CVE-2022-50392

In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: mt8183: fix refcount leak in mt8183mt6358ts3a227max98357devprobe The node returned by ofparsephandle with refcount incremented, ofnodeput needs be called when finish using it. So add it in the error path in...

SUSE CVE-2023-53343

In the Linux kernel, the following vulnerability has been resolved: icmp6: Fix null-ptr-deref of ip6nullentry-rt6iidev in icmp6dev. With some IPv6 Ext Hdr RPL, SRv6, etc., we can send a packet that has the link-local address as src and dst IP and will be forwarded to an external IP in the IPv6 Ex...

@adobe/aio-cli (>=7.0.0 <=8.3.0), @adobe/aio-cli-plugin-app (>=7.0.0 <=8.6.1) +31 more potentially affected by CVE-2025-56648 via @parcel/reporter-dev-server (>=2.0.0-beta.1 <=2.16.3)

@parcel/reporter-dev-server NPM version =2.0.0-beta.1, =7.0.0, =7.0.0, =1.0.0, =5.0.0, =2.3.0, =3.3.6, =2.1.0, =1.0.0-alpha.27, =2.0.0, =2.0.0, =0.0.2, =0.0.2, =2.0.0-beta.1, =2.13.4-canary.3389, =2.13.4-canary.3403 and more Source cves: CVE-2025-56648 Source advisory: OSV:GHSA-QM9P-F9J5-W83W...

Malicious code in lynx-dev (npm)

The package communicates with a domain associated with malicious activity...

MAL-2025-47435 Malicious code in lynx-dev (npm)

The package communicates with a domain associated with malicious activity...

Origin Validation Error

Overview @parcel/reporter-dev-server is a Blazing fast, zero configuration web application bundler Affected versions of this package are vulnerable to Origin Validation Error via improper origin validation in the development server. An attacker can access source code by tricking a developer into...

@58860ed6ffd9e897/gold-finger-extension (=1.0.2), @ableaura/ableui (=0.1.0) +1494 more potentially affected by CVE-2025-56648 via @parcel/reporter-dev-server (>=2.0.0-beta.1 <=2.9.3)

@parcel/reporter-dev-server NPM version =2.0.0-beta.1, =5.1.9, =7.0.0, =8.3.0-pre.2022-06-22.sha-42703caf, =7.0.0, =0.1.0, =1.0.0, =5.0.0, =0.0.9, =0.0.1, =5.1.0, =5.2.5 and more Source cves: CVE-2025-56648 Source advisory: SNYK:JS-PARCELREPORTERDEVSERVER-12878606...

CVE-2023-53343 icmp6: Fix null-ptr-deref of ip6_null_entry->rt6i_idev in icmp6_dev().

In the Linux kernel, the following vulnerability has been resolved: icmp6: Fix null-ptr-deref of ip6nullentry-rt6iidev in icmp6dev. With some IPv6 Ext Hdr RPL, SRv6, etc., we can send a packet that has the link-local address as src and dst IP and will be forwarded to an external IP in the IPv6 Ex...

Directory Traversal

vite-plugin-static-copy is vulnerable to Directory Traversal. The vulnerability is due to improper access control because apps exposing the Vite dev server to the network --host or server.host config option allow attackers to retrieve arbitrary files by which an attacker can access arbitrary file...

Linux Distros Unpatched Vulnerability : CVE-2022-50278

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PNP: fix name memory leak in pnpallocdev After commit 1fa5ae857bb1 driver core: get rid of struct device's busid string array, the name of device is allocated...

SUSE CVE-2023-53325

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: dp: Change logging to dev for mtkdpauxtransfer Change logging from drmerr,info to deverr,info in functions mtkdpauxtransfer and mtkdpauxdotransfer: this will be essential to avoid getting NULL pointer kernel panics ...

CVE-2023-53314

In the Linux kernel, the following vulnerability has been resolved: fbdev/ep93xx-fb: Do not assign to struct fbinfo.dev Do not assing the Linux device to struct fbinfo.dev. The call to registerframebuffer initializes the field to the fbdev device. Drivers should not override its value. Fixes a bu...

DEBIAN-CVE-2023-53325

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: dp: Change logging to dev for mtkdpauxtransfer Change logging from drmerr,info to deverr,info in functions mtkdpauxtransfer and mtkdpauxdotransfer: this will be essential to avoid getting NULL pointer kernel panics ...

Malicious code in @tnf-dev/react (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware da4d6867e6189f0175e6f56e18ff4291470344b5f188c83b62ca56759287e142 Any computer that has this package installed or running should be considered fully compromised. All...

@tnf-dev/react (>=1.0.1 <=1.0.1-24) potentially affected by unknown CVE via @tnf-dev/js (>=1.0.1-10 <=1.0.1)

@tnf-dev/js NPM version =1.0.1-10, =1.0.1, =1.0.1-24 Source cves: unknown CVE Source advisory: OSV:MAL-2025-47286...

MAL-2025-47330 Malicious code in mstate-dev-react (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 014addfef55f28c8297c28c565e3a13e01c74ef273175eb8c2389b4e41921e0a Any computer that has this package installed or running should be considered fully compromised. All...

Malicious code in @tnf-dev/core (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bf7e915935b9386ae9055f6a67642dd5c340cc47ad0482d8fa62dccb595968cf Any computer that has this package installed or running should be considered fully compromised. All...

Malicious code in @tnf-dev/js (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 292d245c3ca4d0fdd82283650bae7b8c7da1f843e984906c10402454c065daec Any computer that has this package installed or running should be considered fully compromised. All...

Malicious code in mstate-dev-react (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 014addfef55f28c8297c28c565e3a13e01c74ef273175eb8c2389b4e41921e0a Any computer that has this package installed or running should be considered fully compromised. All...

MAL-2025-47285 Malicious code in @tnf-dev/core (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bf7e915935b9386ae9055f6a67642dd5c340cc47ad0482d8fa62dccb595968cf Any computer that has this package installed or running should be considered fully compromised. All...