4439 matches found
Malicious Package
Overview bitcoinlib-dev is a malicious package. This package installs a module that steals sensitive data from its target by overwriting legitimate CLI commands with malicious ones. Remediation Avoid using all malicious instances of the bitcoinlib-dev package. References - Malicious Package...
Deserialization Of Untrusted Data
yiisoft/yii2-dev is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to improper handling in the getIterator function of symfony\finder\Iterator\SortableIterator.php, which allows an attacker to execute arbitrary code remotely...
DEBIAN-CVE-2025-21925
In the Linux kernel, the following vulnerability has been resolved: llc: do not use skbget before devqueuexmit syzbot is able to crash hosts 1, using llc and devices not supporting IFFTXSKBSHARING. In this case, e1000 driver calls ethskbpad, while the skb is shared. Simply replace skbget by...
UBUNTU-CVE-2025-21925
In the Linux kernel, the following vulnerability has been resolved: llc: do not use skbget before devqueuexmit syzbot is able to crash hosts 1, using llc and devices not supporting IFFTXSKBSHARING. In this case, e1000 driver calls ethskbpad, while the skb is shared. Simply replace skbget by...
CVE-2025-21969
CVE-2025-21969 is a Linux kernel vulnerability in the Bluetooth stack (L2CAP). The issue is a slab-use-after-free in l2cap_send_cmd when the hci sync path releases l2cap_conn but a worker still references it. The root cause is a race between the hci receive data work queue and the l2cap_conn life...
Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query
Summary The contents of arbitrary files can be returned to the browser. Impact Only apps explicitly exposing the Vite dev server to the network using --host or server.host config option are affected. Details - base64 encoded content of non-allowed files is exposed using ?inline&import originally...
GHSA-4R4M-QW57-CHR8 Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query
Summary The contents of arbitrary files can be returned to the browser. Impact Only apps explicitly exposing the Vite dev server to the network using --host or server.host config option are affected. Details - base64 encoded content of non-allowed files is exposed using ?inline&import originally...
MAL-2025-3436 Malicious code in bitcoinlib-dev (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a198ee5e2df9c67dcbd24ed19a8fec5d462bbb3c0eb474cf00cd299e75074ef5 It overwrites the 'clw' command from legit bitconinlib package and attempts to exfiltrate its database on the usage. As a context, it appears to be created to...
MAL-2025-2901 Malicious code in tapbit-dev (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in tapbit-dev (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in hibt-dev (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-2881 Malicious code in hibt-dev (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-2868 Malicious code in coincheck-dev (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in coincheck-dev (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in bvox-dev (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-2861 Malicious code in bvox-dev (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-2855 Malicious code in bitvavo-dev (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in bitvavo-dev (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in bitunix-dev (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-2851 Malicious code in bitunix-dev (npm)
--- -= Per source details. Do not edit below this line.=-...