Malicious code in iv-bloomfilter (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e7f2a3b58036e1174efe383ee906172b07f9ddc3410d913e51b4e614f9ff09ee Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-4192 Malicious code in iv-stubborn (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b8934157781e3457974f0609c54f14503424c9077b316f2e8e843e454989922 On npm install, both preinstall and postinstall lifecycle hooks execute index.js, which collects the installer's hostname, all non-internal network...

Malicious Package

Overview @limebike/supreme is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2026-4186 Malicious code in @doctolib-apps/native-personalized-services (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ac2da4b8de2ea081f8fe7b84ef6182ab363616dc0515aaa03368bcba4a4b8e76 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-4191 Malicious code in iv-bloomfilter (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e7f2a3b58036e1174efe383ee906172b07f9ddc3410d913e51b4e614f9ff09ee Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @limebike/frontend-core-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36e6a8b7768f00cc5d468fe7a21f8792da1970b60e5ccbad17eefeda1a8d5b3d Package squats the @limebike npm scope and ships a preinstall/postinstall hook node index.js that, on npm install, collects hostname, non-internal...

MAL-2026-4187 Malicious code in @limebike/frontend-core-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36e6a8b7768f00cc5d468fe7a21f8792da1970b60e5ccbad17eefeda1a8d5b3d Package squats the @limebike npm scope and ships a preinstall/postinstall hook node index.js that, on npm install, collects hostname, non-internal...

Malicious code in @limebike/supreme-date-pickers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6c82e94fac384ea6891e5aea99635ab429663e321502acbbc9eaaf81864e0d5e On npm install, both preinstall and postinstall hooks execute index.js, which collects the installer's hostname, all non-internal network interface I...

Malicious code in @limebike/supreme (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4f65cdcb27200e24464982c0678d9dd556342d53886e4d5378da5d9c664fe1c7 Both preinstall and postinstall lifecycle hooks in package.json execute index.js, which collects the installer's hostname, non-internal network...

Malicious code in wallet-backup-verifier (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3537e19be49ba9b1222856a7df147f5751a129e0b9eac69158467e21c0a1755a Package presents itself as a 'Community Security Alliance' MCP server for verifying cryptocurrency wallet backups, but performs three concrete...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: btrfs: removed BUGON functions in addnewfreespace In addnewfreespace, there are BUGON functions that are used to handle any failures in adding free space to the in-memory free space cache. Such failures are mostly due to ENOME...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: “dm btree remove”: Assign “newroot” only when the removal succeeds. The “removeraw” function in “dmbtreeremove” may fail due to IO read errors e.g., failure to read the content of the origin block during shadowing. Additionally,...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: kernel/irq/irqdomain.c: fixed a memory leak that occurred when using debugfslookup. When calling debugfslookup, the result must also be processed by calling dput; otherwise, memory leaks will occur over time. To simplify things,...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: dpaa2-switch: Fixed a memory leak in dpaa2switchaclentryadd and dpaa2switchaclentryremove. The cmdbuff needs to be freed when an error occurs in dpaa2switchaclentryadd and dpaa2switchaclentryremove...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: rtc: amlogic-a4: fix double-free caused by devm The clock obtained through devmclkgetenabled is automatically managed by devres. It will be disabled and freed when the driver is detached. Manual calls to clkdisableunprepare in th...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: ACPICA: Fixed a use-after-free in acpiutcopyipackagetoipackage. There is a use-after-free reported by KASAN: BUG: KASAN: use-after-free in acpiutremovereference+0x3b/0x82 Reading of size 1 at addr ffff888112afc460 by task...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Firewire: ohci: prevents leakage of leftover IRQs when unbinding The commit 5a95f1ded28691e6 “Firewire: ohci: uses a devres for the requested IRQ” also removed the call to freeirq in pciremove. This resulted in a leftover IRQ...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: ocfs2: The uncached inode fails to enter the group. Syzbot has reported the following BUG: Kernel BUG at fs/ocfs2/uptodate.c:509! … Call Trace: ? diebody+0x5f/0xb0 ? die+0x9e/0xc0 ? dotrap+0x15a/0x3a0 ?...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: iommu/mediatek: Remove clkdisable from mtkiommuremove. After the commit b34ea31fe013 “iommu/mediatek: Always enable the clk on resume”, the iommu clock is controlled by the runtime callback. Therefore, clkdisable was removed from...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: Input: i8042 – fixed the issue of platform device leakage during module removal. Avoid resetting the i8042platformdevice pointer across modules in i8042probe or i8042remove, so that the device can be properly destroyed by i8042ex...