CVE-2025-40120 net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock

In the Linux kernel, the following vulnerability has been resolved: net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock Prevent USB runtime PM autosuspend for AX88772 in bind. usbnet enables runtime PM autosuspend by default, so disabling it via the usbdriver flag is ineffective. O...

CVE-2025-40120 net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock

In the Linux kernel, the following vulnerability has been resolved: net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock Prevent USB runtime PM autosuspend for AX88772 in bind. usbnet enables runtime PM autosuspend by default, so disabling it via the usbdriver flag is ineffective. O...

EUVD-2025-124345

Malicious code in nodejs-quito-deimos-publish npm...

CVE-2025-42888

SAP GUI for Windows may allow a highly privileged user on the affected client PC to locally access sensitive information stored in process memory during runtime.This vulnerability has a high impact on confidentiality, with no impact on integrity and availability...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990852)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990852 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: core: Prevent USB core invalid event buffer address access This commit addresses an...

Pack-A-Mal: A Malware Analysis Framework for Open-Source Packages

The increasingly sophisticated environment in which attackers operate makes software security an even greater challenge in open-source projects, where malicious packages are prevalent. Static analysis tools, such as Malcontent, are highly useful but are often incapable of dealing with obfuscated...

EUVD-2025-105252

Malicious code in finalshrimpz3n npm...

[SECURITY] Fedora 41 Update: dotnet8.0-8.0.121-1.fc41

.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...

CVE-2025-59507 Windows Speech Runtime Elevation of Privilege Vulnerability

...

CVE-2025-59507 Windows Speech Runtime Elevation of Privilege Vulnerability

...

CVE-2025-59507

CVE-2025-59507 affects Windows Speech and is described in connected materials as a race-condition‑driven vulnerability in a Windows Speech component that enables local privilege escalation for an authorized user. The provided sources note an elevated-privileges impact but do not specify the exact...

Security Bulletin: IBM Sterling Transformation Extender is affected by multiple IBM Semeru Java 17 vulnerabilities

Summary IBM Sterling Transformation Extender uses IBM Semeru Runtime Certified Edition, Version 17 and is affected by multiple vulnerabilities CVE-2025-53057, CVE-2025-53066, CVE-2025-50059, CVE-2025-50106, CVE-2025-30749, CVE-2025-30761 and CVE-2025-30754. Vulnerability Details...

kernel: efi: Do not import certificates from UEFI Secure Boot for T2 Macs

In the Linux kernel, the following vulnerability has been resolved: efi: Do not import certificates from UEFI Secure Boot for T2 Macs On Apple T2 Macs, when Linux attempts to read the db and dbx efi variables at early boot to load UEFI Secure Boot certificates, a page fault occurs in Apple firmwa...

Windows Speech Runtime Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Speech allows an authorized attacker to elevate privileges locally...

Malicious code in nana-klipo75-ruro (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 76250a16a4745a50662f42df310ba06ebc3e17fbfda817ba4ffe134e4ea02ad1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in putri-peyek30-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 46295a3bf4f2603587c43488eebb8af1aba319bf63055b7c5a2afafedee4457c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

[SECURITY] Fedora 42 Update: dotnet8.0-8.0.121-1.fc42

.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...

CVE-2025-42888

SAP GUI for Windows may allow a highly privileged user on the affected client PC to locally access sensitive information stored in process memory during runtime.This vulnerability has a high impact on confidentiality, with no impact on integrity and availability...

SUSE CVE-2025-40108

In the Linux kernel, the following vulnerability has been resolved: serial: qcom-geni: Fix blocked task Revert commit 1afa70632c39 "serial: qcom-geni: Enable PM runtime for serial driver" and its dependent commit 86fa39dd6fb7 "serial: qcom-geni: Enable Serial on SA8255p Qualcomm platforms" becaus...

SUSE-SU-2025:4006-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issue: Mozilla Thunderbird is updated to 140.4. changed: Account Hub is now disabled by default for second email account bmo1992027 changed: Flatpak runtime has been updated to Freedesktop SDK 24.08 bmo1952100 fixed: Users could not read mail...