tRPC 安全漏洞

tRPC is a TypeScript framework for building type-safe APIs from the tRPC community. A security vulnerability exists in tRPC versions prior to 10.45.3 and prior to 11.8.0, which stems from a prototype contamination in the formDataToObject function that could lead to authorization bypass or denial ...

EUVD-2025-18585

Malicious code in bioql PyPI...

SUSE CVE-2025-38068

In the Linux kernel, the following vulnerability has been resolved: crypto: lzo - Fix compression buffer overrun Unlike the decompression code, the compression code in LZO never checked for output overruns. It instead assumes that the caller always provides enough buffer space, disregarding the...

Out of bounds access in public safe API

Rows::rowunchecked allows out of bounds access to the underlying buffer without sufficient checks. The arrow2 crate is no longer maintained, so there are no plans to fix this issue. Users are advised to migrate to the arrow crate, instead...

PT-2025-25842

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A compression buffer overrun issue has been identified in the Linux kernel's LZO compression code. Unlike the decompression code, the compression code did not check for output overruns,...