EUVD-2025-26059

Malicious code in bioql PyPI...

EUVD-2023-12353

Malicious code in bioql PyPI...

EUVD-2022-50089

Malicious code in bioql PyPI...

SUSE CVE-2023-53507

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Unregister devlink params in case interface is down Currently, in case an interface is down, mlx5 driver doesn't unregister its devlink params, which leads to this WARN1. Fix it by unregistering devlink params in that...

CVE-2023-53507 net/mlx5: Unregister devlink params in case interface is down

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Unregister devlink params in case interface is down Currently, in case an interface is down, mlx5 driver doesn't unregister its devlink params, which leads to this WARN1. Fix it by unregistering devlink params in that...

Ubuntu 24.04 LTS / 25.04 : Rack vulnerability (USN-7784-1)

The remote Ubuntu 24.04 LTS / 25.04 host has a package installed that is affected by a vulnerability as referenced in the USN-7784-1 advisory. It was discovered that Rack incorrectly handled limiting the amount of parameters. An attacker could possibly use this issue to bypass the paramslimit...

GHSA-625H-95R8-8XPM Rack has an unsafe default in Rack::QueryParser allows params_limit bypass via semicolon-separated parameters

Summary Rack::QueryParser in version 2.2.18 enforces its paramslimit only for parameters separated by &, while still splitting on both & and ;. As a result, attackers could use ; separators to bypass the parameter count limit and submit more parameters than intended. Details The issue arises...

UBUNTU-CVE-2023-53252

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: use RCU for hciconnparams and iterate safely in hcisync hciupdateacceptlistsync iterates over hdev-pendleconns and hdev-pendlereports, and waits for controller events in the loop body, without holding hdev lock...

CVE-2023-53252 Bluetooth: use RCU for hci_conn_params and iterate safely in hci_sync

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: use RCU for hciconnparams and iterate safely in hcisync hciupdateacceptlistsync iterates over hdev-pendleconns and hdev-pendlereports, and waits for controller events in the loop body, without holding hdev lock...

CVE-2023-53252

The CVE-2023-53252 entry applies to the Linux kernel Bluetooth stack. The vulnerability arises in hci_update_accept_list_sync where hci_conn_params/hci_sync lists are iterated while the lists can be modified (e.g., by le_scan_cleanup) without holding the device lock, risking an invalid list curso...

CVE-2023-53147

The CVE-2023-53147 entry maps to a Linux kernel vulnerability in the IPsec XFRM subsystem: a NULL pointer dereference via xfrm_new_ae that could crash the kernel. The root cause is a missing NULL check when updating AE parameters; xfrm_update_ae_params could dereference a NULL x->replay_esn/x-...

CVE-2023-53147 xfrm: add NULL check in xfrm_update_ae_params

In the Linux kernel, the following vulnerability has been resolved: xfrm: add NULL check in xfrmupdateaeparams Normally, x-replayesn and x-preplayesn should be allocated at xfrmallocreplaystateesn... in xfrmstateconstruct..., hence the xfrmupdateaeparams... is okay to update them. However, the...

Linux Distros Unpatched Vulnerability : CVE-2023-31973

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - yasm v1.3.0 was discovered to contain a use after free via the function expandmmacparams at /nasm/nasm- pp.c. Note: Multiple third parties dispute this as a bug...

CVE-2025-34162 Bian Que Feijiu Intelligent Emergency and Quality Control System SQL Injection via GetLyfsByParams

An unauthenticated SQL injection vulnerability exists in the GetLyfsByParams endpoint of Bian Que Feijiu Intelligent Emergency and Quality Control System, accessible via the /AppService/BQMedical/WebServiceForFirstaidApp.asmx interface. The backend fails to properly sanitize user-supplied input i...

Linux Distros Unpatched Vulnerability : CVE-2020-21686

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A stack-use-after-scope issue discovered in expandmmacparams function in preproc.c in nasm before 2.15.04 allows remote attackers to cause a denial of service v...

CVE-2025-57773

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.12, because DB2 parameters are not filtered, a JNDI injection attack can be directly launched. JNDI triggers an AspectJWeaver deserialization attack, writing to various files. This vulnerability...

Linux Distros Unpatched Vulnerability : CVE-2016-6525

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap-based buffer overflow in the pdfloadmeshparams function in pdf/pdf-shade.c in MuPDF allows remote attackers to cause a denial of service crash or execute...

Malicious code in join-params (npm)

The package join-params was found to contain malicious code...

declarative-js (>=0.0.0 <=0.0.2) potentially affected by unknown CVE via join-params (=0.0.0)

join-params NPM version =0.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on join-params and may be impacted: - declarative-js =0.0.0, =0.0.2 Source cves: unknown CVE Source advisory: OSV:MAL-2025-23839...

MAL-2025-23839 Malicious code in join-params (npm)

The package join-params was found to contain malicious code...