11899 matches found
MAL-2025-191431 Malicious code in sufetch (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8efd418803202b34256057a848e0e9fbd6ad735dd0a011b4e7ca9cd46d088b39 The package sufetch was found to contain malicious code. Source: ghsa-malware 96568dd37a7486f46399a553eecede4295c1c52321560fb15faaa4525e898642 Any...
MAL-2025-191030 Malicious code in @lessondesk/material-icons (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 124d8e4d2ba731e6a005fd1c68c60af6629b037c8c121d0468394110d2f98103 The package @lessondesk/material-icons was found to contain malicious code. Source: ghsa-malware...
Malicious code in @lessondesk/eslint-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ef9fcb377fe99dad0e34ec63a5ac929adfc5d8be48e49d330d4785e1d2a6a7f The package @lessondesk/eslint-config was found to contain malicious code. Source: ghsa-malware...
MAL-2025-191135 Malicious code in normal-store (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3f3cc821206cbfa969e8f4e3472a09caf43736b8e70d4ec80ed20931b64406b8 The package normal-store was found to contain malicious code. Source: ghsa-malware 1e1d6a2537e74912ec3831bf85e49e8ba908fc28838ec60c07f7218717ba36ae A...
MAL-2025-191124 Malicious code in lint-staged-imagemin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f8cfbe33b97d4e3997d348c9532c834715e755ea1d28a6b30f2276209d4f45db The package lint-staged-imagemin was found to contain malicious code. Source: ghsa-malware...
MAL-2025-191126 Malicious code in luno-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b2620f6e7e546cf45578383002edf88f0d14cfff7c3b3fbdadff49d591e9a67d The package luno-api was found to contain malicious code. Source: ghsa-malware b14565c7974772eb7c5d608e000f39017115adb0304131b6d1b03f7402fa9d1f Any...
MAL-2025-190970 Malicious code in ito-button (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b9cf5ba13f206c5d1d757c2cf05286ee560131e1fcb7075df3f36ebb148077f3 The package ito-button was found to contain malicious code. Source: ghsa-malware 03f8f135ee783bb27854daa06728ae760fbffe751ad120740d501a29f4b1a68a Any...
MAL-2025-191016 Malicious code in svelte-autocomplete-select (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9659f91ce1f699661cdedee2d6691f0a4a515b4941511290b0082e5b662a91ea The package svelte-autocomplete-select was found to contain malicious code. Source: ghsa-malware...
Malicious code in @actbase/react-native-less-transformer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 06f669b015d3df7c500b192e927f2890c45ad45dafa608100da2146dca598efa The package @actbase/react-native-less-transformer was found to contain malicious code. Source: ghsa-malware...
Malicious code in eslint-config-zeallat-base (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b28fe7c28614bd60fe323d92db35df502ed3c1c9076a708815031e1a78311c6e The package eslint-config-zeallat-base was found to contain malicious code. Source: ghsa-malware...
MAL-2025-190764 Malicious code in atrix (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c8da24292f4db1ed3effb33c2c59b8af736f288754619eb8904e12b77cab37dc The package atrix was found to contain malicious code. Source: ghsa-malware 892133ca29450416a2608e73a523b5113e423356a6f8c0098602e7c5173b5121 Any...
Malicious code in @asyncapi/cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45b13eec1644f2d38922b7e61732a64ae6ee0d71810232ff15c95a3290de465d The package @asyncapi/cli was found to contain malicious code. Source: ghsa-malware 99e5bdb2a7d429f7e01403c432963826b244c3bed02a5a877ace1307b5fee3ad...
MAL-2025-190641 Malicious code in @asyncapi/protobuf-schema-parser (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 927e5dcfc89c461512068769c97bb06898751cd42cd15f50d97c4760c658269b The package @asyncapi/protobuf-schema-parser was found to contain malicious code. Source: ghsa-malware...
Think Fast: Real-Time IoT Intrusion Reasoning Using IDS and LLMs at the Edge Gateway
As the number of connected IoT devices continues to grow, securing these systems against cyber threats remains a major challenge, especially in environments with limited computational and energy resources. This paper presents an edge-centric Intrusion Detection System IDS framework that integrate...
Ubuntu 16.04 LTS : Linux kernel (Oracle) vulnerabilities (USN-7875-1)
"The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7875-1 advisory. Jean-Claude Graf, Sandro Regge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation betwe...
PYSEC-2025-138
MLX is an array framework for machine learning on Apple silicon. Prior to version 0.29.4, there is a heap buffer overflow in mlx::core::load when parsing malicious NumPy .npy files. Attacker-controlled file causes 13-byte out-of-bounds read, leading to crash or information disclosure. This issue...
CVE-2025-62609
MLX (on Apple silicon) prior to version 0.29.4 is affected by a wild pointer dereference in mlx::core::load_gguf() when loading malicious GGUF files, dereferencing an untrusted pointer from gguflib without validation and causing a crash. The issue stems from loading external GGUF data and manifes...
Libvirt: information disclosure via world-readable vm snapshots
...
MLX 安全漏洞
MLX is a machine learning framework open-sourced by ml-explore. A security vulnerability exists in MLX versions prior to 0.29.4 that stems from a heap buffer overflow when parsing a malicious NumPy file, which could lead to a crash or information disclosure...
CVE-2025-40604
Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore access to modify system files and gain persistent arbitrary code execution...