Malicious code in w11k-select-ngx-adapter (npm)

The package w11k-select-ngx-adapter was found to contain malicious code...

Malicious code in ui-select-infinity-master (npm)

The package ui-select-infinity-master was found to contain malicious code...

brick (=0.0.0), brick-node (>=0.0.8 <=0.0.17) +30 more potentially affected by unknown CVE via show-help (>=0.0.0 <=2.0.1)

show-help NPM version =0.0.0, =0.0.8, =0.0.0, =0.0.5, =0.0.0, =0.0.0, =0.0.7, =0.0.9, =1.1.0, =1.1.1 and more Source cves: unknown CVE Source advisory: OSV:MAL-2025-33162...

change-object (=0.0.0), cli-qa (=2.0.0) +7 more potentially affected by unknown CVE via run-serially (=0.0.0)

run-serially NPM version =0.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on run-serially and may be impacted: - change-object =0.0.0 - cli-qa =2.0.0 - comma-list =0.0.0 - fd-select =1.0.0 - frp-tick =1.0.0 - innkeeper =1.0.4 - limited-parallel-loop...

MAL-2025-38726 Malicious code in w11k-select-ngx-adapter (npm)

The package w11k-select-ngx-adapter was found to contain malicious code...

MAL-2025-19215 Malicious code in edc-ng2-select (npm)

The package edc-ng2-select was found to contain malicious code...

CVE-2025-8934 1000 Projects Sales Management System sales.php cross site scripting

A vulnerability has been found in 1000 Projects Sales Management System 1.0. Affected is an unknown function of the file /sales.php. The manipulation of the argument select2112 leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the publi...

Linux Distros Unpatched Vulnerability : CVE-2020-25815

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34.4. LogEventList::getFiltersDesc is insecurely using message text to build options names f...

Linux Distros Unpatched Vulnerability : CVE-2025-37840

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mtd: rawnand: brcmnand: fix PM resume warning Fixed warning on PM resume as shown below caused due to uninitialized struct nandoperation that checks chip selec...

Django: SQL Injection when using FilteredRelation

A SQL injection vulnerability was discovered in the Django framework when using the FilteredRelation feature. The vulnerability was located in the tests/filteredrelation/tests.py file. The vulnerability allowed an attacker to inject malicious SQL code through the userdata parameter used in the...

Linux Distros Unpatched Vulnerability : CVE-2025-3469

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is...

@toptal/picasso (>=51.0.0 <=54.1.4-alpha-CPS-2606-migrate-to-tailwind-4-fe1684b09.0), @toptal/picasso-autocomplete (>=5.0.0 <=5.2.13-alpha-CPS-2606-migrate-to-tailwind-4-fe1684b09.0) +6 more potentially affected by unknown CVE via @toptal/picasso-select (>=4.0.0 <=4.1.9)

@toptal/picasso-select NPM version =4.0.0, =51.0.0, =5.0.0, =1.0.49, =73.0.0, =5.0.1, =7.2.7, =17.0.0, =3.0.0, =3.3.13-alpha-CPS-2606-migrate-to-tailwind-4-fe1684b09.0 Source cves: unknown CVE Source advisory: OSV:MAL-2025-6061...

CVE-2025-5524 OceanWP <= 4.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Select HTML Tag

The OceanWP theme for WordPress is vulnerable to Stored Cross-Site Scripting via the Select HTML tag in all versions up to, and including, 4.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above,...

SUSE CVE-2025-38081

In the Linux kernel, the following vulnerability has been resolved: spi-rockchip: Fix register out of bounds access Do not write native chip select stuff for GPIO chip selects. GPIOs can be numbered much higher than native CS. Also, it makes no sense...

DEBIAN-CVE-2022-50088

In the Linux kernel, the following vulnerability has been resolved: mm/damon/reclaim: fix potential memory leak in damonreclaiminit damonreclaiminit allocates a memory chunk for ctx with damonnewctx. When damonselectops fails, ctx is not released, which will lead to a memory leak. We should relea...

UBUNTU-CVE-2022-50088

In the Linux kernel, the following vulnerability has been resolved: mm/damon/reclaim: fix potential memory leak in damonreclaiminit damonreclaiminit allocates a memory chunk for ctx with damonnewctx. When damonselectops fails, ctx is not released, which will lead to a memory leak. We should relea...

CVE-2025-38081

In the Linux kernel, the following vulnerability has been resolved: spi-rockchip: Fix register out of bounds access Do not write native chip select stuff for GPIO chip selects. GPIOs can be numbered much higher than native CS. Also, it makes no sense...

AZL-70307 CVE-2025-38081 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: spi-rockchip: Fix register out of bounds access Do not write native chip select stuff for GPIO chip selects. GPIOs can be numbered much higher than native CS. Also, it makes no sense...

DEBIAN-CVE-2025-38081

In the Linux kernel, the following vulnerability has been resolved: spi-rockchip: Fix register out of bounds access Do not write native chip select stuff for GPIO chip selects. GPIOs can be numbered much higher than native CS. Also, it makes no sense...

AZL-63944 CVE-2025-38081 affecting package kernel for versions less than 6.6.96.1-1

In the Linux kernel, the following vulnerability has been resolved: spi-rockchip: Fix register out of bounds access Do not write native chip select stuff for GPIO chip selects. GPIOs can be numbered much higher than native CS. Also, it makes no sense...