Malicious code in @kiwiiw/ez-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5f5c041881bf0c4fa9609a55549447c4edf120f50bd70b30b8f71a9d9814f371 The package @kiwiiw/ez-lib was found to contain malicious code. Source: ghsa-malware 93b9fad273c843b3194e657cf9d54441b5beecba505b2c72db555efe226ca2a6...

EUVD-2025-198289

Malicious code in @kiwiiw/ez-lib npm...

MAL-2025-190584 Malicious code in @kiwiiw/ez-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5f5c041881bf0c4fa9609a55549447c4edf120f50bd70b30b8f71a9d9814f371 The package @kiwiiw/ez-lib was found to contain malicious code. Source: ghsa-malware 93b9fad273c843b3194e657cf9d54441b5beecba505b2c72db555efe226ca2a6...

TencentOS Server 3: dovecot (TSSA-2022:0239)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2022:0239 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

Malicious code in tensor-fi-utils-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a5e019daea1bdfd44c0cf583f38cd83ec5b2073b8b494e8ff91905e0b2f2f88e The package tensor-fi-utils-lib was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-50836

Malicious code in tensor-fi-utils-lib npm...

MAL-2025-66551 Malicious code in tensor-fi-utils-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a5e019daea1bdfd44c0cf583f38cd83ec5b2073b8b494e8ff91905e0b2f2f88e The package tensor-fi-utils-lib was found to contain malicious code. Source: ghsa-malware...

CVE-2024-25621

containerd is an open-source container runtime. Versions 0.1.0 through 1.7.28, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4 and 2.2.0-beta.0 through 2.2.0-rc.1 have an overly broad default permission vulnerability. Directory paths /var/lib/containerd,...

CVE-2025-21075

Out-of-bounds write in libimagecodec.quram.so prior to SMR Nov-2025 Release 1 allows remote attackers to access out-of-bounds memory...

ROS-20251028-09

A vulnerability in the Java library for JSON-lib bean-component conversion is related to improper handling unbalanced comment strings. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service...

Siemens SIMATIC Devices Divide By Zero (CVE-2024-50205)

In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-lib: Avoid division by zero in applyconstrainttosize The step variable is initialized to zero. It is changed in the loop, but if it's not changed it will remain zero. Add a variable check before the division. The...

Malicious code in benign-lib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 09477b048d84611002417894ccb3265d246be0156b096a8b47776960d45e9d3d Package hides an executable inside, and starts it when imported. The sandbox analysis shows only starting a calculator, which suggests it's a research attempt...

MAL-2025-191620 Malicious code in benign-lib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 09477b048d84611002417894ccb3265d246be0156b096a8b47776960d45e9d3d Package hides an executable inside, and starts it when imported. The sandbox analysis shows only starting a calculator, which suggests it's a research attempt...

OESA-2025-2525 spdk security update

The Storage Performance Development Kit provides a set of tools and libraries for writing high performance, scalable, user-mode storage applications. Security Fixes: Storage Performance Development Kit SPDK 25.05 is vulnerable to Buffer Overflow in the NVMe-oF target component in SPDK -...

@certd/commercial-core (>=1.25.9 <=1.40.5), @certd/lib-server (>=1.36.25 <=1.40.5) +32 more potentially affected by CVE-2025-62595 +1 more via koa (=2.16.2)

koa NPM version =2.16.2 is affected by a known vulnerability. The following packages have a transitive dependency on koa and may be impacted: - @certd/commercial-core =1.25.9, =1.36.25, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =0.19.3, =3.20.11,...

@certd/commercial-core (>=1.25.9 <=1.40.5), @certd/lib-server (>=1.36.25 <=1.40.5) +32 more potentially affected by CVE-2025-62595 via koa (=2.16.2)

koa NPM version =2.16.2 is affected by a known vulnerability. The following packages have a transitive dependency on koa and may be impacted: - @certd/commercial-core =1.25.9, =1.36.25, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =0.19.3, =3.20.11,...

EUVD-2025-34707

Malicious code in corp-ais-client-my-channel-lib npm...

Malicious code in tosa-serialization-lib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5badd7c7414eb1f6fbdf1934b42ffe74549daa74508afd092af853097170eb8e Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2025-191908 Malicious code in tosa-serialization-lib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5badd7c7414eb1f6fbdf1934b42ffe74549daa74508afd092af853097170eb8e Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in sp-web-utils-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 18030241ea8f0cd79b1c6d323dfb7f1de0ede76c967166f73fcf51108f2ecc52 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...