kernel: wifi: cfg80211: init wiphy_work before allocating rfkill fails

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: init wiphywork before allocating rfkill fails syzbort reported a uninitialize wiphyworklock in cfg80211devfree. 1 After rfkill allocation fails, the wiphy release process will be performed, which will cause...

EUVD-2025-77349

Malicious code in chillylion-toolteadev npm...

EUVD-2025-76615

Malicious code in ideologicalwolverine-notthedev npm...

EUVD-2025-76423

Malicious code in lesserpeafowl-notthedev npm...

EUVD-2025-76932

Malicious code in exceptionalmole-notthedev npm...

EUVD-2025-76736

Malicious code in gracefulcephalopod-notthedev npm...

EUVD-2025-75049

Malicious code in aggressivecrab-notthedev npm...

MAL-2025-98903 Malicious code in recent_planarian_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c62ecb03bc2ad09f66ff3192f33e6b69c84ddee0593fdc2f3ae279bc4cbd87dd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-87049 Malicious code in joko-gembus65-apidev (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b9a33ab9690514b66b963dbd35bf061d517712f43fb973bb722e887b82ce06f7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-61880 Malicious code in andi-ragi43-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cfcf2906e71c21b3e88827f03dfbcabb12c43546441173f2559a8b668440eef0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

ALSA-2025:20518 Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: can: isotp: fix potential CAN frame reception race in isotprcv CVE-2022-48830 kernel: soc: qcom: cmd-db: Map shared memory as WC, not WB CVE-2024-46689 kernel: Squashfs: sanity check...

Important: runc security update

The runC tool is a lightweight, portable implementation of the Open Container Format OCF that provides container runtime. Security Fixes: runc: container escape via 'masked path' abuse due to mount race conditions CVE-2025-31133 runc: container escape with malicious config due to /dev/console mou...

CVE-2025-12923

A vulnerability was determined in liweiyi ChestnutCMS up to 1.5.8. This vulnerability affects the function resourceDownload of the file /dev-api/common/download. Executing manipulation of the argument path can lead to path traversal. The attack can be launched remotely. The exploit has been...

CVE-2025-12923 liweiyi ChestnutCMS download resourceDownload path traversal

A vulnerability was determined in liweiyi ChestnutCMS up to 1.5.8. This vulnerability affects the function resourceDownload of the file /dev-api/common/download. Executing manipulation of the argument path can lead to path traversal. The attack can be launched remotely. The exploit has been...

MGASA-2025-0271 Updated opencontainers-runc packages fix security vulnerabilities

The way masked paths are implemented in runc can be exploited to cause the host system to crash or halt CVE-2025-31133 and a flaw in /dev/console bind-mounts can lead to container escape CVE-2025-52565. Also, arbitrary write gadgets and procfs write redirects could be used to engineer container...

Important: Red Hat Security Advisory: runc security update

An update for runc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

runc: container escape with malicious config due to /dev/console mount and related races

A flaw was found in runc. CVE-2025-52565 is very similar in concept and application toCVE-2025-31133, except that it exploits a flaw in /dev/console bind-mounts. When creating the /dev/console bind-mount to /dev/pts/$n, if an attacker replaces /dev/pts/$n with a symlink then runc will bind-mount...

Malicious Package

Overview rce-poc-test-honor-dev is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

EUVD-2025-38226

Malicious code in rce-poc-test-honor-dev npm...

Malicious code in rce-poc-test-honor-dev (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b66eed52fc0c24b51f24da6c244c23fc29ce6228dd4a97a0606f71bb254f02b7 The package rce-poc-test-honor-dev was found to contain malicious code. Source: ghsa-malware...