EUVD-2023-31686

Malicious code in bioql PyPI...

EUVD-2024-17653

Malicious code in bioql PyPI...

EUVD-2024-30730

Malicious code in bioql PyPI...

EUVD-2022-15937

Malicious code in bioql PyPI...

EUVD-2024-38937

Malicious code in bioql PyPI...

EUVD-2024-38936

Malicious code in bioql PyPI...

EUVD-2024-38938

Malicious code in bioql PyPI...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : curl (SUSE-SU-2025:03198-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03198-1 advisory. Update to version 8.14.1 jscPED-13055, jscPED-13056. Security issues fixed: - CVE-2025-0665:...

GHSA-9GVJ-PP9X-GCFR Picklescan has pickle parsing logic flaw that leads to malicious pickle file bypass

Details There's a parsing logic error in picklescan and modelscan while trying to deal with opcode STACKGLOBAL. Function listglobals when handling STACKGLOBAL at position n, it is expected to track two arguments but in wrong range. The loop only consider the range from 1 to n-1 but forgets to...

CVE-2025-38399

In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix NULL pointer dereference in corescsi3decodespeciport The function corescsi3decodespeciport, in its error code path, unconditionally calls corescsi3lunaclundependitem passing the destsedeve pointer, which may be...

CVE-2025-38289

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Avoid potential ndlp use-after-free in devlosstmocallbk Smatch detected a potential use-after-free of an ndlp oject in devlosstmocallbk during driver unload or fatal error handling. Fix by reordering code to avoid...

CVE-2025-38330

CVE-2025-38330 affects the Linux kernel, specifically a KUnit test path in firmware: cs_dsp_ctl_cache_init_multiple_offsets that could trigger an out-of-bounds read. root cause: mock_coeff_template.length_bytes used for register value allocations, later overridden to 8 bytes, causing incorrect te...

CVE-2025-53546 Folo allows secrets exfiltration via `pull_request_target`

Folo organizes feeds content into one timeline. Using pullrequesttarget on .github/workflows/auto-fix-lint-format-commit.yml can be exploited by attackers, since untrusted code can be executed having full access to secrets from the base repo. By exploiting the vulnerability is possible to...

CVE-2025-38259

In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd9335: Fix missing free of regulator supplies Driver gets and enables all regulator supplies in probe path wcd9335parsedt and wcd9335poweronreset, but does not cleanup in final error paths and in unbind missing...

CVE-2025-38163

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on sbi-totalvalidblockcount syzbot reported a f2fs bug as below: ------------ cut here ------------ kernel BUG at fs/f2fs/f2fs.h:2521! RIP: 0010:decvalidblockcount+0x3b2/0x3c0 fs/f2fs/f2fs.h:2521 Call...

CVE-2025-38116 wifi: ath12k: fix uaf in ath12k_core_init()

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix uaf in ath12kcoreinit When the execution of ath12kcorehwgroupassign or ath12kcorehwgroupcreate fails, the registered notifier chain is not unregistered properly. Its memory is freed after rmmod, which may trigge...

CVE-2022-50165

In the Linux kernel, the following vulnerability has been resolved: wifi: wil6210: debugfs: fix uninitialized variable use in wilwritefilewmi Commit 7a4836560a61 changes simplewritetobuffer with memdupuser but it forgets to change the value to be returned that came from simplewritetobuffer call. ...

CVE-2022-50057 fs/ntfs3: Fix NULL deref in ntfs_update_mftmirr

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix NULL deref in ntfsupdatemftmirr If ntfsfillsuper wasn't called then sbi-sb will be equal to NULL. Code should check this ptr before dereferencing. Syzbot hit this issue via passing wrong mount param as can be seen...

CVE-2023-39344

social-media-skeleton is an uncompleted social media project. A SQL injection vulnerability in the project allows UNION based injections, which indirectly leads to remote code execution. Commit 3cabdd35c3d874608883c9eaf9bf69b2014d25c1 contains a fix for this issue...

CVE-2023-32691

gost GO Simple Tunnel is a simple tunnel written in golang. Sensitive secrets such as passwords, token and API keys should be compared only using a constant-time comparison function. Untrusted input, sourced from a HTTP header, is compared directly with a secret. Since this comparison is not...