Malicious Package

Overview moodle-core-tooltip is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview panel-keylogger-sim is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview logging-winston is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

GHSA-WP3J-XQ48-XPJW podman kube play symlink traversal vulnerability

Impact The podman kube play command can overwrite host files when the kube file contains a ConfigMap or Secret volume mount and the volume already contains a symlink to a host file. This allows a malicious container to write to arbitrary files on the host BUT the attacker only controls the target...

bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq

...

Malicious Package

Overview mathy-console is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview tailwind-react-icon is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

wifi: rtw89: avoid to add interface to list twice when SER

...

reiserfs: Avoid touching renamed directory if parent does not change

...

f2fs: avoid infinite loop to flush node pages

...

Malicious Package

Overview nodejs-smtp is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

Linux Distros Unpatched Vulnerability : CVE-2024-35242

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the composer install command running inside a git/hg repository...

UBUNTU-CVE-2025-38623

In the Linux kernel, the following vulnerability has been resolved: PCI: pnvphp: Fix surprise plug detection and recovery The existing PowerNV hotplug code did not handle surprise plug events correctly, leading to a complete failure of the hotplug system after device removal and a required reboot...

Linux Distros Unpatched Vulnerability : CVE-2024-23839

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, specially crafted traffic...

Linux Distros Unpatched Vulnerability : CVE-2024-32465

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Git is a revision control system. The Git project recommends to avoid working in untrusted repositories, and instead to clone it first with git clone --no-local...

CVE-2025-38580 ext4: fix inode use after free in ext4_end_io_rsv_work()

In the Linux kernel, the following vulnerability has been resolved: ext4: fix inode use after free in ext4endiorsvwork In ext4ioenddefercompletion, check if ioend-listvec is empty to avoid adding an ioend that requires no conversion to the irsvconversionlist, which in turn prevents starting an...

Malicious Package

Overview monitor-package is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview grok-sdk is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Linux Distros Unpatched Vulnerability : CVE-2025-48866

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions prior to 2.9.10 contain a denial of servic...

Linux Distros Unpatched Vulnerability : CVE-2024-32004

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository in su...