CVE-2026-24888

Maker.js is a 2D vector line drawing and shape modeling for CNC and laser cutters. In versions up to and including 0.19.1, the makerjs.extendObject function copies properties from source objects without proper validation, potentially exposing applications to security risks. The function lacks...

TencentOS Server 3: aide (TSSA-2025:0793)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0793 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

EUVD-2025-24649

Malicious code in bioql PyPI...

SUSE CVE-2025-55196

External Secrets Operator is a Kubernetes operator that integrates external secret management systems. From version 0.15.0 to before 0.19.2, a vulnerability was discovered where the List calls for Kubernetes Secret and SecretStore resources performed by the PushSecret controller did not apply a...

CVE-2025-54389

A flaw was found in AIDE. This flaw allows an attacker to craft a malicious filename by including terminal escape sequences to hide the addition or removal of the file from the report and tamper with the log output. A local user may exploit this to bypass AIDE's detection of malicious files...

CVE-2025-54409

A flaw was found in AIDE. This vulnerability allows an attacker to crash the program during report printing or database listing after setting extended file attributes with an empty attribute value or with a key containing a comma. A local user can exploit this issue to cause a local denial of...

AZL-66434 CVE-2025-54389 affecting package aide for versions less than 0.16-17

AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability in AIDE. An attacker can craft a malicious filename by including terminal escape sequences to hide the addition or removal of the file from the report and/or tamp...

CVE-2025-54409 AIDE null pointer dereference when reading incorrectly encoded xattr attributes from database (local DoS)

AIDE is an advanced intrusion detection environment. From versions 0.13 to 0.19.1, there is a null pointer dereference vulnerability in AIDE. An attacker can crash the program during report printing or database listing after setting extended file attributes with an empty attribute value or with a...

CVE-2025-54409

CVE-2025-54409 affects the AIDE intrusion detection tool. In AIDE

CVE-2025-55196

External Secrets Operator is a Kubernetes operator that integrates external secret management systems. From version 0.15.0 to before 0.19.2, a vulnerability was discovered where the List calls for Kubernetes Secret and SecretStore resources performed by the PushSecret controller did not apply a...