Malicious Package

Overview transform-async-to-generator is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

Reference-Free Spectral Analysis of EM Side-Channels for Always-On Hardware Trojan Detection

Always-on hardware Trojans HTs pose a critical risk to trusted microelectronics, yet most side-channel detection methods rely on unavailable golden references. We present a reference-free approach that combines time-frequency EM analysis with Gaussian Mixture Models GMMs. By applying Short-Time...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP6 kernel was updated to fix various security issues The following security issues were fixed: CVE-2025-38321: smb: Log an error when closeallcacheddirs fails bsc1246328. CVE-2025-38728: smb3: fix for slab out of bounds on mount to ksmbd bsc1249256. CVE-2025-39890:...

MiracleLinux 9 : kernel-5.14.0-503.19.1.el9_5 (AXSA:2025-9562:06)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9562:06 advisory. kernel: Bluetooth: l2cap: fix null-ptr-deref in l2capchantimeout CVE-2024-27399 kernel: bpf: Add BPFPROGTYPECGROUPSKB attach type enforcement in...

CVE-2020-17500

Barco TransForm NDN-210 Lite, NDN-210 Pro, NDN-211 Lite, and NDN-211 Pro before 3.8 allows Command Injection issue 1 of 4. The NDN-210 has a web administration panel which is made available over https. The logon method is basic authentication. There is a command injection issue that will result i...

CVE-2021-2276

Vulnerability in the Oracle iSetup product of Oracle E-Business Suite component: General Ledger Update Transform, Reports. Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...

MAL-2026-106 Malicious code in transform-decorators-legacy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 40378c47c2f0fa31a922a290a6ec2a2ea207ca9531f35ff004ee5b7a451e647b The package transform-decorators-legacy was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview transform-decorators-legacy is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

Malicious code in transform-decorators-legacy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 40378c47c2f0fa31a922a290a6ec2a2ea207ca9531f35ff004ee5b7a451e647b The package transform-decorators-legacy was found to contain malicious code. Source: ghsa-malware...

EUVD-2026-1376

Malicious code in transform-decorators-legacy npm...

CVE-2026-21675

iccDEV contains a Use After Free vulnerability in CIccXform::Create(), where the hint manager is deleted improperly. Affected versions are 2.3.1 and earlier; the issue is fixed in 2.3.1.1. This affects the iccDEV color-management library and could enable exploitation through improper object clean...

EUVD-2023-60531

In the Linux kernel, the following vulnerability has been resolved: xfrm: Fix leak of dev tracker At the stage of direction checks, the netdev reference tracker is already initialized, but released with wrong put call...

PT-2025-54102

In the Linux kernel, the following vulnerability has been resolved: xfrm: Fix leak of dev tracker At the stage of direction checks, the netdev reference tracker is already initialized, but released with wrong put call...

Malicious code in fe-cdnpath-transform (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 13874192d7e601e36b720701f234723f635197803d8895576ef83dd24ce26ac4 The package fe-cdnpath-transform was found to contain malicious code...

MAL-2025-192797 Malicious code in fe-cdnpath-transform (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 13874192d7e601e36b720701f234723f635197803d8895576ef83dd24ce26ac4 The package fe-cdnpath-transform was found to contain malicious code...

PT-2025-51675

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The crypto/zstd module contains a flaw where per-CPU streams can be freed multiple times, leading to a double-free issue. This occurs when multiple transform contexts tfms are allocated...

esm-dev 136 - Path Traversal

Exploit Title: esm-dev 136 - Path Traversal Date: 2025-07-11 Exploit Author: Byte Reaper Vendor Homepage: https://github.com/esm-dev/esm.sh Software Link: https://github.com/esm-dev/esm.sh CVE-2025-59342 - File : exploit.c - Date : 09/17/2025 - Target : esm-dev - Version: 136 - Target Endpoint :...

kernel: cifs: Fix oops due to uninitialised variable

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix oops due to uninitialised variable Fix smb3inittransformrq to initialise buffer to NULL before calling netfsallocfolioqbuffer as netfs assumes it can append to the buffer it is given. Setting it to NULL means it should...

📄 Craft CMS 5.0 Logic Flaw

A flaw in the Craft CMS image transform endpoint allows an unauthenticated attacker to trigger backend processing without prior authentication. While the original Metasploit module targeted remote code execution, this proof of concept does not execute code, does not write files, and does not inje...

CVE-2025-40215

No description is available for this CVE...