MAL-2025-80560 Malicious code in parliamentary_penguin_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ecbc6fc3392d4bf45e212e5c4082be0182dcb8132bb52659aabb3e4111a5bf19 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in andi-kue72-breki (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 20e7dde66d836f2f9d31c940dc0a41b6375e2da2100d56e7eb404b478fd7eeab This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

SUSE CVE-2025-40109

In the Linux kernel, the following vulnerability has been resolved: crypto: rng - Ensure setent is always present Ensure that setent is always set since only drbg provides it...

Malicious code in nadia-soto97-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8cbd9191826777528d87bde9ce0ab426c101fb99ec0fa61e90e40e3042afe29d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-65181 Malicious code in rudi-keraktelor77-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 82b14b695a821777a820ec90f8fd71b9f6c4a0cc7447ca85bcb43d1908030627 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-60032 Malicious code in blushing_boar_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e0900041636c4e012ef3e1b3839d1dc5f606808b3c56be1eee46d9ca21692658 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in dono-empal50-sukiwir (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a763ad2cbe1b63e17d032d063618475013e4da0e8b8c456aea0737df9f53c809 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in running_chinchilla_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e1d7c0b35b1f0837848c6e678a268457559339da319a00ff8feada60abc13329 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

CVE-2025-40109

In the Linux kernel, the following vulnerability has been resolved: crypto: rng - Ensure setent is always present Ensure that setent is always set since only drbg provides it...

crypto: rng - Ensure set_ent is always present

...

CVE-2025-41731 Jumo: Insufficient entropy in PRNG may lead to root access

A vulnerability was identified in the password generation algorithm when accessing the debug-interface. An unauthenticated local attacker with knowledge of the password generation timeframe might be able to brute force the password in a timely manner and thus gain root access to the device if the...

CVE-2025-41731 Jumo: Insufficient entropy in PRNG may lead to root access

A vulnerability was identified in the password generation algorithm when accessing the debug-interface. An unauthenticated local attacker with knowledge of the password generation timeframe might be able to brute force the password in a timely manner and thus gain root access to the device if the...

Malicious code in patria-telurtahu19-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4b6ec325245bc1f23a1878190086058fda001c7d3a7d52addaaab253503271b6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-50073 Malicious code in cici-serabi69-sukiwir (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ee286f143d8883a3d8571a8e3b278c0446c611225046ef03c5614ab938ffc64c The package cici-serabi69-sukiwir was found to contain malicious code. This package appears to be part of the tea.xyz token reward campaign that...

MAL-2025-50776 Malicious code in agus-rendang26-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dd8fdcc93fccb16ae3d6733028353ccfd51f2fca7396d4a10b412ca3e860a967 The package agus-rendang26-riris was found to contain malicious code. This package appears to be part of the tea.xyz token reward campaign that flood...

Rocket Chip Generator 安全漏洞

Rocket Chip Generator is an open source Sysem-on-Chip design generator from CHIPS Alliance Open Source. A security vulnerability exists in Rocket Chip Generator v1.6 and earlier versions, which stems from a failure of the SRET instruction to properly convert processor privilege levels, which coul...

PT-2025-45604

Name of the Vulnerable Software and Affected Versions Jumo variTRON300 affected versions not specified Description A flaw exists in the password generation algorithm when accessing the debug interface. An unauthenticated local attacker who knows the password generation timeframe may be able to...

Important: bind9.18 security update

BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves host names to IP addresses; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server ...

bind security update

9.16.23-31.0.1 - Fix warning when changing device file permissions Orabug: 36518580 32:9.16.23-31.2 - Replace downstream fixes with upstream changes 32:9.16.23-31.1 - Prevent cache poisoning due to weak PRNG CVE-2025-40780 - Address various spoofing attacks CVE-2025-40778...

ALSA-2025:19950 Important: bind9.18 security update

BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves host names to IP addresses; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server ...