CVE-2025-38511

In the Linux kernel, the following vulnerability has been resolved: drm/xe/pf: Clear all LMTT pages on alloc Our LMEM buffer objects are not cleared by default on alloc and during VF provisioning we only setup LMTT PTEs for the actually provisioned LMEM range. But beyond that valid range we might...

Linux Distros Unpatched Vulnerability : CVE-2022-50067

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - btrfs: unset reloc control if transaction commit fails in preparetorelocate In btrfsrelocateblockgroup, the rc is allocated. Then btrfsrelocateblockgroup calls...

Linux Distros Unpatched Vulnerability : CVE-2024-35882

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix a slow server-side memory leak with RPC-over-TCP Jan Schunk reports that his sma...

Malicious code in pre-commit-message-test (npm)

The package pre-commit-message-test was found to contain malicious code...

MAL-2025-29604 Malicious code in pre-commit-message-test (npm)

The package pre-commit-message-test was found to contain malicious code...

CVE-2025-55192

HomeAssistant-Tapo-Control exposes a code injection vulnerability in its GitHub Actions workflow .github/workflows/issues.yml, prior to commit 2a3b80f. The workflow directly inserts user-controlled content from the issue body (github.event.issue.body) into a Bash conditional without proper saniti...

CVE-2025-55192 HomeAssistant-Tapo-Control Code Injection Vulnerability in issues.yml Workflow

HomeAssistant-Tapo-Control offers Control for Tapo cameras as a Home Assistant component. Prior to commit 2a3b80f, there is a code injection vulnerability in the GitHub Actions workflow .github/workflows/issues.yml. It does not affect users of the Home Assistant integration itself — it only impac...

CVE-2025-55192 HomeAssistant-Tapo-Control Code Injection Vulnerability in issues.yml Workflow

HomeAssistant-Tapo-Control offers Control for Tapo cameras as a Home Assistant component. Prior to commit 2a3b80f, there is a code injection vulnerability in the GitHub Actions workflow .github/workflows/issues.yml. It does not affect users of the Home Assistant integration itself — it only impac...

CVE-2025-54800

Hydra is a continuous integration service for Nix based projects. Prior to commit dea1e16, a malicious package can introduce arbitrary JavaScript code into the Hydra database that is automatically evaluated in a client's browser when anyone visits the build page. This could be done by a third-par...

RUSTSEC-2025-0049 User-defined implementations of the safe trait scratchpad::Tracking can cause heap buffer overflows

The get and set methods of the public trait scratchpad::Tracking interact with unsafe code regions in the crate, and they influence the computation of addresses returned as raw pointers. However, the trait itself is not marked as unsafe, meaning users may provide custom implementations under the...

PT-2025-34580 · Crates.Io · Scratchpad

The get and set methods of the public trait scratchpad::Tracking interact with unsafe code regions in the crate, and they influence the computation of addresses returned as raw pointers. However, the trait itself is not marked as unsafe, meaning users may provide custom implementations under the...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the ReadOneJNGImage function. An attacker can access data on the heap or cause memory corruption by tricking a user into processing a specially crafted image file. Remediation A fix was pushed into the...

Sensitive Data Exposure

@finos/git-proxy is vulnerable to sensitive data exposure. The vulnerability is due to improper validation of commits in the pack sent to GitHub, which allows an attacker to inject unreferenced commits containing sensitive data and retrieve them via direct commit URLs without appearing in the...

CVE-2025-51691

Cross-Site Scripting XSS vulnerability found in MarkTwo commit e3a1d3f90cce4ea9c26efcbbf3a1cbfb9dcdb298 May 2025 allows a remote attacker to execute arbitrary code via a crafted script input to the editor interface. The application does not properly sanitize user-supplied Markdown before renderin...

CVE-2025-54800

Hydra is a continuous integration service for Nix based projects. Prior to commit dea1e16, a malicious package can introduce arbitrary JavaScript code into the Hydra database that is automatically evaluated in a client's browser when anyone visits the build page. This could be done by a third-par...

CVE-2025-54864

CVE-2025-54864 affects Hydra (Nix-based CI) where the endpoints /api/push-github and /api/push-gitea were called without HTTP Basic authentication, despite the forges implementing HMAC with a secret key. The root cause is missing authentication on those calls, enabling heavy evaluations that can ...

CVE-2025-54864 Hydra missing authentication when triggering evaluations through GitHub and Gitea plugins

Hydra is a continuous integration service for Nix based projects. Prior to commit f7bda02, /api/push-github and /api/push-gitea are called by the corresponding forge without HTTP Basic authentication. Both forges do however feature HMAC signing with a secret key. Triggering an evaluation can be...

CVE-2025-54864 Hydra missing authentication when triggering evaluations through GitHub and Gitea plugins

Hydra is a continuous integration service for Nix based projects. Prior to commit f7bda02, /api/push-github and /api/push-gitea are called by the corresponding forge without HTTP Basic authentication. Both forges do however feature HMAC signing with a secret key. Triggering an evaluation can be...

CVE-2025-54800 Hydra persistent XSS in build metrics

Hydra is a continuous integration service for Nix based projects. Prior to commit dea1e16, a malicious package can introduce arbitrary JavaScript code into the Hydra database that is automatically evaluated in a client's browser when anyone visits the build page. This could be done by a third-par...

CVE-2025-54800 Hydra persistent XSS in build metrics

Hydra is a continuous integration service for Nix based projects. Prior to commit dea1e16, a malicious package can introduce arbitrary JavaScript code into the Hydra database that is automatically evaluated in a client's browser when anyone visits the build page. This could be done by a third-par...