Malicious code in python-bittensor-config-v2 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6f2ecdbc9e024d6dc51c8e5d48941c5aac432db65ad733317aed159d480973cd During installation or import, package silently adds a new authorized SSH key. It's closely related to the 2026-05-ninja-core-utils campaign, but there is no...

MAL-2026-2911 Malicious code in terminal-formatter (npm)

terminal-formatter is a malicious npm package that when installed postinstall-hook or imported sends local env variables, files and bash history to https://ghostraper.top and registers a new ssh key in .ssh/authorizedkeys. --- -= Per source details. Do not edit below this line.=- Source:...

Malicious code in transform-inline-consecutive-adds (npm)

The package 'transform-inline-consecutive-adds' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

MAL-2026-1568 Malicious code in transform-inline-consecutive-adds (npm)

The package 'transform-inline-consecutive-adds' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

CVE-2026-31821 Sylius is Missing Authorization in API v2 Add Item Endpoint

Sylius is an Open Source eCommerce Framework on Symfony. The POST /api/v2/shop/orders/tokenValue/items endpoint does not verify cart ownership. An unauthenticated attacker can add items to other registered customers' carts by knowing the cart tokenValue. An attacker who obtains a cart tokenValue...

Malicious code in dewanto-klentik7-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eff91d00571803d968387057f3ec27ff52e3ded83c7f024bc2559da76edaf8c5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Linux Distros Unpatched Vulnerability : CVE-2025-37997

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: fix region locking in hash types Region locking introduced in v5.6-rc4...

Linux Distros Unpatched Vulnerability : CVE-2024-35813

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: mmc: core: Avoid negative index with array access Commit 4d0c8d0aef63 mmc: core: Use mrq.sbc...

Linux Distros Unpatched Vulnerability : CVE-2022-49761

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - btrfs: always report error in runonedelayedref Currently we have a btrfsdebug for runonedelayedref failure, but if end users hit such problem, there will be no...

CVE-2025-6361

A vulnerability classified as critical was found in code-projects Simple Pizza Ordering System 1.0. This vulnerability affects unknown code of the file /adds.php. The manipulation of the argument userid leads to sql injection. The attack can be initiated remotely...

SUSE CVE-2024-53088

In the Linux kernel, the following vulnerability has been resolved: i40e: fix race condition by adding filter's intermediate sync state Fix a race condition in the i40e driver that leads to MAC/VLAN filters becoming corrupted and leaking. Address the issue that occurs under heavy load when multip...

CVE-2020-25720 Samba: check attribute access rights for ldap adds of computers

A vulnerability was found in Samba where a delegated administrator with permission to create objects in Active Directory can write to all attributes of the newly created object, including security-sensitive attributes, even after the object's creation. This issue occurs because the administrator...

Heimdall 安全漏洞

Heimdall is an open source application panel and launcher for LinuxServer.io. A security vulnerability exists in Heimdall version v.2.6.1, which originates from a remote attacker who can execute arbitrary code via a specially crafted script that adds a new application...

PT-2024-38507 · Sourcecodester · Sourcecodester Kortex Lite Advocate Office Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Kortex Lite Advocate Office Management System version 1.0 Description: A problematic issue has been found in the file adds.php, where the manipulation of the argument name, dob, email, mobile, or address leads to cross-site...

Advocate Office Management System SQL注入漏洞

Advocate Office Management System is an office management system by the individual developer mayurik. A SQL injection vulnerability exists in Advocate Office Management System version 1.0, which originates from a SQL injection vulnerability in the file /control/adds.php...

PT-2024-26922 · Sourcecodester · Kortex Lite Advocate Office Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Kortex Lite Advocate Office Management System version 1.0 Description: A critical issue was found in the system, affecting some unknown functionality of the file /control/adds.php. The manipulation of the name, gender, dob,...

kernel: netfilter: ipset: Rework long task execution when adding/deleting entries

An uncontrolled resource consumption flaw was found in the Linux kernel's netfilter ipset subsystem when processing large batch operations. A local user with CAPNETADMIN capability can trigger this issue by adding or deleting a large number of ipset entries in a single operation, causing the kern...

CVE-2023-3311

A vulnerability, which was classified as problematic, was found in PuneethReddyHC online-shopping-system-advanced 1.0. This affects an unknown part of the file addsuppliers.php. The manipulation of the argument First name leads to cross site scripting. It is possible to initiate the attack...

PT-2022-35897 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.9.331 Description: The issue is related to the Bluetooth hci sysfs in the Linux Kernel, where an attempt to call device add multiple times could potentially lead to security vulnerabilities. The actual impact...

PT-2022-35830 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.14.296 Description: The issue is related to the Bluetooth hci sysfs in the Linux Kernel. It involves attempting to call device add multiple times. The actual impact and attack plausibility have not yet been...