Malicious code in json-mapping-sources (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 77824e69a815d8ac27a50bb52fa0a39fe2c7e512e6597d3aefd500b0eae847e8 The package json-mapping-sources was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview json-mapping-sources is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Litestar 安全漏洞

Litestar is a powerful, flexible, yet stubbornly opinionated ASGI framework developed by Litestar itself. Versions of Litestar prior to 2.20.0 contained security vulnerabilities. These vulnerabilities were caused by key conflicts in the caching key mapping mechanism, which could lead to cache...

kernel security update

An update is available for kernel. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating...

CVE-2026-1974

A vulnerability was identified in Free5GC up to 4.1.0. This affects the function ResolveNodeIdToIp of the file internal/sbi/processor/datapath.go of the component SMF. The manipulation leads to denial of service. Remote exploitation of the attack is possible. The exploit is publicly available and...

AlmaLinux 9 : kernel (ALSA-2026:1617)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:1617 advisory. kernel: net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing CVE-2025-38568 kernel: ASoC: Intel: bytcrrt5640: Fix invalid quirk input...

CVE-2025-13491 IBM App Connect Enterprise Certified Container Information Disclosure

IBM App Connect Enterprise Certified Container CD: 11.2.0 through 11.6.0, 12.1.0 through 12.19.0 and 12.0 LTS: 12.0.0 through 12.0.19 could allow an attacker to access sensitive files or modify configurations due to an untrusted search path...

CVE-2025-13491

CVE-2025-13491 affects IBM App Connect Enterprise Certified Container. Affected: CD up to 12.19.0 and 12.0 LTS. Root cause: untrusted search path that could allow an attacker to access sensitive files or modify configurations; impact described as confidentiality/integrity concerns with low severi...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to remote code execution (CVE-2026-21226)

Summary Python module azure-core is present in IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to remote code executiuon. This bulletin provides patch information to address the...

SUSE CVE-2026-23093

In the Linux kernel, the following vulnerability has been resolved: ksmbd: smbd: fix dmaunmapsg nents The dmaunmapsg functions should be called with the same nents as the dmamapsg, not the value the map function returned...

Google Android 安全漏洞

Google Android is an open-source operating system based on Linux, developed by Google Inc. There are security vulnerabilities in Google Android, which stem from a lack of boundary checks in the vpummap function of vpuioctl. This vulnerability may lead to arbitrary memory mapping, potentially...

CVE-2026-23097

In the Linux kernel, the following vulnerability has been resolved: migrate: correct lock ordering for hugetlb file folios Syzbot has found a deadlock analyzed by Lance Yang: 1 Task 5749: Holds foliolock, then tries to acquire immaprwsemread lock. 2 Task 5754: Holds immaprwsemwrite lock, then tri...

CVE-2026-23097

In the Linux kernel, the following vulnerability has been resolved: migrate: correct lock ordering for hugetlb file folios Syzbot has found a deadlock analyzed by Lance Yang: 1 Task 5749: Holds foliolock, then tries to acquire immaprwsemread lock. 2 Task 5754: Holds immaprwsemwrite lock, then tri...

CVE-2026-23109 fs/writeback: skip AS_NO_DATA_INTEGRITY mappings in wait_sb_inodes()

In the Linux kernel, the following vulnerability has been resolved: fs/writeback: skip ASNODATAINTEGRITY mappings in waitsbinodes Above the while loop in waitsbinodes, we document that we must wait for all pages under writeback for data integrity. Consequently, if a mapping, like fuse,...

CVE-2026-23093 ksmbd: smbd: fix dma_unmap_sg() nents

In the Linux kernel, the following vulnerability has been resolved: ksmbd: smbd: fix dmaunmapsg nents The dmaunmapsg functions should be called with the same nents as the dmamapsg, not the value the map function returned...

kernel: ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping

A flaw was found in the Linux kernel’s ASoC Intel bytcrrt5640 driver. When an invalid value is passed via the driver’s “quirk” input option, the driver merely logs an error and retains the invalid value, rather than correcting it. This can result in out-of-bounds OOB memory access...

Ofensive-security

This repository contains my Offensive Cyber Security / Penetrati...

Ofensive-security-Portfolio

This repository contains my Offensive Cyber Security / Penetrati...

Malicious code in json-mapping-source (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 093c061d05775b657e0d7cd8c3473c81e17667c9f400d38dd2e95db3541bc622 The package json-mapping-source was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview json-mapping-source is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...