EUVD-2025-14675

Malicious code in bioql PyPI...

EUVD-2022-49604

Malicious code in bioql PyPI...

RLSA-2025:8816 Important: .NET 9.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 9.0.107 and .NET Runtime 9.0.6.Securi...

.NET 9.0 security update

An update is available for dotnet9.0. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list .NET is a managed-software framework. It implements a subset of the .NET...

libvmtools-devel-13.0.5-1.1 on GA media (moderate)

libvmtools-devel-13.0.5-1.1 on GA media Announcement ID: openSUSE-SU-2025:15595-1 Rating: moderate Cross-References: CVE-2025-41244 CVSS scores: CVE-2025-41244 SUSE : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-41244 SUSE : 8.5...

CVE-2025-59409

CVE-2025-59409 affects Flock Safety Falcon and Sparrow License Plate Readers (OPM1.171019.026). Root cause: development Wi‑Fi credentials stored in cleartext within production firmware, e.g., credentials like test_flck/test_flck. Impact: potential unauthorized device access. Public sources (PTSec...

CVE-2025-59409

Flock Safety Falcon and Sparrow License Plate Readers OPM1.171019.026 ship with development Wi-Fi credentials testflck stored in cleartext in production firmware...

CVE-2025-59409

Flock Safety Falcon and Sparrow License Plate Readers OPM1.171019.026 ship with development Wi-Fi credentials testflck stored in cleartext in production firmware...

PT-2025-40414

Name of the Vulnerable Software and Affected Versions Flock Safety Falcon and Sparrow License Plate Readers version OPM1.171019.026 Description The devices ship with development Wi-Fi credentials specifically, test flck stored in cleartext within the production firmware. This could allow...

OPENSUSE-SU-2025:15595-1 libvmtools-devel-13.0.5-1.1 on GA media

These are all security issues fixed in the libvmtools-devel-13.0.5-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2025-57275

Storage Performance Development Kit SPDK 25.05 is vulnerable to Buffer Overflow in the NVMe-oF target component in SPDK - lib/nvmf...

CVE-2025-57275

Storage Performance Development Kit SPDK 25.05 is vulnerable to Buffer Overflow in the NVMe-oF target component in SPDK - lib/nvmf...

CVE-2025-57275

CVE-2025-57275 affects Storage Performance Development Kit (SPDK) 25.05 and the NVMe-oF target component (lib/nvmf). The root cause is improper bounds handling leading to a Buffer Overflow. Documents describe potential buffer overflow that could crash or, per Veracode, enable arbitrary behavior. ...

cJSON-devel-1.7.19-1.1 on GA media (moderate)

cJSON-devel-1.7.19-1.1 on GA media Announcement ID: openSUSE-SU-2025:15583-1 Rating: moderate Cross-References: CVE-2023-26819 CVE-2025-57052 CVSS scores: CVE-2023-26819 SUSE : 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2023-26819 SUSE : 2.1...

OPENSUSE-SU-2025:15585-1 kernel-devel-6.16.9-1.1 on GA media

These are all security issues fixed in the kernel-devel-6.16.9-1.1 package on the GA media of openSUSE Tumbleweed...

Linux Distros Unpatched Vulnerability : CVE-2025-56648

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - npm parcel 2.0.0-alpha and before has an Origin Validation Error vulnerability. Malicious websites can send XMLHTTPRequests to the application's development...

MAL-2025-47574 Malicious code in @discord-external/activity-iframe-sdk (npm)

The package @discord-external/activity-iframe-sdk was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: google-open-source-security c4df7af2ceae80fdc052edf95094a378287786ae21cfec9a6104a2af2b1d9b98 This package installs a dependency hosted on a cust...

North Korean Hackers Use New AkdoorTea Backdoor to Target Global Crypto Developers

The North Korea-linked threat actors associated with the Contagious Interview campaign have been attributed to a previously undocumented backdoor called AkdoorTea, along with tools like TsunamiKit and Tropidoor. Slovak cybersecurity firm ESET, which is tracking the activity under the name...

CVE-2025-57324

parse is a package designed to parse JavaScript SDK. A Prototype Pollution vulnerability in the SingleInstanceStateController.initializeState function of parse version 5.3.0 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Php

sudo docker run -it --rm -p 8080:80 php:8.0.29-apache bash...