GHSA-Q926-C743-49QJ Centrifugo's InsecureSkipTokenSignatureVerify flag silently disables JWT verification with no warning

Summary Centrifugo supports a configuration flag insecureskiptokensignatureverify that completely disables JWT signature verification. When enabled, Centrifugo accepts any JWT token regardless of signature validity — including tokens signed with wrong keys, random signatures, or no signature at...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989909)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989909 advisory. In the Linux kernel, the following vulnerability has been resolved: MIPS: smp: fill in sibling and core maps earlier After enabling CONFIGSCHEDCORE landed during 5.1...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-986583)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986583 advisory. In the Linux kernel, the following vulnerability has been resolved: MIPS: smp: fill in sibling and core maps earlier After enabling CONFIGSCHEDCORE landed during 5.1...

EUVD-2025-29501

Malicious code in bioql PyPI...

GHSA-PH6W-F82W-28W6 Claude Code Vulnerable to Arbitrary Code Execution Due to Insufficient Startup Warning

When Claude Code was started in a new directory, it displayed a warning asking, "Do you trust the files in this folder?". This warning did not properly document that selecting "Yes, proceed" would allow Claude Code to execute files in the folder without additional confirmation. This may not have...

Claude Code Vulnerable to Arbitrary Code Execution Due to Insufficient Startup Warning

When Claude Code was started in a new directory, it displayed a warning asking, "Do you trust the files in this folder?". This warning did not properly document that selecting "Yes, proceed" would allow Claude Code to execute files in the folder without additional confirmation. This may not have...