MAL-2025-145303 Malicious code in nconf-apollo-ursa-callback (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 436dd8859e1f1b9fa7b1ea214fde2d84d4d19ab7b120dfd33ea32afc67345d64 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-124628

Malicious code in native-magellan-despina-callback npm...

EUVD-2025-115786

Malicious code in callback-vega-ganymede-yildun npm...

EUVD-2025-111934

Malicious code in kinetic-nestjs-callback-jovian npm...

Malicious code in parcel-mui-event-callback (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf3a8fdcd7a231752e40c7d558b2efeafc603d9ec4bee1ff23f8c5ec2d88e5df This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in husky-callback-algol-sirius (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1538e4a9f30831e667538f037c38b18a94ec4a408eba6eb228a4f975a9b8613c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-122586

Malicious code in resolvers-sedna-callback-vuepress npm...

EUVD-2025-123146

Malicious code in publish-browserify-callback-await npm...

Malicious code in cors-chakra-ui-norma-callback (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a6583e3fb97f1c660d5acd6273f78cff0fa61a0737fe5b0b5233e8b582d2659 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Linux Distros Unpatched Vulnerability : CVE-2025-40132

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ASoC: Intel: sofsdw: Prevent jump to NULL addsidecar callback In createsdwdailink check that sofend-codecinfo-addsidecar is not NULL before calling it. The...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990856)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990856 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: line6: Fix racy access to midibuf There can be concurrent accesses to line6 midibuf from bo...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a failure to check if the addsidecar callback is null, which could result in a null pointer dereference...

CVE-2025-49145

Combodo iTop is a web based IT service management tool. In versions prior to 2.7.13 and 3.2.2, a user that has enough rights to create webhooks mostly administrators can drop the database. This is fixed in iTop 2.7.13 and 3.2.2 by verifying callback signature...

lemlist: Authentication Token Theft via Open Redirect in Callback URL Parameter

A vulnerability was identified in the email signup flow of a website that enabled authentication token theft through manipulation of the callback URL parameter. The vulnerability occurred when an attacker modified the callbackUrl parameter during the email signup process to point to an...

EUVD-2025-84360

The Hydra Booking — Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable to missing payment verification to unauthenticated payment bypass in all versions up to, and including, 1.1.27. This is due to the plugin accepting client-controlled payment confirmation data in the...

CVE-2025-12788 Hydra Booking – All in One Appointment Booking System | Appointment Scheduling, Booking Calendar & WooCommerce Bookings <= 1.1.27 - Missing Payment Verification to Unauthenticated Payment Bypass

The Hydra Booking — Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable to missing payment verification to unauthenticated payment bypass in all versions up to, and including, 1.1.27. This is due to the plugin accepting client-controlled payment confirmation data in the...

kernel: ASoC: soc-pcm: don't use soc_pcm_ret() on .prepare callback

In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-pcm: don't use socpcmret on .prepare callback commit 1f5664351410 "ASoC: lower "no backend DAIs enabled for ... Port" log severity" ignores -EINVAL error message on common socpcmret. It is used from many functions,...

kernel: NFSD: fix hang in nfsd4_shutdown_callback

In the Linux kernel, the following vulnerability has been resolved: NFSD: fix hang in nfsd4shutdowncallback If nfs4client is in courtesy state then there is no point to send the callback. This causes nfsd4shutdowncallback to hang since clcbinflight is not 0. This hang lasts about 15 minutes until...

kernel: ice: fix Tx scheduler error handling in XDP callback

In the Linux kernel, the following vulnerability has been resolved: ice: fix Tx scheduler error handling in XDP callback When the XDP program is loaded, the XDP callback adds new Tx queues. This means that the callback must update the Tx scheduler with the new queue number. In the event of a Tx...

kernel: NFSD: fix hang in nfsd4_shutdown_callback

In the Linux kernel, the following vulnerability has been resolved: NFSD: fix hang in nfsd4shutdowncallback If nfs4client is in courtesy state then there is no point to send the callback. This causes nfsd4shutdowncallback to hang since clcbinflight is not 0. This hang lasts about 15 minutes until...