Malicious Package

Overview webpack-css-load-branch is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

MAL-2025-48538 Malicious code in webpack-css-load-branch (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ebc3a0cfad4acfa46f4ea9e57edb732f20403908d855eca202b5ad08df232468 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in webpack-css-load-branch (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ebc3a0cfad4acfa46f4ea9e57edb732f20403908d855eca202b5ad08df232468 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987602)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987602 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction AV/C deferred transactio...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987685)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987685 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Do not unset preset when cleaning up codec Several functions that take part in codec's...

CVE-2025-62528

Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for a project member to put JavaScript in name or description fields which would run on project load. This issue has been patched in version 1.5.0...

PYSEC-2025-188

Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for a project member to put JavaScript in name or description fields which would run on project load. This issue has been patched in version 1.5.0...

EUVD-2025-35096

Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for a project member to put JavaScript in name or description fields which would run on project load. This issue has been patched in version 1.5.0...

EUVD-2025-35066

In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: audioreach: fix potential null pointer dereference It is possible that the topology parsing function audioreachwidgetloadmodulecommon could return NULL or an error pointer. Add missing NULL check so that we do not...

ABB ALS-mini-s4 IP和ABB ALS-mini-s8 IP 访问控制错误漏洞

The ABB ALS-mini-s4 IP and ABB ALS-mini-s8 IP are both intelligent load management controllers from ABB Switzerland. An access control error vulnerability exists in the ABB ALS-mini-s4 IP and ABB ALS-mini-s8 IP that stems from a lack of authentication for critical functions...

microcode_ctl security update

2:2.1-73.24.0.20250512 - update microcode bundle to 20250512 Orabug: 38139038 2:2.1-73.23.0.20250211 - update microcode bundle to 20250211 Orabug: 37670820 - drop releasenote.md file 2:2.1-73.20.0.1 - don't bother calling dracut if virtualized Orabug: 35702409 - also rebuild initramfs for...

JLSEC-2025-148 A flaw was found in FFmpeg

A flaw was found in FFmpeg. This vulnerability allows unexpected additional CPU load and storage consumption, potentially leading to degraded performance or denial of service via the demuxing of arbitrary data as XBIN-formatted data without proper format validation...

JLSEC-2025-109 FFmpeg through 4.3 has a heap-based buffer overflow in avio_get_str in libavformat/aviobuf.c because...

FFmpeg through 4.3 has a heap-based buffer overflow in aviogetstr in libavformat/aviobuf.c because dnnbackendnative.c calls ffdnnloadmodelnative and a certain index check is omitted...

SUSE CVE-2025-60358

radare2 v.5.9.8 and before contains a memory leak in the function loadrelocations...

CVE-2025-62168

Squid (proxy/cache) prior to version 7.2 is affected by information disclosure due to failure to redact HTTP authentication credentials in error handling. The vulnerability can allow a remote, unauthenticated attacker to learn credentials or tokens used by a trusted client or internal web applica...

CVE-2025-62168

Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information disclosure. The vulnerability allows a script to bypass browser security protections and learn the credentials a trusted client uses to...

CVE-2025-49655

CVE-2025-49655 affects the Keras framework with deserialization of untrusted data in versions 3.11.0 up to, but not including, 3.11.3. A maliciously uploaded Keras file containing a TorchModuleWrapper class can execute arbitrary code on an end user’s system when loaded, even if safe mode is enabl...

CVE-2025-60358

radare2 v.5.9.8 and before contains a memory leak in the function loadrelocations. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread...

ClipBucket 路径遍历漏洞

ClipBucket is an open source and freely downloadable PHP script from MacWarrior Open Source. It is used for sharing video sites. A path traversal vulnerability exists in ClipBucket version 5.5.2 - 146, which stems from insufficient validation of file load paths and could lead to a path traversal...

EUVD-2025-34833

radare2 v.5.9.8 and before contains a memory leak in the function loadrelocations...