com.47deg:freestyle-http-http4s_2.11 (=0.1.0), com.azavea.geotrellis:geotrellis-server-core_2.11 (>=4.0.1 <=4.2.0) +173 more potentially affected by CVE-2025-58369 via co.fs2:fs2-io_2.11 (>=0.9.1 <=2.1.0)

co.fs2:fs2-io2.11 MAVEN version =0.9.1, =4.0.1, =4.0.1, =4.0.1, =0.4.0, =0.4.0, =5.0.0, =2.0.0, =0.12.7, =0.12.7, =0.12.7, =0.14.1, =0.12.7, =1.1.0, =1.2.1 and more Source cves: CVE-2025-58369 Source advisory: SNYK:JAVA-COFS2-13180115...

co.fs2:fs2-protocols_2.12 (>=3.10-4b5f50b <=3.12.0-RC2), com.47deg:github4s_2.12 (>=0.29.0 <=0.29.1) +435 more potentially affected by CVE-2025-58369 via co.fs2:fs2-io_2.12 (>=3.0.0 <=3.12.0)

co.fs2:fs2-io2.12 MAVEN version =3.0.0, =3.10-4b5f50b, =0.29.0, =1.0.0, =1.0-148-8da8898, =1.0-148-8da8898, =1.0-148-8da8898, =1.0-148-8da8898, =1.0-148-8da8898, =1.0-148-8da8898, =1.0-148-8da8898, =1.0-148-8da8898, =1.0-148-8da8898, =1.0-148-8da8898, =1.0-148-8da8898, =1.0-148-8da8898,...

com.avast:sst-app-monix_3 (>=0.17.0 <=0.19.3), com.avast:sst-app-zio_3 (>=0.17.0 <=0.19.3) +70 more potentially affected by CVE-2025-58369 via co.fs2:fs2-io_3 (>=2.5.10 <=2.5.12)

co.fs2:fs2-io3 MAVEN version =2.5.10, =0.17.0, =0.17.0, =0.16.0, =0.17.0, =0.16.0, =0.17.0, =0.16.0, =0.16.0, =0.17.0, =0.17.0, =0.16.0, =0.16.0, =0.16.0, =0.17.0, =0.17.0, =0.19.3 and more Source cves: CVE-2025-58369 Source advisory: SNYK:JAVA-COFS2-12669993...

ba.sake:hepek-http4s_3 (>=0.31.0 <=0.34.0), ch.linkyard.mcp:jsonrpc2-stdio_3 (>=0.1.0 <=0.3.2) +661 more potentially affected by CVE-2025-58369 via co.fs2:fs2-io_3 (>=3.0-117-375521f <=3.12.0)

co.fs2:fs2-io3 MAVEN version =3.0-117-375521f, =0.31.0, =0.1.0, =0.2.0, =0.1.0, =3.10-4b5f50b, =0.29.0, =0.2.1, =1.0.0, =0.1.0, =1.0-148-8da8898, =1.0-148-8da8898, =1.0-148-8da8898, =1.0-148-8da8898, =1.0-148-8da8898, =1.0-377-020cf9e and more Source cves: CVE-2025-58369 Source advisory:...

ch.j3t:zio-prefetcher_2.12 (>=0.3.0 <=0.7.0), com.47deg:embedded-cassandra-core_2.12 (=0.0.7) +592 more potentially affected by CVE-2025-58369 via co.fs2:fs2-io_2.12 (>=0.9.2 <=2.5.12)

co.fs2:fs2-io2.12 MAVEN version =0.9.2, =0.3.0, =0.22.0, =0.0.1, =0.13.2, =0.2.6, =0.3.0, =0.2.0, =0.1.0, =0.6.1, =0.6.1, =0.18.1, =0.18.5 - com.avast:datadog4s-http4s2.12 =0.6.0 and more Source cves: CVE-2025-58369 Source advisory: OSV:GHSA-RRW2-PX9J-QFFJ...

MAL-2025-46257 Malicious code in test-kiota-typescript-libraries (npm)

The package test-kiota-typescript-libraries was found to contain malicious code. --- -= Per source details. Do not edit below this line.=-...

Malicious code in test-kiota-typescript-libraries (npm)

The package test-kiota-typescript-libraries was found to contain malicious code. --- -= Per source details. Do not edit below this line.=-...

[SECURITY] Fedora 41 Update: udisks2-2.10.2-1.fc41

The Udisks project provides a daemon, tools and libraries to access and manipulate disks, storage devices and technologies...

CVE-2025-41050

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/baselibs...

Memory exhaustion in multipart form parsing in net/textproto and net/http

...

Revisiting Third-Party Library Detection: a Ground Truth Dataset and Its Implications across Security Tasks

Accurate detection of third-party libraries TPLs is fundamental to Android security, supporting vulnerability tracking, malware detection, and supply chain auditing. Despite many proposed tools, their real-world effectiveness remains unclear.We present the first large-scale empirical study of ten...

Integer overflow in the LZO algorithm variant in Oberhumer liblzo2 and lzo-2 before 2.07 on 32-bit platforms might allow remote attackers to execute arbitrary code via a crafted Literal Run.

...

Malicious npm Packages Exploit Ethereum Smart Contracts to Target Crypto Developers

Cybersecurity researchers have discovered two new malicious packages on the npm registry that make use of smart contracts for the Ethereum blockchain to carry out malicious actions on compromised systems, signaling the trend of threat actors constantly on the lookout for new ways to distribute...

agentengine (>=0.1.5 <=0.1.8), deepmost (=0.5.2) +11 more potentially affected by CVE-2025-9959 via smolagents (>=1.12.0 <=1.19.0)

smolagents PYPI version =1.12.0, =0.1.5, =0.1.0, =0.1.1, =0.1.1, =0.1.0, =0.16.0, =0.0.1.dev0, =0.0.1, =0.3.0, =0.3.7 Source cves: CVE-2025-9959 Source advisory: SNYK:PYTHON-SMOLAGENTS-12549208...

Linux Distros Unpatched Vulnerability : CVE-2022-2986

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Enabling and disabling installed H5P libraries did not include the necessary token to prevent a CSRF risk. CVE-2022-2986 Note that Nessus relies on the presence...

[SECURITY] Fedora 42 Update: udisks2-2.10.91-1.fc42

The Udisks project provides a daemon, tools and libraries to access and manipulate disks, storage devices and technologies...

CVE-2025-58322

NAVER MYBOX Explorer for Windows before 3.0.8.133 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM by invoking arbitrary DLLs due to improper privilege checks...

MAL-2025-41457 Malicious code in @sfdc-www-emu/clientlibs-web-components (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in @sfdc-www-emu/clientlibs-web-components (npm)

--- -= Per source details. Do not edit below this line.=-...

Linux Distros Unpatched Vulnerability : CVE-2020-28590

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An out-of-bounds read vulnerability exists in the Obj File TriangleMesh::TriangleMesh functionality of Slic3r libslic3r 1.3.0 and Master Commit 92abbc42. A...