CVE-2025-10157

A Protection Mechanism Failure vulnerability in mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass the unsafe globals check. This is possible because the scanner performs an exact match for module names, allowing malicious payloads to be loaded via...

PYSEC-2025-153

A Protection Mechanism Failure vulnerability in mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass the unsafe globals check. This is possible because the scanner performs an exact match for module names, allowing malicious payloads to be loaded via...

NVIDIA Triton Inference Server 输入验证错误漏洞

NVIDIA Triton Inference Server is an open source software from NVIDIA that helps standardize model deployment and deliver fast and scalable AI in production. NVIDIA Triton Inference Server suffers from an input validation error vulnerability that originates from loading a misconfigured model, whi...

SUSE CVE-2025-39815

In the Linux kernel, the following vulnerability has been resolved: RISC-V: KVM: fix stack overrun when loading vlenb The userspace load can put up to 2048 bits into an xlen bit stack buffer. We want only xlen bits, so check the size beforehand...

Security Bulletin: AIX/VIOS is vulnerable to a race condition in directory handling due to Perl (CVE-2025-40909)

Summary Vulnerability in Perl could allow a local attacker to load code or access files from unexpected locations CVE-2025-40909. AIX uses Perl in various operating system components. Vulnerability Details CVEID:CVE-2025-40909 DESCRIPTION: Perl threads have a working directory race condition wher...

CVE-2025-39815

In the Linux kernel, the following vulnerability has been resolved: RISC-V: KVM: fix stack overrun when loading vlenb The userspace load can put up to 2048 bits into an xlen bit stack buffer. We want only xlen bits, so check the size beforehand...

CVE-2025-10290

Mozilla Focus for iOS contains a vulnerability where opening links via the contextual menu for certain URL schemes would fail to load and the toolbar would not refresh, enabling spoofing of websites if users are coerced into long-pressing and opening a link. Affected versions are Focus for iOS

Remote Code Execution (RCE)

picklescan is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper handling of untrusted pickle data in the function’s reduce flow, which allows an attacker to craft a malicious pickle that bypasses the victim’s Picklescan check and achieve arbitrary code execution when t...

Moderate: Red Hat Security Advisory: python-cryptography security update

An update for python-cryptography is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

RHEL 9 : python-cryptography (RHSA-2025:15874)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:15874 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic da...

MAL-2025-47165 Malicious code in @nstudio/nativescript-loading-indicator (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4b551e46bc14865c379331dce05e3f6adb61e5f385acc0aa24b912176766d0c1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @nstudio/nativescript-loading-indicator (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4b551e46bc14865c379331dce05e3f6adb61e5f385acc0aa24b912176766d0c1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

DEBIAN-CVE-2022-50330

In the Linux kernel, the following vulnerability has been resolved: crypto: cavium - prevent integer overflow loading firmware The "codelength" value comes from the firmware file. If your firmware is untrusted realistically there is probably very little you can do to protect yourself. Still we tr...

CVE-2022-50330 crypto: cavium - prevent integer overflow loading firmware

In the Linux kernel, the following vulnerability has been resolved: crypto: cavium - prevent integer overflow loading firmware The "codelength" value comes from the firmware file. If your firmware is untrusted realistically there is probably very little you can do to protect yourself. Still we tr...

CVE-2022-50330

CVE-2022-50330: In the Linux kernel, the cavium crypto path has an overflow when loading firmware. The overflow arises from the code_length value sourced from the firmware file; multiplying ntohl(ucode->code_length) by 2 can overflow, potentially enabling local impact per the advisory. The des...

CVE-2022-50330 crypto: cavium - prevent integer overflow loading firmware

In the Linux kernel, the following vulnerability has been resolved: crypto: cavium - prevent integer overflow loading firmware The "codelength" value comes from the firmware file. If your firmware is untrusted realistically there is probably very little you can do to protect yourself. Still we tr...

CVE-2022-50297 wifi: ath9k: verify the expected usb_endpoints are present

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: verify the expected usbendpoints are present The bug arises when a USB device claims to be an ATH9K but doesn't have the expected endpoints. In this case there was an interrupt endpoint where the driver expected a bu...

Remote Code Execution (RCE)

picklescan is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe deserialization through torch.jit.unsupportedtensorops.execWrapper executing a remote pickle after Picklescan fails to flag dangerous content, which allows an attacker to achieve remote code execution by...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from not properly loading the TSC multiplier for L1, which could lead to an error in the calculation of the...