CVE-2025-63603

A command injection vulnerability exists in the MCP Data Science Server's reading-plus-ai/mcp-server-data-exploration 0.1.6 in the safeeval function src/mcpserverds/server.py:108. The function uses Python's exec to execute user-supplied scripts but fails to restrict the builtins dictionary in the...

HSEC-2025-0006 Private key leak via inherited file descriptor

Private key leak via inherited file descriptor The X.509 key reading function readKeyFile opened a file descriptor to the private key without setting the close-on-exec flag. If a child process is execed at the same time, it would inherit that file descriptor and could read the private key materia...

SUSE CVE-2025-40166

In the Linux kernel, the following vulnerability has been resolved: drm/xe/guc: Check GuC running state before deregistering exec queue In normal operation, a registered exec queue is disabled and deregistered through the GuC, and freed only after the GuC confirms completion. However, if the driv...

CVE-2025-40166

In the Linux kernel, the following vulnerability has been resolved: drm/xe/guc: Check GuC running state before deregistering exec queue In normal operation, a registered exec queue is disabled and deregistered through the GuC, and freed only after the GuC confirms completion. However, if the driv...

EUVD-2025-178988

Malicious code in exec-zephyr-xo-izar npm...

Malicious code in spawn-exec-zenobia-ganymede (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 08d195fec77b588ee50726619249d1d77aacd06b4a03966370f3dee0c6edc02d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-180155

Malicious code in backend-exec-husky-public npm...

EUVD-2025-178991

Malicious code in exec-radiometric-aether-juno npm...

Malicious code in izar-ora-exec-genomics (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53d17c4563e99682e42e4eae296514441c01b6f64a6c19ecde3adc967d542d2e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-176166

Malicious code in subduction-exec-redis-gatsby npm...

EUVD-2025-180235

Malicious code in aurora-exec-nebula-titan npm...

EUVD-2025-176280

Malicious code in spawn-exec-zenobia-ganymede npm...

EUVD-2025-178325

Malicious code in izar-ora-exec-genomics npm...

Malicious code in aurora-exec-nebula-titan (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 727d149233b8486494ce40ab83a3e2e4ecf442479f183b3b96baae8f80f59da2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-176155

Malicious code in subscription-carina-standard-exec npm...

EUVD-2025-178995

Malicious code in exec-local-mongoose-dione npm...

EUVD-2025-177347

Malicious code in paleontology-mensa-altair-exec npm...

MAL-2025-187557 Malicious code in izar-ora-exec-genomics (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53d17c4563e99682e42e4eae296514441c01b6f64a6c19ecde3adc967d542d2e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-178989

Malicious code in exec-virtualreality-wolf-paleoecology npm...

EUVD-2025-178992

Malicious code in exec-proxima-ophiuchus-exec npm...