SUSE CVE-2023-53364

In the Linux kernel, the following vulnerability has been resolved: regulator: da9063: better fix null deref with partial DT Two versions of the original patch were sent but V1 was merged instead of V2 due to a mistake. So update to V2. The advantage of V2 is that it completely avoids dereferenci...

DEBIAN-CVE-2023-53364

In the Linux kernel, the following vulnerability has been resolved: regulator: da9063: better fix null deref with partial DT Two versions of the original patch were sent but V1 was merged instead of V2 due to a mistake. So update to V2. The advantage of V2 is that it completely avoids dereferenci...

CVE-2023-53364

Technical details about CVE-2023-53364 are not publicly available in the provided documents; no affected products, impact, or fixes are specified here. Monitor for updates.

CVE-2023-53364

In the Linux kernel, the following vulnerability has been resolved: regulator: da9063: better fix null deref with partial DT Two versions of the original patch were sent but V1 was merged instead of V2 due to a mistake. So update to V2. The advantage of V2 is that it completely avoids dereferenci...

GHSA-9G9J-RGGX-7FMG [email protected] contains malware after npm account takeover

Impact On 8 September 2025, the npm publishing account for simple-swizzle was taken over after a phishing attack. Version 0.2.3 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker'...

CVE-2025-59330

The CVE-2025-59330 entry concerns the npm package error-ex . A phishing-driven takeover of its publishing account led to version 1.3.3 containing a malware payload that attempts to redirect cryptocurrency transactions from browser environments (e.g., MetaMask) to attacker addresses. Local/server/...

CVE-2025-59141 [email protected] contains malware after npm account takeover

simple-swizzle swizzles function arguments. On 8 September 2025, the npm publishing account for simple-swizzle was taken over after a phishing attack. Version 0.2.3 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect...

GHSA-MVH4-2CM2-6HPG Stored XSS in n8n LangChain Chat Trigger Node via initialMessages Parameter

Impact A stored Cross-Site Scripting XSS vulnerability was identified in the @n8n/n8n-nodes-langchain.chatTrigger node in n8n. If an authorized user configures the node with malicious JavaScript in the initialMessages field and enables public access, the script will be executed in the browser of...

Attackers Actively Exploiting Critical Vulnerability in Case Theme User Plugin

📢 Calling all Vulnerability Researchers and Bug Bounty Hunters!📢 🚀 Operation: Maximum Impact Challenge ! Now through November 10, 2025, earn 2X bounty rewards forall in-scope submissions in software with at least 5,000 active installs and fewer than 5 million active installs. Bounties up to $31,2...

RHEL 9 : kpatch-patch-5_14_0-570_17_1 and kpatch-patch-5_14_0-570_39_1 (RHSA-2025:15798)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:15798 advisory. This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel. This patc...

CVE-2025-59054 dstack has insecure LUKS2 persistent storage partitions that may be opened and used

dstack is a software development kit SDK to simplify the deployment of arbitrary containerized apps into trusted execution environments. In versions of dstack prior to 0.5.4, a malicious host may provide a crafted LUKS2 data volume to a dstack CVM for use as the /data mount. The guest will open t...

CVE-2025-58754

CVE-2025-58754 affects Axios (Node.js) where, in versions prior to 0.30.2 and 1.12.0, processing a data: URL causes the Node http adapter to decode the entire payload into memory, bypassing maxContentLength/maxBodyLength, and return a synthetic 200 response. This can lead to unbounded memory allo...

Linux Distros Unpatched Vulnerability : CVE-2024-27937

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated us...

EulerOS 2.0 SP12 : python-urllib3 (EulerOS-SA-2025-2055)

According to the versions of the python-urllib3 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by...

Linux Distros Unpatched Vulnerability : CVE-2024-27930

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated us...

Linux Distros Unpatched Vulnerability : CVE-2024-28188

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Jupyter Scheduler is collection of extensions for programming jobs to run now or run on a schedule. The list of conda environments of jupyter-scheduler users...

OctoPrint is Vulnerable to RCE Attacks via Unsanitized Filename in File Upload

Impact OctoPrint versions up until and including 1.11.2 contain a vulnerability that allows an authenticated attacker to upload a file under a specially crafted filename that will allow arbitrary command execution if said filename becomes included in a command defined in a system event handler an...

Fides Webserver API Rate Limiting Vulnerability in Proxied Environments

Summary The Fides Webserver API's built-in IP-based rate limiting is ineffective in environments with CDNs, proxies or load balancers. The system incorrectly applies rate limits based on directly connected infrastructure IPs rather than client IPs, and stores counters in-memory rather than in a...

PT-2025-36460

CVE ID: CVE-2025-0003 Published: 2025-03-05T00:00:00.000Z Severity: HIGH 8.8/10 Description SQL injection vulnerability in the reporting module of Business Analytics Suite v4.5.0 allows authenticated users to execute arbitrary SQL commands. Root Cause Improper neutralization of special elements i...

GHSA-WP3J-XQ48-XPJW podman kube play symlink traversal vulnerability

Impact The podman kube play command can overwrite host files when the kube file contains a ConfigMap or Secret volume mount and the volume already contains a symlink to a host file. This allows a malicious container to write to arbitrary files on the host BUT the attacker only controls the target...