Admidio module-administrator can delete or reorder categories owned by other modules via dead authorization check in `modules/categories.php`

Summary modules/categories.php checks that the supplied type parameter ANN, EVT, ROL, USF, … corresponds to a module the actor administers. The follow-up "is this specific category editable by me" check at lines 56-61 is dead code because it compares $getType a category-type code against mode nam...

PT-2026-45037

Summary modules/categories.php checks that the supplied type parameter ANN, EVT, ROL, USF, … corresponds to a module the actor administers. The follow-up "is this specific category editable by me" check at lines 56-61 is dead code because it compares $getType a category-type code against mode nam...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: bpf: Detecting IP == ksym.end as part of the BPF program Now, since bpfthrow is the first call instruction with noreturn semantics within the verifier, this also leads to the elimination of dead code in unprecedented ways. For...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013855)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013855 advisory. In the Linux kernel, the following vulnerability has been resolved: iouring: drop any code related to SCMRIGHTS This is dead code after we dropped support for passin...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007272)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007272 advisory. In the Linux kernel, the following vulnerability has been resolved: iouring: drop any code related to SCMRIGHTS This is dead code after we dropped support for passin...

📄 Pachno 1.0.6 Shell Upload

Pachno version 1.0.6 suffers from a remote shell upload vulnerability. The multipart file parameter to the /uploadfile endpoint allows authenticated users to upload files directly to the server. File upload must be enabled by an admin, who can also configure the storage path, within a...

Fedora 44 : python-pycparser (2026-1594a9755b)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-1594a9755b advisory. Remove unsafe dead code CVE-2025-56005 from the bundled ply Tenable has extracted the preceding description block directly from the Fedora security advisory...

EUVD-2025-204001

ChurchCRM is an open-source church management system. A SQL Injection vulnerability exists in the legacy endpoint /Reports/ConfirmReportEmail.php in ChurchCRM prior to version 6.5.3. Although the feature was removed from the UI, the file remains deployed and reachable directly via URL. This is a...

CVE-2025-68400

ChurchCRM prior to v6.5.3 is affected by a SQL Injection in the legacy endpoint /Reports/ConfirmReportEmail.php. The issue arises from an unvalidated familyId parameter in a historically removed UI feature that remains reachable directly (dead but reachable code). Any authenticated user, even wit...

SUSE-SU-2025:4301-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP6 RT kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-38008: mm/pagealloc: fix race condition in unaccepted memory handling bsc1244939. - CVE-2025-38539: trace/fgraph: Fix the warning caused by missing unregister...

SUSE-SU-2025:21064-1 Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2025-38008: mm/pagealloc: fix race condition in unaccepted memory handling bsc1244939. - CVE-2025-38539: trace/fgraph: Fix the warning caused by...

SUSE-SU-2025:4140-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP6 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-38008: mm/pagealloc: fix race condition in unaccepted memory handling bsc1244939. - CVE-2025-38539: trace/fgraph: Fix the warning caused by missing unregister...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP7 Azure kernel was updated to fix various security issues The following security issues were fixed: CVE-2025-38008: mm/pagealloc: fix race condition in unaccepted memory handling bsc1244939. CVE-2025-38539: trace/fgraph: Fix the warning caused by missing unregister...

SUSE-SU-2025:21056-1 Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2025-38008: mm/pagealloc: fix race condition in unaccepted memory handling bsc1244939. - CVE-2025-38539: trace/fgraph: Fix the warning caused by missi...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989322)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989322 advisory. In the Linux kernel, the following vulnerability has been resolved: bpf: Detect IP == ksym.end as part of BPF program Now that bpfthrow kfunc is the first such call...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989297)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989297 advisory. In the Linux kernel, the following vulnerability has been resolved: bpf: Detect IP == ksym.end as part of BPF program Now that bpfthrow kfunc is the first such call...

Malicious code in minify-dead-code-elimination (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ae32f7c04b27629bde0236a0f5931b70208313af390161f1d6564c0022d9f39c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview minify-dead-code-elimination is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

EUVD-2025-36867

Malicious code in minify-dead-code-elimination npm...

MAL-2025-49021 Malicious code in minify-dead-code-elimination (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ae32f7c04b27629bde0236a0f5931b70208313af390161f1d6564c0022d9f39c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...