CVE-2025-6175

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in DECE Software Geodi allows HTTP Request Splitting. This issue affects Geodi: before GEODI Setup 9.0.146...

Malicious code in supersafecalc (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7e6f4c47c6eaf1976109a771b78c82dbda4409960e11301f85bf120add36b78c Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in treeherder-submitter (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 62f372bfa72908a63c289d80e0133c9e6a34732dc8e051ba7be3be89ecc01383 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2025-191751 Malicious code in hello-from-shiphero (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 00eb05ac59ee167606a053bd1ac9f705de178f9a576e6fe78bae415d599157b1 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

CVE-2025-38421

In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd: pmf: Use device managed allocations If setting up smart PC fails for any reason then this can lead to a double free when unloading amd-pmf. This is because dev-buf was freed but never set to NULL and is again...

CVE-2025-38421

In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd: pmf: Use device managed allocations If setting up smart PC fails for any reason then this can lead to a double free when unloading amd-pmf. This is because dev-buf was freed but never set to NULL and is again...

D-Link DIR-513 Buffer Overflow Vulnerability (CNVD-2025-16670)

The D-Link DIR-513 is a wireless router device manufactured by D-Link. A buffer overflow vulnerability exists in the D-Link DIR-513 version 1.0, which originates from improper handling of the curTime parameter in the sprintf function of the /goform/formLanSetupRouterSettings file in the Boa...

Logwatch 7.13

Logwatch analyzes and reports on unix system logs. It is a customizable and pluggable log monitoring system which will go through the logs for a given period of time and make a customizable report. It should work right out of the package on most systems...

RageAgainstThePixel/setup-steamcmd leaked authentication token in job output logs

Summary Log output includes authentication token that provides full account access Details The post job action prints the contents of config/config.vdf which holds the saved authentication token and can be used to sign in on another machine. This means any public use of this action leaves...

Security update for the Linux Kernel (Live Patch 49 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-15030059179 fixes several issues. The following security issues were fixed: CVE-2024-53146: NFSD: Prevent a potential integer overflow bsc1234854. CVE-2022-49465: blk-throttle: Set BIOTHROTTLED when bio has been throttled bsc1238920. CVE-2024-53214: vfio/pc...

PT-2025-37209

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains a flaw within the ath12k driver related to the handling of TID Transmit Identifier cleanup during setup failures. If an error occurs during ath12k dp rx peer...

Malicious code in blabutt (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 258dbe10b138b170391a1beecc464e618b85c47192f558a737105ef3525948ad Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Apache Tomcat Resource Management Error Vulnerability (CNVD-2025-16618)

Apache Tomcat is the United States Apache Apache Foundation of a lightweight Web application server . Used to implement the Servlet and JavaServer Page JSP support. Apache Tomcat has a Resource Management Error vulnerability that originates from an HTTP/2 client not acknowledging the initial setu...

Malicious code in testcatplzignore (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c3cde630e4fbb39749856eccaa8f1afb813c865152bcf6d2eb0a639f71f2b4cb Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2025-191893 Malicious code in testcatplzignore (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c3cde630e4fbb39749856eccaa8f1afb813c865152bcf6d2eb0a639f71f2b4cb Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Exploit for CVE-2025-23167

CVE-2025-23167 – Node.js HTTP Request Smuggling Exploit Worki...

Malicious code in paradox-pydevdeps (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ffb02e4aaa239e465a9365307dc9f04e5d881cc9f56bd34a1112ce87db7998bc Generic campaign for all likely research / pentests, where the amount or art of collected data raises questions about the privacy, security and ethical side. -...

MAL-2025-191811 Malicious code in paradox-pydevdeps (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ffb02e4aaa239e465a9365307dc9f04e5d881cc9f56bd34a1112ce87db7998bc Generic campaign for all likely research / pentests, where the amount or art of collected data raises questions about the privacy, security and ethical side. -...

kernel: um: Fix out-of-bounds read in LDT setup

A vulnerability was found in the Linux kernel's user mode um subsystem, specifically within the Local Descriptor Table LDT setup functionality. The issue arises from the syscallstubdata function misinterpreting the datacount parameter as a byte count rather than a count of longs, leading to an...

Malicious code in package-346234294 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c9741d027897445cdd34a40de0f592a42641170b88a9cbab6cee3dbaaeeedb39 Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...