Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the mm/debugvmpagetable test not properly clearing manually allocated page table entries, which could cause...

When Dependencies Turn Dangerous: Responding to the NPM Supply Chain Attack

On September 8, 2025, attackers compromised a set of 18 widely used npm packages —including chalk, debug, ansi-styles, and strip-ansi—collectively downloaded over 2.6 billion times per week. Through a targeted phishing campaign against a maintainer, the attackers published malicious versions...

Linux Distros Unpatched Vulnerability : CVE-2023-21123

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In multiple functions of multiple files, there is a possible way to bypass the DISALLOWDEBUGGINGFEATURES restriction for tracing due to a missing permission...

ROS-20250910-02

A vulnerability in the Hints::Hints poppler/Hints.cc function of the Poppler PDF display library is related to a resource release error. with resource release errors. Exploitation of the vulnerability allows an attacker acting remotely, to cause a denial of service using a specially crafted PDF...

Linux Distros Unpatched Vulnerability : CVE-2020-13881

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In support.c in pamtacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used. CVE-2020-13881 Not...

ROS-20250910-03

Vulnerability of Poppler PDF rendering library is related to lack of object threads cleanup PDF when cairodebugresetstaticdata is called. Exploitation of the vulnerability could allow an attacker to gain access to confidential information...

arbor-ai (>=0.1.5 <=0.1.14), coreason-runtime (>=0.1.0 <=0.3.0) +9 more potentially affected by CVE-2025-10164 via sglang (>=0.4.6.post5 <=0.5.2)

sglang PYPI version =0.4.6.post5, =0.1.5, =0.1.0, =1.1.0, =2.0.0b40, =0.0.1, =0.1.0, =0.1.0, =0.0.1.post1, =0.0.0, =0.8.0, =0.10.7 Source cves: CVE-2025-10164 Source advisory: SNYK:PYTHON-SGLANG-12705358...

Widespread npm Supply Chain Attack: Breaking Down Impact & Scope Across Debug, Chalk, and Beyond

A deeper look at the npm debug/chalk supply-chain incident: deobfuscating the wallet-hijacking browser interceptor, quantifying the 2-hour exposure with Wiz telemetry 99% package prevalence, 10% malware presence, and unpacking what made it spread so fast...

PT-2025-36970

Name of the Vulnerable Software and Affected Versions: NVIDIA NVDebug tool affected versions not specified Description: The NVIDIA NVDebug tool contains an issue that may allow an actor to gain access to a privileged account. A successful exploit may lead to code execution, denial of service,...

npm Packages With 2 Billion Weekly Downloads Hacked in Major Attack

Aikido Security flagged the largest npm attack ever recorded, with 18 packages like chalk, debug, and ansi-styles hacked…...

Embedded Malicious Code

Overview debug is a small debugging utility. Affected versions of this package are vulnerable to Embedded Malicious Code. This package version contains malicious code that monitors network traffic when run in a browser and targets crypto transactions. The injected malicious code activates a hook...

0.edsql (>=1.0.49 <=1.0.50), 007putra-my-bot (=1.1.1) +49873 more potentially affected by CVE-2025-59144 via debug (>=4.0.0 <=4.4.1)

debug NPM version =4.0.0, =1.0.49, =1.0.50 - 007putra-my-bot =1.1.1 - 00web3sc12cket =1.0.0 - 02-infrastructure =1.0.0 - 02.aula =1.0.0 - 0303-lb3-paket =1.0.1 - 08cms =1.0.0 - 0a4nhkya =1.0.0 - 0a4nhkyb =1.0.0 - 0a4nhkyc =1.0.0 - 0a4nhkyd =1.0.0 - 0a4nhkye =1.0.0 - 0a4nhkyf =1.0.0 - 0a4nhkyg...

PT-2025-37746

Name of the Vulnerable Software and Affected Versions debug versions 4.4.2 Description The npm publishing account for debug was compromised following a phishing attack on September 8, 2025. Version 4.4.2 was published with a malicious payload designed to redirect cryptocurrency transactions withi...

CVE-2025-9709

On-Chip Debug and Test Interface With Improper Access Control and Improper Protection against Electromagnetic Fault Injection EM-FI in Nordic Semiconductor nRF52810 allow attacker to perform EM Fault Injection and bypass APPROTECT at runtime, requiring the least amount of modification to the...

drm/amdkfd: Destroy KFD debugfs after destroy KFD wq

...

CVE-2025-41063

A vulnerability has been discovered in version 4.0.5 of appRain CMF, consisting of an authenticated reflected XSS due to a lack of proper validation of user input, through the 's' parameter in /apprain/developer/debug-log/db...

CVE-2025-9517

The atec Debug plugin for WordPress is vulnerable to remote code execution in all versions up to, and including, 1.2.22 via the 'customlog' parameter. This is due to insufficient sanitization when saving the custom log path. This makes it possible for authenticated attackers, with...

CVE-2025-9518

The atec Debug plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation on the 'debugpath' parameter in all versions up to, and including, 1.2.22. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete...

CVE-2025-39706

Summary: CVE-2025-39706 affects the Linux kernel's DRM/AMDKFD path. The issue arises when destroying KFD debugfs before kfd_process_destroy_wq, causing a NULL pointer hang due to an attempted remove of /sys/kernel/debug/kfd/proc/ after /sys/kernel/debug/kfd was destroyed. Root cause: proc content...

CVE-2025-9709 NRF52810 Runtime EM Fault Injection APPROTECT Bypass

On-Chip Debug and Test Interface With Improper Access Control and Improper Protection against Electromagnetic Fault Injection EM-FI in Nordic Semiconductor nRF52810 allow attacker to perform EM Fault Injection and bypass APPROTECT at runtime, requiring the least amount of modification to the...