Malicious code in code-processor (npm)

The package communicates with a domain associated with malicious activity...

MAL-2025-41302 Malicious code in knowledge-processor (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 10486375c2c8f9c47bdb66e84e96db62dd623c210713201b53ebd516834bf3e6 The OpenSSF Package Analysis project identified 'knowledge-processor' @ 99.0.9 npm as malicious. It is considered malicious because: - The packa...

Malicious code in knowledge-processor (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 10486375c2c8f9c47bdb66e84e96db62dd623c210713201b53ebd516834bf3e6 The OpenSSF Package Analysis project identified 'knowledge-processor' @ 99.0.9 npm as malicious. It is considered malicious because: - The packa...

CVE-2011-10025

Subtitle Processor 7.7.1 contains a buffer overflow vulnerability in its .m3u file parser. When a crafted playlist file is opened, the application converts input to Unicode and copies it to a fixed-size stack buffer without proper bounds checking. This allows an attacker to overwrite the Structur...

CVE-2025-38640

In the Linux kernel, the following vulnerability has been resolved: bpf: Disable migration in nfhookrunbpf. syzbot reported that the netfilter bpf prog can be called without migration disabled in xmit path. Then the assertion in bpfprogrun fails, triggering the splat below. 0 Let's use...

CVE-2025-38675 xfrm: state: initialize state_ptrs earlier in xfrm_state_find

In the Linux kernel, the following vulnerability has been resolved: xfrm: state: initialize stateptrs earlier in xfrmstatefind In case of preemption, xfrmstatelookat will find a different pcpuid and look up states for that other CPU. If we matched a state for CPU2 in the statecache while the look...

CVE-2025-38670

In the Linux kernel, the following vulnerability has been resolved: arm64/entry: Mask DAIF in cpuswitchto, callonirqstack cpuswitchto and callonirqstack manipulate SP to change to different stacks along with the Shadow Call Stack if it is enabled. Those two stack changes cannot be done atomically...

CVE-2025-38670 arm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack()

In the Linux kernel, the following vulnerability has been resolved: arm64/entry: Mask DAIF in cpuswitchto, callonirqstack cpuswitchto and callonirqstack manipulate SP to change to different stacks along with the Shadow Call Stack if it is enabled. Those two stack changes cannot be done atomically...

CVE-2025-38640

In the Linux kernel, the following vulnerability has been resolved: bpf: Disable migration in nfhookrunbpf. syzbot reported that the netfilter bpf prog can be called without migration disabled in xmit path. Then the assertion in bpfprogrun fails, triggering the splat below. 0 Let's use...

CVE-2025-38640 bpf: Disable migration in nf_hook_run_bpf().

In the Linux kernel, the following vulnerability has been resolved: bpf: Disable migration in nfhookrunbpf. syzbot reported that the netfilter bpf prog can be called without migration disabled in xmit path. Then the assertion in bpfprogrun fails, triggering the splat below. 0 Let's use...

USN-7711-1 linux-azure vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - PA-RISC architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; - Cryptographic API; -...

SUSE CVE-2025-22840

Sequence of processor instructions leads to unexpected behavior for some IntelR XeonR 6 Scalable processors may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2025-57751

pyLoad is the free and open-source Download Manager written in pure Python. The jk parameter is received in pyLoad CNL Blueprint. Due to the lack of jk parameter verification, the jk parameter input by the user is directly determined as dykpy.evaljs, resulting in the server CPU being fully occupi...

CVE-2025-57751 Denial-of-Service attack in pyLoad CNL Blueprint using dukpy.evaljs

pyLoad is the free and open-source Download Manager written in pure Python. The jk parameter is received in pyLoad CNL Blueprint. Due to the lack of jk parameter verification, the jk parameter input by the user is directly determined as dykpy.evaljs, resulting in the server CPU being fully occupi...

CLSA-2025-1755791708 Update of linux-firmware

Addition AMD CPU microcode for processor family 0x19: cpuid:0x00A70FC0ver:0x0A70C005, cpuid:0x00A70F52ver:0x0A705206, cpuid:0x00A00F82ver:0x0A00820C, cpuid:0x00A40F41ver:0x0A404107, cpuid:0x00A70F80ver:0x0A708007, cpuid:0x00A20F10ver:0x0A20102D, cpuid:0x00A70F41ver:0x0A704107,...

jshERP 安全漏洞

jshERP Huaxia ERP is a homegrown ERP system by the personal developer of Ji Sheng Hua in China. A security vulnerability exists in jshERP version v3.5, which stems from improper access control in the PersonController.java component and could lead to access to processor information...

pyLoad 资源管理错误漏洞

pyLoad is a free open source download manager written in Python by pyLoad Open Source. A resource management error vulnerability exists in pyLoad that stems from insufficient validation of the jk parameter, which could lead to excessive server CPU usage...

Linux Distros Unpatched Vulnerability : CVE-2023-26044

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - react/http is an event-driven, streaming HTTP client and server implementation for ReactPHP. Previous versions of ReactPHP's HTTP server component contain a...

CVE-2011-10025

Subtitle Processor 7.7.1 contains a buffer overflow vulnerability in its .m3u file parser. When a crafted playlist file is opened, the application converts input to Unicode and copies it to a fixed-size stack buffer without proper bounds checking. This allows an attacker to overwrite the Structur...

CVE-2011-10025 Subtitle Processor 7.7.1 .m3u SEH Unicode Buffer Overflow

Subtitle Processor 7.7.1 contains a buffer overflow vulnerability in its .m3u file parser. When a crafted playlist file is opened, the application converts input to Unicode and copies it to a fixed-size stack buffer without proper bounds checking. This allows an attacker to overwrite the Structur...