RUSTSEC-2026-0157 Several memory corruption issues via safe APIs

Several soundness violations exist in the Rust bindings for MetaCall, indicatively: MetaCallException::Clone: Clone is dangerous because it creates a second Rust object that still points to the same foreign MetaCall value, but does not actually own or keep that value alive. value is shallow copie...

PT-2026-39007

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 4.6.37 Description The safe extractall helper function, used in recipe pull, recipe publish, and recipe unpack flows, fails to validate member.linkname and does not reject symlink or hardlink members. Additionally, ...

Astra Linux - уязвимость в linux

A memory-bound write flaw 1 or 2 bytes of memory was identified in the Linux kernel’s NFS subsystem, related to the way users use mirroring replication of files via NFS. A user with access to the NFS mount could potentially exploit this flaw to crash the system or escalate privileges on the syste...

Declaration of Catch for Generic Exception

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

Security Awareness in LLM Agents: The NDAI Zone Case

NDAI zones let inventor and investor agents negotiate inside a Trusted Execution Environment TEE where any disclosed information is deleted if no deal is reached. This makes full IP disclosure the rational strategy for the inventor's agent. Leveraging this infrastructure, however, requires agents...

Malicious Package

Overview @saferpay/eslint-config-react is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

CVE-2022-23881

ZZZCMS zzzphp v2.1.0 was discovered to contain a remote command execution RCE vulnerability via dangerkey at zzztemplate.php...

MAL-2025-182085 Malicious code in gocay-guga- (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b065cec2a5b1113e9792ae85cb0380920eb18f8fab57ba6aecd45c20312d200c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-167114 Malicious code in teagood-manaki48 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 44c78c8308073e1f4930dfe085810f350c81465af1fb5ae270585a38fcd279ab This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in flight-danger-fanthom (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1be882fd01b919c51643da2203626f71a1103653d37a1f471a4ac8f29a91ccb4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-155258 Malicious code in flight-danger-fanthomia (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 644c828982141928f5b9d2f973e1ec9fcbd632302e10cfbaea5c12fdd3db0203 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-155255 Malicious code in flight-danger-fant (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 61777dc5f83532b414c9c1698d29178a943835a86a40682a9e1aabf5d08c25b9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2005-3380

Malware in sbrugna...

kernel: smb: client: fix use-after-free in cifs_oplock_break

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free in cifsoplockbreak A race condition can occur in cifsoplockbreak leading to a use-after-free of the cinode structure when unmounting: cifsoplockbreak cifsFileInfoputcfile cifsFileInfoputfinal...

EUVD-2022-38942

Malicious code in bioql PyPI...

Avoid Using the root User to Access the System Locally

Users with the root permission can access all Linux resources. If the root user is used to log in to the Linux OS to perform operations, there are many potential security risks. To avoid the risks, do not use the root user to log in to the Linux OS. If necessary, indirectly use the root user...

Malicious code in slabs-birthday-danger (npm)

The package slabs-birthday-danger was found to contain malicious code...

MAL-2025-46086 Malicious code in slabs-birthday-danger (npm)

The package slabs-birthday-danger was found to contain malicious code...

Modern vehicle cybersecurity trends

Modern vehicles are transforming into full-fledged digital devices that offer a multitude of features, from common smartphone-like conveniences to complex intelligent systems and services designed to keep everyone on the road safe. However, this digitalization, while aimed at improving comfort an...

Malicious code in sanitize-easy-sigma-user-execute (npm)

The package sanitize-easy-sigma-user-execute was found to contain malicious code...