EUVD-2022-55543

Malicious code in bioql PyPI...

EUVD-2025-1853

Malicious code in bioql PyPI...

EUVD-2025-5156

Malicious code in bioql PyPI...

Malicious Package

Overview trendwatch is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Automating Pentest Delivery: 7 Key Workflows for Maximum Impact

Penetration testing is critical to uncovering real-world security weaknesses. With the shift into continuous testing and validation, it is time we automate the delivery of these results. The way results are delivered hasn't kept up with today's fast-moving threat landscape. Too often, findings ar...

CVE-2022-50448 mm/uffd: fix warning without PTE_MARKER_UFFD_WP compiled in

In the Linux kernel, the following vulnerability has been resolved: mm/uffd: fix warning without PTEMARKERUFFDWP compiled in When PTEMARKERUFFDWP not configured, it's still possible to reach pte marker code and trigger an warning. Add a few CONFIGPTEMARKERUFFDWP ifdefs to make sure the code won't...

CVE-2025-39895

CVE-2025-39895: Linux kernel sched_numa_find_nth_cpu() could dereference a null pointer when the CPU mask used by sched_domains_numa_masks does not intersect with the cpus offline. The fix makes the function bail out when bsearch returns NULL instead of dereferencing, preventing a kernel Oops. Af...

OESA-2025-2348 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel's JSM serial driver, a resource leak vulnerability exists in the probe function. The error path needs to properly unwind instead of just returning directly, which may lead to resource leakage...

Malicious Package

Overview postcss-calc-parser is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

CVE-2025-39843

CVE-2025-39843 affects the Linux kernel mm/slub path. The vulnerability arises when set_track_prepare() can incur lock recursion due to waking up kswapd while holding per_cpu(hrtimer_bases)[n].lock (triggered via hrtimer_start_range_ns) under CONFIG_DEBUG_OBJECTS_TIMERS. The fix involves masking ...

CVE-2023-53437

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Handle cameras with invalid descriptors If the source entity does not contain any pads, do not create a link...

CVE-2022-50354

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix kfdprocessdeviceinitvm error handling Should only destroy the ibmem and let process cleanup worker to free the outstanding BOs. Reset the pointer in pdd-qpd structure, to avoid NULL pointer access in process destr...

PT-2025-38187

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains a flaw within the nilfs2 file system where dirty data might be written to after the file system has degraded to read-only mode. This occurs because mark buffe...

SUSE CVE-2022-50344

In the Linux kernel, the following vulnerability has been resolved: ext4: fix null-ptr-deref in ext4writeinfo I caught a null-ptr-deref bug as follows: ================================================================== KASAN: null-ptr-deref in range 0x0000000000000068-0x000000000000006f CPU: 1 PI...

CVE-2023-53306

CVE-2023-53306 involves the Linux kernel fsdax path used by XFS for CoW on non-shared extents. The issue arises when a previous non-shared extent is mwrited and its dax entry is left dirty, which produced a WARN at dax_insert_entry. The connected documents consistently describe this as a resolved...

CVE-2023-53287

In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: Put the cdns set active part outside the spin lock The device may be scheduled during the resume process, so this cannot appear in atomic operations. Since pmruntimesetactive will resume suppliers, put set active...

CVE-2023-53218

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Make it so that a waiting process can be aborted When sendmsg creates an rxrpc call, it queues it to wait for a connection and channel to be assigned and then waits before it can start shovelling data as the encrypted DATA...

CVE-2022-50299 md: Replace snprintf with scnprintf

In the Linux kernel, the following vulnerability has been resolved: md: Replace snprintf with scnprintf Current code produces a warning as shown below when total characters in the constituent block device names plus the slashes exceeds 200. snprintf returns the number of characters generated from...

CVE-2023-53218 rxrpc: Make it so that a waiting process can be aborted

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Make it so that a waiting process can be aborted When sendmsg creates an rxrpc call, it queues it to wait for a connection and channel to be assigned and then waits before it can start shovelling data as the encrypted DATA...

PT-2025-37527

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains an issue where a silent deadlock can occur between the PG locked bit and the ni lock lock within the ntfs3 filesystem. This deadlock arises because filemap...