EUVD-2025-198890

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: fix crash in setmeshsync and setmeshcomplete There is a BUG: KASAN: stack-out-of-bounds in setmeshsync due to memcpy from badly declared on-stack flexible array. Another crash is in setmeshcomplete due to double...

Malicious code in @posthog/gitub-star-sync-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4be422ec924addbeb23c34a8b3305835feb3d665ab57afdc1450734d0b10f5a4 The package @posthog/gitub-star-sync-plugin was found to contain malicious code. Source: google-open-source-security...

DEBIAN-CVE-2025-40213

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: fix crash in setmeshsync and setmeshcomplete There is a BUG: KASAN: stack-out-of-bounds in setmeshsync due to memcpy from badly declared on-stack flexible array. Another crash is in setmeshcomplete due to double...

CVE-2025-40213

CVE-2025-40213 is a Linux kernel vulnerability in the Bluetooth MGMT subsystem. Root cause: stack-out-of-bounds in set_mesh_sync (memcpy from on-stack flexible array) and a crash in set_mesh_complete (double list_del). A fix uses DEFINE_FLEX for on-stack flexible arrays and prevents memcpy beyond...

CVE-2025-40213

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: fix crash in setmeshsync and setmeshcomplete There is a BUG: KASAN: stack-out-of-bounds in setmeshsync due to memcpy from badly declared on-stack flexible array. Another crash is in setmeshcomplete due to double...

CVE-2025-40213

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: fix crash in setmeshsync and setmeshcomplete There is a BUG: KASAN: stack-out-of-bounds in setmeshsync due to memcpy from badly declared on-stack flexible array. Another crash is in setmeshcomplete due to double...

CVE-2025-40213 Bluetooth: MGMT: fix crash in set_mesh_sync and set_mesh_complete

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: fix crash in setmeshsync and setmeshcomplete There is a BUG: KASAN: stack-out-of-bounds in setmeshsync due to memcpy from badly declared on-stack flexible array. Another crash is in setmeshcomplete due to double...

CVE-2025-40213 Bluetooth: MGMT: fix crash in set_mesh_sync and set_mesh_complete

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: fix crash in setmeshsync and setmeshcomplete There is a BUG: KASAN: stack-out-of-bounds in setmeshsync due to memcpy from badly declared on-stack flexible array. Another crash is in setmeshcomplete due to double...

Fake calendar invites are spreading. Here’s how to remove them and prevent more

We’re seeing a surge in phishing calendar invites that users can’t delete, or that keep coming back because they sync across devices. The good news is you can remove them and block future spam by changing a few settings. Most of these unwanted calendar entries are there for phishing purposes. Mos...

CVE-2025-41115 Incorrect privilege assignment

SCIM provisioning was introduced in Grafana Enterprise and Grafana Cloud in April to improve how organizations manage users and teams in Grafana by introducing automated user lifecycle management. In Grafana versions 12.x where SCIM provisioning is enabled and configured, a vulnerability in user...

kernel: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race

In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix hugepmdunshare vs GUP-fast race hugepmdunshare drops a reference on a page table that may have previously been shared across processes, potentially turning it into a normal page table used in another process in...

MAL-2025-188489 Malicious code in outercore-sync-fornax-lightyear (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e9e2e853eda7b0af152340f61eb4696e8f76559b416699655d34aa888bfc5f7c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-189222 Malicious code in restart-warp-webdriver-mocha-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 95bf93b3651fd9e5262e28a4c025dfe14338cabf906f3143dad4f1a1cf765f46 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186530 Malicious code in delphinus-tool-sync-geckodriver (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 309471f78b1f61e3fba41e092a36d4ae761dc2439a6686d82cea711c93a982ed This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in init-venus-sync-figures (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 41b6e40d812a9363fa5f719d89f8033b005cc387fbeadb50dac11ca6fcd9ba44 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in standard-altair-izar-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7aa4728fd5bccd6fec6ad0f4459479b41c02571c837732ad3e92688a04eb9bf9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in standard-seismology-sync-native (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6bb0161e8e9100e0895c5f49e6260a519a05cbc55a4cb32eadbd60fe2619b257 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in sync-taurus-cluster-webpack (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 187342dda72bcfd9fa9b7508990e5f40d3d2fc29ab165be4e68d0524f897b5b6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-176278

Malicious code in spawn-nova-antares-sync npm...

EUVD-2025-176233

Malicious code in standard-altair-izar-sync npm...