EUVD-2022-2082

Malicious code in bioql PyPI...

EUVD-2025-8116

Malicious code in bioql PyPI...

EUVD-2024-22351

Malicious code in bioql PyPI...

EUVD-2022-0983

Malicious code in bioql PyPI...

EUVD-2023-56944

Malicious code in bioql PyPI...

EUVD-2023-24178

Malicious code in bioql PyPI...

EUVD-2022-1574

Malicious code in bioql PyPI...

EUVD-2023-49299

Malicious code in bioql PyPI...

EUVD-2025-16387

Malicious code in bioql PyPI...

EUVD-2025-28070

Malicious code in bioql PyPI...

RLSA-2025:7592 Important: yggdrasil security update

yggdrasil is a system daemon that subscribes to topics on an MQTT broker and routes any data received on the topics to an appropriate child "worker" process, exchanging data with its worker processes through a D-Bus message broker. Security Fixes: yggdrasil: Local privilege escalation in yggdrasi...

Avoid Using Programs Labeled unconfined_service_t

The purpose of setting the unconfinedservicet label for SELinux is to enable some third-party service processes not configured with SELinux policies to run without restrictions. By default, when systemd runs a third-party application whose label is bint or usrt generally located in directories su...

CVE-2025-34204 Vasion Print (formerly PrinterLogic) Processes Running as Root Inside Docker Instances

Vasion Print formerly PrinterLogic Virtual Appliance Host and Application VA and SaaS deployments contains multiple Docker containers that run primary application processes for example PHP workers, Node.js servers and custom binaries as the root user. This increases the blast radius of a containe...

CVE-2025-37128

A vulnerability in the web API of HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to terminate arbitrary running processes. Successful exploitation could allow an attacker to disrupt system operations, potentially resulting in an unstable system state...

VulnCheck KEV: CVE-2024-51324

An issue in the BdApiUtil driver of Baidu Antivirus v5.2.3.116083 allows attackers to terminate arbitrary process via executing a BYOVD Bring Your Own Vulnerable Driver attack...

CVE-2025-37128

A vulnerability in the web API of HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to terminate arbitrary running processes. Successful exploitation could allow an attacker to disrupt system operations, potentially resulting in an unstable system state...

CVE-2025-37128

CVE-2025-37128 affects HPE Aruba Networking EdgeConnect SD-WAN Gateways web API. The vulnerability could allow an authenticated remote attacker to terminate arbitrary running processes, potentially disrupting system operations and causing an unstable state. Reports in multiple sources note fixes/...

CVE-2025-37128 Authenticated Arbitrary Process Termination allows potential System Disruption in ECOS

A vulnerability in the web API of HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to terminate arbitrary running processes. Successful exploitation could allow an attacker to disrupt system operations, potentially resulting in an unstable system state...

Chaos Mesh's Chaos Controller Manager is Missing Authentication for Critical Function

The Chaos Controller Manager in Chaos Mesh exposes a GraphQL debugging server without authentication to the entire Kubernetes cluster, which provides an API to kill arbitrary processes in any Kubernetes pod, leading to cluster-wide denial of service...

Chaos Controller Manager is vulnerable to OS command injection

The killProcesses mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster...