EUVD-2025-50533

Malicious code in completecrayfishz3n npm...

EUVD-2025-48276

Malicious code in completebobolinkz3n npm...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988932)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988932 advisory. In the Linux kernel, the following vulnerability has been resolved: net: ieee802154: ca8210: Stop leaking skb's Upon error the ieee802154xmitcomplete helper is not...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988790)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988790 advisory. In the Linux kernel, the following vulnerability has been resolved: NFC: port100: fix use-after-free in port100sendcomplete Syzbot reported UAF in port100sendcomplet...

CVE-2025-64102 Zitadel allows brute-forcing authentication factors

Zitadel is open-source identity infrastructure software. Prior to 4.6.0, 3.4.3, and 2.71.18, an attacker can perform an online brute-force attack on OTP, TOTP, and passwords. While Zitadel allows preventing online brute force attacks in scenarios like TOTP, Email OTP, or passwords using a lockout...

SUSE CVE-2025-40026

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Don't recheck L1 intercepts when completing userspace I/O When completing emulation of instruction that generated a userspace exit for I/O, don't recheck L1 intercepts as KVM has already finished that phase of instructi...

PT-2025-42748

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A buffer overflow issue exists in the USB 9pfs transport layer. Inconsistent size validation between packet header parsing and actual data copying allows a malicious USB host to overflow...

Ash has authorization bypass when bypass policy condition evaluates to true

Summary Bypass policies incorrectly authorize requests when their condition evaluates to true but their authorization checks fail and no other policies apply. Impact Resources with bypass policies can be accessed without proper authorization when: - Bypass condition evaluates to true - Bypass...

SUSE-SU-2025:03629-1 Security update for gstreamer-plugins-rs

This update for gstreamer-plugins-rs fixes the following issues: Update to version 0.12.11 jscPED-13826: - CVE-2024-32650: Fixed infinite loop in rustls::conn::ConnectionCommon:completeio with proper client input bsc1223219...

CVE-2025-39983 Bluetooth: hci_event: Fix UAF in hci_conn_tx_dequeue

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: Fix UAF in hciconntxdequeue This fixes the following UAF caused by not properly locking hdev when processing HCIEVNUMCOMPPKTS: BUG: KASAN: slab-use-after-free in hciconntxdequeue+0x1be/0x220...

Mars: Sensitive information exposed at [███] via /export_panelists_to_xlsx endpoint

A vulnerability was identified that allowed unauthorized access to personally identifiable information through an unprotected API endpoint. The vulnerability exposed user email addresses and telephone numbers. The issue was classified under CWE-312 with a CVSS score of 6.1. The vulnerability was...

EUVD-2025-31872

EUVD-2025-31872...

CVE-2023-53627

In the Linux kernel, the following vulnerability has been resolved: scsi: hisisas: Grab sasdev lock when traversing the members of sasdev.list When freeing slots in function slotcompletev3hw, it is possible that sasdev.list is being traversed elsewhere, and it may trigger a NULL pointer exception...

EUVD-2018-4412

Malware in sbrugna...

EUVD-2021-16667

Malware in sbrugna...

EUVD-2019-12108

Malware in sbrugna...

EUVD-2020-22367

Malware in sbrugna...

EUVD-2018-15017

Malware in sbrugna...

EUVD-2020-22317

Malware in sbrugna...

EUVD-2008-5148

Malware in sbrugna...