MAL-2025-15993 Malicious code in borealis-stratosphere-prosthetics-ariel (npm)

The package borealis-stratosphere-prosthetics-ariel was found to contain malicious code...

MAL-2025-12594 Malicious code in @zalastax/nolb-node-a (npm)

The package @zalastax/nolb-node-a was found to contain malicious code...

MAL-2025-24708 Malicious code in knowsql (npm)

The package knowsql was found to contain malicious code...

MAL-2025-11350 Malicious code in @zalastax/nolb-eslj (npm)

The package @zalastax/nolb-eslj was found to contain malicious code...

MAL-2025-20281 Malicious code in fbxloader (npm)

The package fbxloader was found to contain malicious code...

MAL-2025-26354 Malicious code in mike-tangerine-toic (npm)

The package mike-tangerine-toic was found to contain malicious code...

Security Bulletin: Multiple security vulnerabilities have been identified in IBM Db2 shipped with IBM Security Guardium Key Lifecycle Manager

Summary IBM Db2 is shipped as a component of IBM Security Key Lifecycle Manager SKLM/GKLM. Information about multiple security vulnerabilities affecting IBM Db2 has been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

BELL-CVE-2025-53859

Bulletin has no description...

Linux Distros Unpatched Vulnerability : CVE-2021-29972

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A use-after-free vulnerability was found via testing, and traced to an out-of-date Cairo library. Updating the library resolved the issue, and may have remediat...

CVE-2025-43186

The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.6, iOS 18.6 and iPadOS 18.6, tvOS 18.6, macOS Sequoia 15.6, macOS Sonoma 14.7.7, visionOS 2.6, macOS Ventura 13.7.7. Parsing a file may lead to an unexpected app termination...

BELL-CVE-2025-38423

Bulletin has no description...

BELL-CVE-2025-38413

Bulletin has no description...

BELL-CVE-2025-38402

Bulletin has no description...

BELL-CVE-2025-38374

Bulletin has no description...

BELL-CVE-2025-38355

Bulletin has no description...

UBUNTU-CVE-2025-48965

Mbed TLS before 3.6.4 has a NULL pointer dereference because mbedtlsasn1storenameddata can trigger conflicting data with val.p of NULL but val.len greater than zero...

BELL-CVE-2025-38317

Bulletin has no description...

ALPINE-CVE-2025-49600

In MbedTLS 3.3.0 before 3.6.4, mbedtlslmsverify may accept invalid signatures if hash computation fails and internal errors go unchecked, enabling LMS Leighton-Micali Signature forgery in a fault scenario. Specifically, unchecked return values in mbedtlslmsverify allow an attacker who can induce ...

BELL-CVE-2025-38141

Bulletin has no description...

PT-2025-26784 · Risc Zero +1 · Risc Zero +1

Name of the Vulnerable Software and Affected Versions: RISC Zero versions prior to 2.1.1 and 2.2.0 Description: The issue concerns the Steel.validateCommitment Solidity library function, which returns true for a crafted commitment with a digest value of zero. This violates the function's semantic...