29000 matches found
CVE-2025-9223
Zohocorp ManageEngine Applications Manager versions 178100 and below are vulnerable to authenticated command injection vulnerability due to the improper configuration in the execute program action feature...
EUVD-2025-124960
In the Linux kernel, the following vulnerability has been resolved: bpf: Enforce expectedattachtype for tailcall compatibility Yinhao et al. recently reported: Our fuzzer tool discovered an uninitialized pointer issue in the bpfprogtestrunxdp function within the Linux kernel's BPF subsystem. This...
CVE-2025-40123
In the Linux kernel, the following vulnerability has been resolved: bpf: Enforce expectedattachtype for tailcall compatibility Yinhao et al. recently reported: Our fuzzer tool discovered an uninitialized pointer issue in the bpfprogtestrunxdp function within the Linux kernel's BPF subsystem. This...
CVE-2025-40169 bpf: Reject negative offsets for ALU ops
In the Linux kernel, the following vulnerability has been resolved: bpf: Reject negative offsets for ALU ops When verifying BPF programs, the checkaluop function validates instructions with ALU operations. The 'offset' field in these instructions is a signed 16-bit integer. The existing check...
CVE-2025-40123
CVE-2025-40123 affects the Linux kernel BPF tailcalls in the BPF subsystem. A fuzzer found an uninitialized pointer in bpf_prog_test_run_xdp() leading to a NULL pointer dereference when a BPF program accesses txq in an xdp_buff, depending on the program’s expected_attach_type. The root cause is m...
CVE-2025-40123 bpf: Enforce expected_attach_type for tailcall compatibility
In the Linux kernel, the following vulnerability has been resolved: bpf: Enforce expectedattachtype for tailcall compatibility Yinhao et al. recently reported: Our fuzzer tool discovered an uninitialized pointer issue in the bpfprogtestrunxdp function within the Linux kernel's BPF subsystem. This...
Malicious code in dagda-jabbah-xenos-dactyl (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4678aea84d3e17daf26a71a1227863e69cfc430bb5d394a840da880b8ae787a6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in cassini-hexo-buffer-altair (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 060271c2db1d4a1038098a84e59d8e87c5b7e3fbbbc7aed1148d0a49196c04c3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in jsonp-nightmare-leda-rollup (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d3fbe40f02d657a7917d90b09bc7249a176e5ee2697ec8b356d4d57be89d66fc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in link-csrf-cressida-achernar (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a03b5bb903e9590aaaa21b6b9e954bb7d9b7ff7cd16f69072646e6f56f766945 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in perseus-semantic-ui-publish-local (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b71fb1de6b922a4162887d97be7ff4e0e59a478a124163c67f61a729dd21dade This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in prettier-plugin-markdown-mira-rollup-plugin-slides (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c59df9e16b1d88777561b0576f22280225530cc5984f4353928fdfe3d86100d7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in vulcan-browserify-non-blocking-relay (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 44f75a901684e76d93228851b85ee37e80b481a39a673e1769eefa38f79d23ba This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in antd-solis-rehype-levels (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fc6c2e86ed9bc0b6fa4dd7b9bbd2972e683c9e48b1caddf8cf4c85d9304f02d9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-144706 Malicious code in markdown-pdf-restart-scripts-yaml (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9f3e2a159afb43d6be262f04344aa545c34ee9ffaac9abbed05a6f0c951a763 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-144139 Malicious code in kaus-cluster-superagent-slidev (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e520fa894f85dcf5047f8f11da6df83734d4f0e4807024182938c2148739a349 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-139786 Malicious code in avior-solis-grus-run-script (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e1bdfdc7bb97c3e6f4552241ddd6ae1a7be05ef2b820b1547391c9765a70c08 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-141275 Malicious code in cross-env-umbriel-pyxis-nashira (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c7db902ee42dec10db64f6cd600074b6ceff82d76ba90373dce81b04e3ba617 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-139022 Malicious code in spare-chocolate-gull (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 65a627c45b9b21cff9b80758c834e1de92978da4843201f45e2f092cf4d86227 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from the BPF validator not properly rejecting negative offsets in ALU operations, which could lead to the execution o...