CVE-2025-32900

CVE-2025-32900 concerns the KDE Connect information-exchange protocol, where spoofable broadcast UDP traffic can temporarily alter the displayed device information. The issue affects multiple platforms prior to fixed versions: KDE Connect on Android < 1.33.0, KDE Connect on desktop < 25.04,...

📄 Adobe DNG SDK 1.4 Out-Of-Bounds Read

A vulnerability exists in Adobe DNG SDK the fork used by Android due to improper validation of the fAreaSpec fields inside the dngopcodeDeltaPerRow::ProcessArea function. If an attacker supplies a crafted DNG file with an empty or malformed fAreaSpec, the SDK performs arithmetic that results in...

aldryn-django (>=4.2.10.0 <=4.2.18.0), alertwise (=1.0.0) +113 more potentially affected by CVE-2025-13372 via django (>=4.2.0 <=4.2.26)

django PYPI version =4.2.0, =4.2.10.0, =65.10.0, =7.5.1, =1.0.2, =0.0.1, =1.3.9, =0.4.0, =0.0.1, =4.16.2, =4.8.0, =0.0.4.dev0, =8.0.0, =8.5.1 and more Source cves: CVE-2025-13372 Source advisory: OSV:PYSEC-2025-104...

aa-charlink (>=0.1.1 <=1.0.0), aa-drifters (=0.1.0a0) +507 more potentially affected by CVE-2025-64460 via django (>=4.0.0 <=4.2.26)

django PYPI version =4.0.0, =0.1.1, =1.0.0, =0.1.0a0, =0.11.0a0, =0.1.1, =1.1.0, =0.1.0, =0.0.3, =4.0.9.0, =65.10.0, =65.10.3 and more Source cves: CVE-2025-64460 Source advisory: SNYK:PYTHON-DJANGO-14157807...

Out-of-bounds Read

Overview net.jpountz.lz4:lz4 is a package for LZ4 compression for Java Affected versions of this package are vulnerable to Out-of-bounds Read due to the use of the insecure LZ4decompressfast in the underlying lz4 library, which lacks bounds checks. An attacker can cause denial of service or acces...

CVE-2025-66382

In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time...

LZ4 Java Compression has Out-of-bounds memory operations which can cause DoS

Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read adjacent memory via untrusted compressed input. This is fixed in a forked release: at.yawk.lz4:lz4-java version 1.8.1. The original project has been archived:...

USN-7887-2: Linux kernel (Raspberry Pi) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - ACPI drivers; - Ublk userspace block driver; -...

USN-7887-1: Linux kernel (Raspberry Pi Real-time) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - ACPI drivers; - Ublk userspace block driver; -...

CVE-2025-13204

npm package expr-eval is vulnerable to Prototype Pollution. An attacker with access to express eval interface can use JavaScript prototype-based inheritance model to achieve arbitrary code execution. The npm expr-eval-fork package resolves this issue. Mitigation Mitigation for this issue is eithe...

EUVD-2025-198918

Malicious code in @postman/postman-collection-fork npm...

MAL-2025-190907 Malicious code in @postman/postman-collection-fork (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 64948ce72be9099e788f3fd4ab6f5a1a67d0012429ae4e198bc7baa85a5197dd The package @postman/postman-collection-fork was found to contain malicious code. Source: google-open-source-security...

Malicious code in @postman/postman-collection-fork (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 64948ce72be9099e788f3fd4ab6f5a1a67d0012429ae4e198bc7baa85a5197dd The package @postman/postman-collection-fork was found to contain malicious code. Source: google-open-source-security...

Malicious code in token.js-fork (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4c0ea628a23a78a7ef88dc4301ffbaf6515d00c92b331d0dfe518b6156d6cf01 The package token.js-fork was found to contain malicious code. Source: ghsa-malware c175fb9f3c6376f85f6e9b597aeaa381892983e4348984c54354174cca12f8a2...

MAL-2025-190785 Malicious code in token.js-fork (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4c0ea628a23a78a7ef88dc4301ffbaf6515d00c92b331d0dfe518b6156d6cf01 The package token.js-fork was found to contain malicious code. Source: ghsa-malware c175fb9f3c6376f85f6e9b597aeaa381892983e4348984c54354174cca12f8a2...

EUVD-2025-198753

Malicious code in token.js-fork npm...

expr-eval vulnerable to Prototype Pollution

npm package expr-eval is vulnerable to Prototype Pollution. An attacker with access to express eval interface can use JavaScript prototype-based inheritance model to achieve arbitrary code execution. The npm expr-eval-fork package resolves this issue...

CVE-2025-13204

npm package expr-eval is vulnerable to Prototype Pollution. An attacker with access to express eval interface can use JavaScript prototype-based inheritance model to achieve arbitrary code execution. The npm expr-eval-fork package resolves this issue...

CVE-2025-13204

npm package expr-eval is vulnerable to Prototype Pollution. An attacker with access to express eval interface can use JavaScript prototype-based inheritance model to achieve arbitrary code execution. The npm expr-eval-fork package resolves this issue...

CVE-2025-13204 CVE-2025-13204

npm package expr-eval is vulnerable to Prototype Pollution. An attacker with access to express eval interface can use JavaScript prototype-based inheritance model to achieve arbitrary code execution. The npm expr-eval-fork package resolves this issue...