MAL-2025-1301 Malicious code in mexc-dev (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 29d69b3c891155b693e55fbc8734237edcf681cab20168d998375ea5ebdf2de5 Any computer that has this package install...

Malicious code in mexc-dev (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 29d69b3c891155b693e55fbc8734237edcf681cab20168d998375ea5ebdf2de5 Any computer that has this package install...

Malicious code in kucoin-dev (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5bc6d7a1ad2130468f00ff8d87225df98b3ed6bf45ca9bfb1a4abc0cb86895b3 Any computer that has this package install...

PT-2025-16667

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition in the Linux kernel's streamzap driver can cause a general protection fault due to a NULL pointer dereference of the dev-raw pointer. This occurs because rc unregister...

Malicious code in kraken-dev (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 538966bb30335d489eb80b6dad1c7b14ec9a71669fded6c77d31dcb84c13f3d0 Any computer that has this package install...

MAL-2025-1290 Malicious code in kraken-dev (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 538966bb30335d489eb80b6dad1c7b14ec9a71669fded6c77d31dcb84c13f3d0 Any computer that has this package install...

Malicious code in tokocrypto-dev (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 33ba3b3f29ac7a1725f71e0b16ff23e83c034f61280c327bf92fc31ed4ee2d3a Any computer that has this package install...

Malicious code in xt-dev (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 888d6cec6842a849e2ec069a734943936ab4dcd497fb6dd9e81760860817728e Any computer that has this package install...

MAL-2025-1282 Malicious code in xt-dev (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 888d6cec6842a849e2ec069a734943936ab4dcd497fb6dd9e81760860817728e Any computer that has this package install...

MAL-2025-1277 Malicious code in probit-dev (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b53f56d9feb1821fb971f6e193dc7ea5df777a9e0136fa3068e4775f197e0e23 Any computer that has this package install...

Malicious code in probit-dev (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b53f56d9feb1821fb971f6e193dc7ea5df777a9e0136fa3068e4775f197e0e23 Any computer that has this package install...

MAL-2025-1272 Malicious code in toobit-dev (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5d0f3cbca32c205dc8a61718610eba04f690441add92e4fb0e98f1e3f18f21f9 Any computer that has this package install...

PT-2025-8872

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved. The issue is related to the ndisc send skb function, which can be called without RTNL or RCU held, potentially leading to a...

CLSA-2025-1738853271 Fix of 54 CVEs

CVE-url: https://ubuntu.com/security/CVE-2024-26595 - mlxsw: spectrumacltcam: Fix NULL pointer dereference in error path CVE-url: https://ubuntu.com/security/CVE-2024-38553/CVE-2024-38597 - netpoll: make ndopollcontroller optional - bonding: use netpollpolldev helper - netpoll: do not test...

CVE-2022-3178

Buffer Over-read in GitHub repository gpac/gpac prior to 2.1.0-DEV...

CVE-2022-1795

Use After Free in GitHub repository gpac/gpac prior to v2.1.0-DEV...

CVE-2024-29138

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Joachim Jensen Restrict User Access – Membership Plugin with Force restrict-user-access.This issue affects Restrict User Access – Membership Plugin with Force: from n/a through = 2.5...

CVE-2024-29777

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPMU DEV - Your All-in-One WordPress Platform Forminator forminator.This issue affects Forminator: from n/a through = 1.29.0...

CVE-2024-9496

DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress Dev Kit installer can lead to privilege escalation and arbitrary code execution when running the impacted installer...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: sched: schmultiq: fix possible OOB write in multiqtune CVE-2024-36978 In the Linux kernel, the following vulnerability has been resolved: usb-storage: alauda: Check whether the media is initialized...