CVE-2022-49871

In the Linux kernel, the following vulnerability has been resolved: net: tun: Fix memory leaks of napigetfrags kmemleak reports after running testprogs: unreferenced object 0xffff8881b1672dc0 size 232: comm "testprogs", pid 394388, jiffies 4354712116 age 841.975s hex dump first 32 bytes: e0 84 d7...

UBUNTU-CVE-2022-49871

In the Linux kernel, the following vulnerability has been resolved: net: tun: Fix memory leaks of napigetfrags kmemleak reports after running testprogs: unreferenced object 0xffff8881b1672dc0 size 232: comm "testprogs", pid 394388, jiffies 4354712116 age 841.975s hex dump first 32 bytes: e0 84 d7...

Malicious code in expo-sessoion (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware df1f3216c0e974fd221139390340264f652810347ffd8e432f00d398412c0058 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2025-18588 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to memory leaks in the Linux kernel, specifically in the napi get frags function. The problem occurs when tun get user is called, leading to memory leaks in tun na...

New Capacity Bounds for PIR on Graph and Multigraph-Based Replicated Storage

In this paper, we study the problem of private information retrieval PIR in both graph-based and multigraph-based replication systems, where each file is stored on exactly two servers, and any pair of servers shares at most $r$ files. We derive upper bounds on the PIR capacity for such systems an...

CVE-2025-30725

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is 7.1.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle...

DEBIAN-CVE-2025-22050

In the Linux kernel, the following vulnerability has been resolved: usbnet:fix NPE during rxcomplete Missing usbnetgoingaway Check in Critical Path. The usbsubmiturb function lacks a usbnetgoingaway validation, whereas usbnetqueueskb includes this check. This inconsistency creates a race conditio...

UBUNTU-CVE-2025-22050

In the Linux kernel, the following vulnerability has been resolved: usbnet:fix NPE during rxcomplete Missing usbnetgoingaway Check in Critical Path. The usbsubmiturb function lacks a usbnetgoingaway validation, whereas usbnetqueueskb includes this check. This inconsistency creates a race conditio...

CVE-2025-21580

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

OttoKit WordPress Plugin Admin Creation Vulnerability Under Active Exploitation

A newly disclosed high-severity security flaw impacting OttoKit formerly SureTriggers has come under active exploitation within a few hours of public disclosure. The vulnerability, tracked as CVE-2025-3102 CVSS score: 8.1, is an authorization bypass bug that could permit an attacker to create...

USB: gadget: f_midi: f_midi_complete to call queue_work

...

MAL-2025-3112 Malicious code in payoutsapiserv-paypal (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3138bfa1642d8493a633368a78332106126b9c776849c8525ab1fc491544935c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-30005

Xorcom CompletePBX is vulnerable to a path traversal via the Diagnostics reporting module, which will allow reading of arbitrary files and additionally delete any retrieved file in place of the expected report. This issue affects CompletePBX: all versions up to and prior to 5.2.35...

Mars: ███████ - Publicly Accessible public_html Directory Exposing WordPress Configuration

A publicly accessible directory containing sensitive WordPress configuration files, including database credentials, authentication keys, and API secrets, was discovered. The vulnerability allowed unauthorized access to critical system information through a downloadable zip file. The security team...

MAL-2025-2791 Malicious code in transactions-generator (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware add05b58536e55e9dfed5253cce6ec918d905362b9e9d30531d1a20dd39aca1a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2679 Malicious code in internallib_v341 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 865726c0916807b2585990f7ea5edfefa1f6562a0ab9d319a37a67a1129338c1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

The vulnerability of the aio_complete() function in the fs/aio.c module of the Linux kernel file system allows a hacker to cause a service failure.

The vulnerability of the aiocomplete function in the fs/aio.c module of the Linux kernel file system is related to pointer manipulation. Exploiting this vulnerability could allow an attacker to cause a service failure...

Improper Handling of Exceptional Conditions

Overview llama-index-core is an Interface between LLMs and your data Affected versions of this package are vulnerable to Improper Handling of Exceptional Conditions via the streamcomplete method of the LangChainLLM class. An attacker can disrupt service availability by providing an input of type...

WordPress plugin Eventin 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Malicious code in nicegirl (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 05d61fc6a090b764666270f91b100bc166fbb85c0227ac947e1bdc876bc8e6a4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...