MAL-2025-32504 Malicious code in rssboard (npm)

The package rssboard was found to contain malicious code...

SUSE SLES12 Security Update : tiff (SUSE-SU-2025:02771-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02771-1 advisory. - CVE-2025-8176: Fixed heap use-after-free in tools/tiffmedian.c bsc1247108 - CVE-2025-8177: Fixed possible buffer overflow in...

Linux Distros Unpatched Vulnerability : CVE-2025-38345

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ACPICA: fix acpi operand cache leak in dswstate.c ACPICA commit 987a3b5cf7175916e2a4b6ea5b8e70f830dfe732 I found an ACPI cache leak in ACPI early termination an...

Linux Distros Unpatched Vulnerability : CVE-2022-50103

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - sched, cpuset: Fix dlcpubusy panic due to empty cs-cpusallowed With cgroup v2, the cpuset's cpusallowed mask can be empty indicating that the cpuset will just u...

Linux Distros Unpatched Vulnerability : CVE-2021-46970

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: bus: mhi: pcigeneric: Remove WQMEMRECLAIM flag from state workqueue A recent change created ...

Linux Distros Unpatched Vulnerability : CVE-2025-22024

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: nfsd: fix management of listener transports Currently, when no active threads are running, a...

Linux Distros Unpatched Vulnerability : CVE-2024-40949

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: mm: shmem: fix getting incorrect lruvec when replacing a shmem folio When testing shmem...

Linux Distros Unpatched Vulnerability : CVE-2023-38430

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the Linux kernel before 6.3.9. ksmbd does not validate the SMB request protocol ID, leading to an out-of-bounds read. CVE-2023-38430...

Linux Distros Unpatched Vulnerability : CVE-2022-50035

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix use-after-free on amdgpubolist mutex If amdgpucsvmhandling returns r != 0,...

Linux Distros Unpatched Vulnerability : CVE-2025-23154

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: iouring/net: fix ioreqpostcqe abuse by send bundle 114.987980 T5313 WARNING: CPU: 6 PID: 531...

Linux Distros Unpatched Vulnerability : CVE-2025-22057

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: decrease cached dst counters in dstrelease Upstream fix ac888d58869b net: do not delay dstentriesadd in dstrelease moved decrementing the dst count from...

CVE-2023-32255

CVE-2023-32255 affects the Linux kernel ksmbd component. A memory leak can occur if a client sends a session setup request with an unknown NTLMSSP message type, potentially leading to resource exhaustion. The provided connected documents (NVD, OSV entries, and vendor advisories) confirm this beha...

CVE-2025-41396

A path traversal issue exists in file uploading feature of multiple versions of PowerCMS. Arbitrary files may be overwritten by a product user...

GHSA-652X-M2GR-HPPM OAuth2-Proxy's `--gitlab-group` GitLab Group Authorization config flag stopped working in v7.0.0

The --gitlab-group flag for group-based authorization in the GitLab provider stopped working in the v7.0.0 release. Regardless of the flag settings, authorization wasn't restricted. Additionally, any authenticated users had whichever groups were set in --gitlab-group added to the new...

CVE-2023-2593

CVE-2023-2593: Linux kernel vulnerability in TCP connection handling causes memory not released after its lifetime, enabling unauthenticated network-based denial-of-service. Severity listed as CVSS v3.1 Base Score 5.9 (Medium); attack vector: NETWORK, user interaction: NONE, privileges required: ...

PT-2025-31307 · Apple · Macos Ventura +4

Name of the Vulnerable Software and Affected Versions: iPadOS versions prior to 17.7.9 macOS Sequoia versions prior to 15.6 macOS Sonoma versions prior to 14.7.7 macOS Ventura versions prior to 13.7.7 Description: A logging issue existed due to insufficient data redaction. This allowed an...

CVE-2025-8283 Netavark: podman: netavark may resolve hostnames to unexpected hosts

A vulnerability was found in the netavark package, a network stack for containers used with Podman. Due to dns.podman search domain being removed, netavark may return external servers if a valid A/AAAA record is sent as a response. When creating a container with a given name, this name will be us...

CVE-2025-54527

CVE-2025-54527 affects JetBrains YouTrack. The issue is an improper iframe configuration in the widget sandbox that allows popups to bypass security restrictions. Affects YouTrack versions prior to 2025.2.86935 and includes 2025.2.86935, 2025.2.87167, 2025.3.87341, and 2025.3.87344. The Red Hat/R...

CVE-2025-38472

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntrack: fix crash due to removal of uninitialised entry A crash in conntrack was reported while trying to unlink the conntrack entry from the hash bucket list: exception RIP: nfctdeletefromlists+172 .. 7...

FreeBSD : Mozilla -- cookie shadowing (5abc2187-685e-11f0-a12d-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 5abc2187-685e-11f0-a12d-b42e991fc52e advisory. [email protected] reports: Setting a nameless cookie with an equals sign in the value shadowed other...