Malicious code in izar-string-command-neutronstar (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9dbcaeebf03806cb0ef5c609388515b241112b004e88e71aeee348b374f64a76 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-175691

Malicious code in vortex-auth0-string-holography npm...

EUVD-2025-176182

Malicious code in string-container-benchmark-phi-cat npm...

EUVD-2025-177164

Malicious code in pino-remark-string-nestjs npm...

EUVD-2025-176075

Malicious code in tachyon-string-version-sequelize npm...

EUVD-2025-177788

Malicious code in mock-string-simple-final-data npm...

EUVD-2025-178324

Malicious code in izar-string-command-neutronstar npm...

EUVD-2025-178377

Malicious code in integer-slow-java-object-string npm...

EUVD-2025-176183

Malicious code in string-compile-module-benchmark-report npm...

CVE-2025-60686

ToToLink routers (A720R V4.1.5cu.614_B20230630; LR1200GB V9.1.0u.6619_B20230130; NR1800X V9.1.0u.6681_B20230703) contain a local stack-based buffer overflow in infostat.cgi and cstecgi.cgi. Both binaries parse /proc/net/arp using sscanf() with the %s specifier into fixed-size stack buffers withou...

Hitachi ABB AFS Use After Free (CVE-2023-0215)

There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1STRING but the public structure definition for GENERALNAME incorrectly specified the type of the x400Address field as ASN1TYPE. This plugin only works wi...

Phishing emails disguised as spam filter alerts are stealing logins

Cybercriminals are spoofing "email delivery" notifications to look like they came from spam filters inside your own organization. The goal is to lure you to a phishing site that steals login credentials—credentials that could unlock your email, cloud storage or other personal accounts. The email...

EUVD-2025-124945

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid NULL pointer dereference in f2fscheckquotaconsistency syzbot reported a f2fs bug as below: Oops: gen 107.736417 T5848 Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 ...

rubygem-rack: Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-separated parameters

An unsafe default behavior in Rack::QueryParser allows bypass of the paramslimit parameter count restriction when query string parameters are delimited by semicolons ; rather than ampersands &. The parser counts only & when enforcing the limit, while still splitting on both & and ;. As a result, ...

kernel: afs: Fix merge preference rule failure condition

In the Linux kernel, the following vulnerability has been resolved: afs: Fix merge preference rule failure condition syzbot reported a lock held when returning to userspace1. This is because if argc is less than 0 and the function returns directly, the held inode lock is not released. Fix this by...

kernel: team: better TEAM_OPTION_TYPE_STRING validation

In the Linux kernel, the following vulnerability has been resolved: team: better TEAMOPTIONTYPESTRING validation syzbot reported following splat 1 Make sure user-provided data contains one nul byte. 1 BUG: KMSAN: uninit-value in stringnocheck lib/vsprintf.c:633 inline BUG: KMSAN: uninit-value in...

kernel: wifi: brcmfmac: Check the return value of of_property_read_string_index()

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Check the return value of ofpropertyreadstringindex Somewhen between 6.10 and 6.11 the driver started to crash on my MacBookPro14,3. The property doesn't exist and 'tmp' remains uninitialized, so we pass a random...

CVE-2025-64183

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.2.0 through 3.2.4, 3.3.0 through 3.3.5, and 3.4.0 through 3.4.2, there is a use-after-free in PyObjectStealAttrString of pyOpenEXRold.cpp...

CVE-2025-64183

OpenEXR vulnerability CVE-2025-64183 affects the Python exposure PyOpenEXR_old.cpp: a use-after-free in PyObject_StealAttrString when retrieving attributes via PyObject_GetAttrString, returning a dangling PyObject*. This can be triggered in various reads (e.g., PixelType.v, Box2i, V2f) and is exp...

CVE-2025-64183 OpenEXR has use after free in PyObject_StealAttrString

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.2.0 through 3.2.4, 3.3.0 through 3.3.5, and 3.4.0 through 3.4.2, there is a use-after-free in PyObjectStealAttrString of pyOpenEXRold.cpp...