HSEC-2024-0007 Sign extension error in the AArch64 NCG

Sign extension error in the AArch64 NCG Arithmetic operations may result in incorrect runtime results on the native aarch64 backend. For the most part, this bug only causes availability and data integrity issues. However, in some circumstances, it may result in other, more complicated security...

[SECURITY] Fedora 42 Update: runc-1.3.3-1.fc42

The runc command can be used to start containers which are packaged in accordance with the Open Container Initiative's specifications, and to manage containers running under runc...

SUSE CVE-2025-40120

In the Linux kernel, the following vulnerability has been resolved: net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock Prevent USB runtime PM autosuspend for AX88772 in bind. usbnet enables runtime PM autosuspend by default, so disabling it via the usbdriver flag is ineffective. O...

SUSE CVE-2025-40208

In the Linux kernel, the following vulnerability has been resolved: media: iris: fix module removal if firmware download failed Fix remove if firmware failed to load: qcom-iris aa00000.video-codec: Direct firmware load for qcom/vpu/vpu33p4.mbn failed with error -2 qcom-iris aa00000.video-codec:...

PATCHEVAL: A New Benchmark for Evaluating LLMs on Patching Real-World Vulnerabilities

Software vulnerabilities are increasing at an alarming rate. However, manual patching is both time-consuming and resource-intensive, while existing automated vulnerability repair AVR techniques remain limited in effectiveness. Recent advances in large language models LLMs have opened a new paradi...

AZL-70316 CVE-2025-47913 affecting package cri-o 1.30.1-1

SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process...

CVE-2025-40120

In the Linux kernel, the following vulnerability has been resolved: net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock Prevent USB runtime PM autosuspend for AX88772 in bind. usbnet enables runtime PM autosuspend by default, so disabling it via the usbdriver flag is ineffective. O...

Improper Input Validation

github.com/nyaruka/phonenumbers is vulnerable to Improper Input Validation. The vulnerability is due to insufficient validation of syntactic correctness in the phonenumbers.Parse function, which allows an attacker to provide crafted input and cause a panic resulting in a “runtime error: slice...

EUVD-2025-175846

Malicious code in uglify-zeta-tree-delta-runtime npm...

EUVD-2025-176693

Malicious code in report-new-runtime-sun-user npm...

EUVD-2025-176578

Malicious code in runtime-promise-assert-async-serialize npm...

EUVD-2025-176577

Malicious code in runtime-short-fork-yaml-pipe npm...

EUVD-2025-176575

Malicious code in runtime-void-resolve-assert-public npm...

EUVD-2025-180124

Malicious code in bash-runtime-log-static-java npm...

EUVD-2025-179943

Malicious code in bundle-alert-runtime-private-bundle npm...

EUVD-2025-180010

Malicious code in book-earth-runtime-delta-chi npm...

EUVD-2025-177570

Malicious code in node-mu-private-new-runtime npm...

EUVD-2025-179593

Malicious code in container-async-awk-zeta-runtime npm...

EUVD-2025-178899

Malicious code in finally-function-boolean-refactor-runtime npm...

EUVD-2025-180013

Malicious code in book-boolean-runtime-grep-root npm...