PT-2025-53931

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A resource leak exists in the mcb probe function within the Linux kernel’s drivers. Specifically, if the probe hook function fails during the mcb probe process, the device is not release...

Next Server Actions Source Code Exposure

A vulnerability affects certain React packages for versions 19.0.0, 19.0.1, 19.1.0, 19.1.1, 19.1.2, 19.2.0, and 19.2.1 and frameworks that use the affected packages, including Next.js 15.x and 16.x using the App Router. The issue is tracked upstream as CVE-2025-55183. A malicious HTTP request can...

CVE-2025-54065 GZDoom engine allows arbitrary code execution via ZScript actor states

GZDoom is a feature centric port for all Doom engine games. GZDoom is an open source Doom engine. In versions 4.14.2 and earlier, ZScript actor state handling allows scripts to read arbitrary addresses, write constants into the JIT-compiled code section, and redirect control flow through crafted...

Malicious code in syahlan-poke34 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bca1810855f6ff0be7eedd9ab5f40bc1ca3b86429e31d927154d49bb36065d1f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2018-4019

Malware in sbrugna...

EUVD-2018-4018

Malware in sbrugna...

EUVD-2007-1703

Malware in sbrugna...

EUVD-2018-12932

Malware in sbrugna...

EUVD-2022-24876

Malicious code in bioql PyPI...

Researchers Expose Phishing Threats Distributing CountLoader and PureRAT

A new campaign has been observed impersonating Ukrainian government agencies in phishing attacks to deliver CountLoader , which is then used to drop Amatera Stealer and PureMiner. "The phishing emails contain malicious Scalable Vector Graphics SVG files designed to trick recipients into opening...

Linux Distros Unpatched Vulnerability : CVE-2022-1587

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An out-of-bounds read vulnerability was discovered in the PCRE2 library in the getrecursedatalength function of the pcre2jitcompile.c file. This issue affects...

Linux Distros Unpatched Vulnerability : CVE-2015-4467

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The chmdinitdecomp function in chmd.c in libmspack before 0.5 does not properly validate the reset interval, which allows remote attackers to cause a denial of...

ALSA-2025:14101 Important: mingw-sqlite security update

SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL databas...

Important: mingw-sqlite security update

SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL databas...

Linux Distros Unpatched Vulnerability : CVE-2018-12034

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds read vulnerability in yrexecutecode in libyara/exec.c...

SUSE CVE-2020-26241

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. This is a Consensus vulnerability in Geth before version 1.9.17 which can be used to cause a chain-split where vulnerable nodes reject the canonical chain. Geth's pre-compiled dataCopy at 0x00...04 contract di...

MAL-2025-191824 Malicious code in prof-tg-dooorto-qu (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b4b5d4d87a39a286c8665b40b510ac0016d0b71fcc83fde246dd1bca7402af09 Package silently exfiltrates user's credentials ahead of starting the promised functionality. First batch used simple code, the newer attempt to hide...

MAL-2025-191828 Malicious code in prof-tg-to-qu (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e590e0ed82342410566d6866a770346dcbe14dc6f93bc6294d245148d6c28a51 Package silently exfiltrates user's credentials ahead of starting the promised functionality. First batch used simple code, the newer attempt to hide...

Malicious code in prof-tg-go-qu (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e68d60babccd176fc8f6620e7b711731ff8d6b200d2141b318f1f09482c5a903 Package silently exfiltrates user's credentials ahead of starting the promised functionality. First batch used simple code, the newer attempt to hide...

MAL-2025-191827 Malicious code in prof-tg-go-qu (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e68d60babccd176fc8f6620e7b711731ff8d6b200d2141b318f1f09482c5a903 Package silently exfiltrates user's credentials ahead of starting the promised functionality. First batch used simple code, the newer attempt to hide...