CVE-2025-63307

alexusmai laravel-file-manager 3.3.1 is vulnerable to Cross Site Scripting XSS. The application permits user-controlled upload, create, and rename of files to HTML and SVG types and serves those files inline without adequate content-type validation or output sanitization...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990487)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990487 advisory. In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix data corruption after conversion from inline format Commit 6dbf7bb55598 fs: Don't...

[SECURITY] Fedora 43 Update: python-inline-snapshot-0.30.1-1.fc43

Golden master/snapshot/approval testing library which puts the values right into your source code...

[SECURITY] Fedora 43 Update: python-annotated-doc-0.0.3-2.fc43

Document parameters, class attributes, return types, and variables inline, wi th Annotated...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989380)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989380 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: add error checking to ext4extreplaysetiblocks If the call to ext4mapblocks fails due to an...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988712)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988712 advisory. In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check for inline inode Yanming reported a kernel bug in Bugzilla kernel 1,...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988841)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988841 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: fix race condition between ext4write and ext4convertinlinedata Hulk Robot reported a BUGON:...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989763)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989763 advisory. In the Linux kernel, the following vulnerability has been resolved: f2fs: remove clear SBINLINECRYPT flag in defaultoptions In f2fsremount, SBINLINECRYPT flag will b...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989799)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989799 advisory. In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check for inline inode Yanming reported a kernel bug in Bugzilla kernel 1,...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989383)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989383 advisory. In the Linux kernel, the following vulnerability has been resolved: gfs2: Always check inode size of inline inodes Check if the inode size of stuffed inline inodes i...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989576)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989576 advisory. In the Linux kernel, the following vulnerability has been resolved: gfs2: Always check inode size of inline inodes Check if the inode size of stuffed inline inodes i...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989460)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989460 advisory. In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix data corruption after conversion from inline format Commit 6dbf7bb55598 fs: Don't...

Unity Linux 20.1050e Security Update: kernel (UTSA-2025-990097)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990097 advisory. In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix data corruption after conversion from inline format Commit 6dbf7bb55598 fs: Don't...

Astra Linux - уязвимость в linux-6.12

In the Linux kernel, the following vulnerability has been resolved: nvmet: fix memory leak of bio integrity If nvmet receives commands with metadata there is a continuous memory leak of kmalloc-128 slab or more precisely bio-biintegrity. Since commit bf4c89fc8797 "block: don't call biouninit from...

GO-2025-4065 Mattermost Server: Files may be rendered inline instead of downloaded, allowing script execution in github.com/mattermost/mattermost-server

Mattermost Server: Files may be rendered inline instead of downloaded, allowing script execution in github.com/mattermost/mattermost-server...

EUVD-2025-36777

Malicious code in inline-react-svg npm...

Malicious Package

Overview inline-react-svg is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2025-49011 Malicious code in inline-react-svg (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c39f65737779d34f941dcee3ee4e332a0ca54196d2cbc4e848e57e20ecf85893 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in inline-react-svg (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c39f65737779d34f941dcee3ee4e332a0ca54196d2cbc4e848e57e20ecf85893 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview ul-inline is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...