CVE-2025-68725

In the Linux kernel, the following vulnerability has been resolved: bpf: Do not let BPF test infra emit invalid GSO types to stack Yinhao et al. reported that their fuzzer tool was able to trigger a skbwarnbadoffload from netifskbfeatures - gsofeaturescheck. When a BPF program - triggered via BPF...

CVE-2025-68725

In the Linux kernel, the following vulnerability has been resolved: bpf: Do not let BPF test infra emit invalid GSO types to stack Yinhao et al. reported that their fuzzer tool was able to trigger a skbwarnbadoffload from netifskbfeatures - gsofeaturescheck. When a BPF program - triggered via BPF...

CVE-2025-68725 bpf: Do not let BPF test infra emit invalid GSO types to stack

In the Linux kernel, the following vulnerability has been resolved: bpf: Do not let BPF test infra emit invalid GSO types to stack Yinhao et al. reported that their fuzzer tool was able to trigger a skbwarnbadoffload from netifskbfeatures - gsofeaturescheck. When a BPF program - triggered via BPF...

CVE-2025-68725

CVE-2025-68725 affects the Linux kernel. A patch adds validation to gso_type in GSO handlers to prevent BPF test infra from emitting invalid GSO types to the stack (triggered via BPF programs, e.g., when redirecting to loopback). The issue could allow a local attacker using the BPF test infra to ...

CVE-2025-68725 bpf: Do not let BPF test infra emit invalid GSO types to stack

In the Linux kernel, the following vulnerability has been resolved: bpf: Do not let BPF test infra emit invalid GSO types to stack Yinhao et al. reported that their fuzzer tool was able to trigger a skbwarnbadoffload from netifskbfeatures - gsofeaturescheck. When a BPF program - triggered via BPF...

PT-2025-52957

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw related to a deadlock issue within the hns3 network driver. This issue occurs when the externel lb function and a reset operation are executed...

PT-2025-52918

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel where BPF test infrastructure could emit invalid GSO types to the stack. This issue stemmed from a fuzzer tool triggering a warning in netif skb feature...

Linux Distros Unpatched Vulnerability : CVE-2025-68725

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bpf: Do not let BPF test infra emit invalid GSO types to stack Yinhao et al. reported that their fuzzer tool was able to trigger a skbwarnbadoffload from...

CVE-2025-13281

A half-blind Server Side Request Forgery SSRF vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network including link-local ...

GHSA-HHH5-2CVX-VMFP Portkey.ai Gateway: Server-Side Request Forgery (SSRF) in Custom Host

Summary The gateway determines the destination baseURL by prioritizing the value in the x-portkey-custom-host request header. The proxy route then appends the client-specified path to perform an external fetch. This can be maliciously used by users for SSRF CWE-918 attack Impact This vulnerabilit...

VulnCheck KEV: CVE-2025-24354

imgproxy is server for resizing, processing, and converting images. Imgproxy does not block the 0.0.0.0 address, even with IMGPROXYALLOWLOOPBACKSOURCEADDRESSES set to false. This can expose services on the local host. This vulnerability is fixed in 3.27.2...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-50264)

vsock/virtio: Initialization of the dangling pointer occurring in vsk-trans. During loopback communication, a dangling pointer can be created in vsk-trans, potentially leading to a Use-After-Free condition. This plugin only works with Tenable.ot. Please visit...

EUVD-2025-177040

Malicious code in process-loopback-cosmos-leda npm...

EUVD-2025-176366

Malicious code in singularity-kuiperbelt-loopback-fermiparadox npm...

Malicious code in postcss-loader-prosthetics-loopback-javascript (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 51f9f63b6e2e1816f62d699a65d1f5b8c88dc6d76c09ded78c5dca4dcc42d958 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in loopback-remark-cordelia-commitlint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d03050b2cb2866d7de11164971c4591795fadadb14bdf9da6411cc366238b169 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in dactyl-loopback-axios-lacerta (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 94ef9b4077e3c6ce19e631255d57d1edaaaa35e2479ccaad486e1d3e0d6f9a3d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in nanotechnology-ariel-atlas-loopback (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 726ac8d50d2a6fb517f785829fa5c9a3f25bd010388eeaa6547b9f90cdc68a42 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-176656

Malicious code in restart-apex-loopback-cors npm...

EUVD-2025-178089

Malicious code in link-loopback-hydrogeology-gacrux npm...