Malicious code in @sev-ui-verse/snackbar (npm)

The package @sev-ui-verse/snackbar was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f92a070917a547edd5e73a9b1b800cdd1d7e726e1886a712901dc3830d831abe Any computer that has this package installed or running should be considered full...

MAL-2025-47531 Malicious code in @sev-ui-verse/config-service (npm)

The package @sev-ui-verse/config-service was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 188aa603d30650e09cc52a7e6d86df9d9fa9e4bce6239596a6ee4a7a75a968bf Any computer that has this package installed or running should be considere...

Malicious code in postman-converters (npm)

The package postman-converters was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f892ed43c85774f667cf9303e6d7ca7d30763a23dc3c6bb4e2261954dfee9070 Any computer that has this package installed or running should be considered fully...

CVE-2025-20313

Cisco IOS XE Software contains multiple vulnerabilities that allow an authenticated local attacker with level-15 privileges or an unauthenticated attacker with physical access to execute persistent code at boot time and break the chain of trust. The issues stem from path traversal and improper im...

Cisco IOS XE Software Secure Boot Bypass Vulnerabilities

Multiple vulnerabilities in Cisco IOS XE Software could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to an affected device to execute persistent code at boot time and break the chain of trust. These vulnerabilities are due...

Important: Red Hat Security Advisory: VolSync v0.13 security fixes and container updates

VolSync v0.13 General Availability release images, which provide enhancements, security fixes, and updated container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

UNC5221 Uses BRICKSTORM Backdoor to Infiltrate U.S. Legal and Technology Sectors

Companies in the legal services, software-as-a-service SaaS providers, Business Process Outsourcers BPOs, and technology sectors in the U.S. have been targeted by a suspected China-nexus cyber espionage group to deliver a known backdoor referred to as BRICKSTORM. The activity, attributed to UNC52...

GHSA-8PJC-487G-W6P2 vulnerabilities

Vulnerabilities for packages: cilium-cli, karpenter, regclient, libnvidia-container, terraform-provider-azapi, cis-operator, rancher, kube-bench, migrate, cluster-api, helm-push, nri-haproxy, headlamp, node-problem-detector, oauth2-proxy, contour, dex, kubernetes-csi-driver-nfs, docker-cli-buildx...

Security Bulletin: Vulnerabilities exists in IBM Netezza Performance Server Replication Services

Summary Vulnerabilities exists in IBM Netezza Performance Server Replication Services are addressed in 3.0.5.0 Vulnerability Details CVEID:CVE-2023-44981 DESCRIPTION: Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled ...

Malicious code in sha256-validation-xyz (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d087a7f065c7d1c6612320e8fc3d19957b0768a27ea56d1c6849c32193941829 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Cisco IOS XE 安全漏洞

Cisco IOS XE is an operating system from Cisco, Inc. Used as a single operating system for enterprise wired and wireless access, aggregation, core, and WAN, Cisco IOS XE reduces business and network complexity. A security vulnerability exists in Cisco IOS XE that stems from improper package...

Malicious code in tailwind-glass-icon (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ba68ec55869f324e11415be61a3a4240222a1807115709dc91804e63fad98452 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in dowload_ebok_grundkurs_kunstliche_intelligenz_by_wolfgang_ertel_r9sfy (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 94e9bffeeffbe35f94a97022a4515f12e36980b5cdb2152202cbe06899ed409a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

GHSA-GWRF-JF3H-W649 vulnerabilities

Vulnerabilities for packages: knative-eventing-fips, karpenter, blobfuse2, rancher-machine, kuberay-operator, nvidia-nsight-compute-12.8, prometheus-process-exporter, yace-fips, container-object-storage-interface, nemo, grafana-operator, terraform-provider-sendgrid-fips, cluster-api,...

f2fs: compress: fix to guarantee persisting compressed blocks by CP

...

AZL-67526 CVE-2025-39845 affecting package kernel for versions less than 6.6.112.1-1

In the Linux kernel, the following vulnerability has been resolved: x86/mm/64: define ARCHPAGETABLESYNCMASK and archsynckernelmappings Define ARCHPAGETABLESYNCMASK and archsynckernelmappings to ensure page tables are properly synchronized when calling pdpopulatekernel. For 5-level paging,...

CVE-2025-39844

In the Linux kernel, the following vulnerability has been resolved: mm: move page table sync declarations to linux/pgtable.h During our internal testing, we started observing intermittent boot failures when the machine uses 4-level paging and has a large amount of persistent memory: BUG: unable t...

CVE-2025-39844 mm: move page table sync declarations to linux/pgtable.h

In the Linux kernel, the following vulnerability has been resolved: mm: move page table sync declarations to linux/pgtable.h During our internal testing, we started observing intermittent boot failures when the machine uses 4-level paging and has a large amount of persistent memory: BUG: unable t...

PT-2025-38552

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw related to page table synchronization when calling pd populate kernel. Specifically, the issue arises in systems utilizing 4-level paging and a substanti...

CVE-2023-53323

In the Linux kernel, the following vulnerability has been resolved: ext2/dax: Fix ext2setsize when len is page aligned PAGEALIGNx macro gives the next highest value which is multiple of pagesize. But if x is already page aligned then it simply returns x. So, if x passed is 0 in daxzerorange...