MAL-2025-191819 Malicious code in prof-qu (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9f83d01100c725673d7685ad3e206d71bb2f18d371a452cd2927d1391ec02cf4 Package silently exfiltrates user's credentials ahead of starting the promised functionality. First batch used simple code, the newer attempt to hide...

Malicious code in prof-tgqu (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b09993e94d1dee69b4930936d4673ec5c395ed5e5391d856efaad22326af39b8 Package silently exfiltrates user's credentials ahead of starting the promised functionality. First batch used simple code, the newer attempt to hide...

MAL-2025-191829 Malicious code in prof-tgqu (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b09993e94d1dee69b4930936d4673ec5c395ed5e5391d856efaad22326af39b8 Package silently exfiltrates user's credentials ahead of starting the promised functionality. First batch used simple code, the newer attempt to hide...

Malicious code in prof-quotex (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a38d66ab1d2bf34456ae2f07cb9600ea89efa8f16c3a48000b70746e5e950f25 Package silently exfiltrates user's credentials ahead of starting the promised functionality. First batch used simple code, the newer attempt to hide...

USN-7651-5 linux-raspi-realtime vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - PowerPC architecture; - S390 architecture; - Block layer subsystem; - Serial ATA and Parallel ATA drivers; - Driver...

CVE-2025-6018

A Local Privilege Escalation LPE vulnerability has been discovered in pam-config within Linux Pluggable Authentication Modules PAM. This flaw allows an unprivileged local attacker for example, a user logged in via SSH to obtain the elevated privileges normally reserved for a physically present,...

CVE-2025-6018

A Local Privilege Escalation LPE vulnerability has been discovered in pam-config within Linux Pluggable Authentication Modules PAM. This flaw allows an unprivileged local attacker for example, a user logged in via SSH to obtain the elevated privileges normally reserved for a physically present,...

USN-7651-4 linux-gcp, linux-gcp-6.8 vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - PowerPC architecture; - S390 architecture; - Block layer subsystem; - Serial ATA and Parallel ATA drivers; - Driver...

USN-7651-3 linux-aws-6.8, linux-gke, linux-gkeop, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-oracle, linux-oracle-6.8 vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - PowerPC architecture; - S390 architecture; - Block layer subsystem; - Serial ATA and Parallel ATA drivers; - Driver...

USN-7651-1 linux, linux-aws, linux-oem-6.8 vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - PowerPC architecture; - S390 architecture; - Block layer subsystem; - Serial ATA and Parallel ATA drivers; - Driver...

SUSE-SU-2025:02331-1 Security update for erlang26

This update for erlang26 fixes the following issues: - CVE-2025-4748: Fixed improper limitation of a pathname to a restricted directory vulnerability in Erlang OTP stdlib modules that allowed absolute path traversal bsc1244642...

Security update for pam_pkcs11

This update for pampkcs11 fixes the following issues: Removes pamenv from auth stack for security reason bsc1243226 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed...

CVE-2025-7672

CrossEditor4 (JiranSoft) is affected by CVE-2025-7672 due to an improper default setting in API modules that can lead to Stored XSS. Affected versions are 4.0.0.01 through 4.6.0.23; exploitation could persist malicious scripts in user contexts. The issue is documented across multiple sources, inc...

CVE-2025-7672 Stored-XSS possibility in Namo CrossEditor4

The improper default setting in JiranSoft CrossEditor4 on Windows, Linux, Unix API modules potentaily allows Stored XSS. This issue affects CrossEditor4: from 4.0.0.01 before 4.6.0.23...

RHEL 8 : kpatch-patch-4_18_0-477_43_1, kpatch-patch-4_18_0-477_67_1, kpatch-patch-4_18_0-477_81_1, kpatch-patch-4_18_0-477_89_1, and kpatch-patch-4_18_0-477_97_1 (RHSA-2025:10974)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:10974 advisory. This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel. This patch module ...

RHEL 9 : kpatch-patch-5_14_0-427_13_1, kpatch-patch-5_14_0-427_31_1, kpatch-patch-5_14_0-427_44_1, kpatch-patch-5_14_0-427_55_1, and kpatch-patch-5_14_0-427_68_2 (RHSA-2025:10979)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:10979 advisory. This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel. This patch module ...

[SECURITY] Fedora 42 Update: perl-5.40.2-518.fc42

Perl is a high-level programming language with roots in C, sed, awk and shell scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most common...

OESA-2025-1830 pam security update

PAM Pluggable Authentication Modules is a system of libraries that handle the authentication tasks of applications services on the system. Security Fixes: A vulnerability was found in Linux-PAM up to 1.7.0 and classified as critical.Using CWE to declare the problem leads to CWE-22. The product us...

Linux-pam: linux-pam directory traversal

...

SSH-Passkeys: Leveraging Web Authentication for Passwordless SSH

We propose a method for using Web Authentication APIs for SSH authentication, enabling passwordless remote server login with passkeys. These are credentials that are managed throughout the key lifecycle by an authenticator on behalf of the user and offer strong security guarantees. Passwords rema...