

...

SUSE CVE-2025-21928

In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: Fix use-after-free issue in ishtphidremove The system can experience a random crash a few minutes after the driver is removed. This issue occurs due to improper handling of memory freeing in the ishtphidremove...

Malicious code in internallib_v72 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cfd62ceee47f0cd86d2f4187fac0af99eb626f31eecad5929dcd0d7797ec95ae Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in architecture-viewer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4282b66b0052ca80f8717181dbf7b0b94e88433b9e37f9ae718531960f9ddcbd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in realityspiral (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 750c382ff53ef751feeedfaf955cf5b12ff8fd6f91a1087c0616eddbab203913 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in paypal-standard-integration (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 45bb803ebb8e266ab790d8a7ab7ad62d31675c7ed376f7a50bb88c0110816fb5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in bookingcom-analytics (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f32c3da478ba3712d3de331495d003e14f2fd28a94f708a94c9ed9881f50dc06 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in snapon-imageviewer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fd4a5a0a56385d0de40f97cd52e3f9c9d0063056b50c2c1fc9a6d5c21bbe621a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...