Malicious Package

Overview @vietmoney/react-big-calendar is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

Malicious Package

Overview @vietmoney/react-native-image-transformer is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...

Malicious Package

Overview @vietmoney/react-native-action-button is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization...

[SECURITY] Fedora 42 Update: duc-1.4.6-1.fc42

Duc is a collection of tools for indexing, inspecting and visualizing disk usage. Duc maintains a database of accumulated sizes of directories of the file system, and allows you to query this database with some tools, or create fancy graphs showing you where your bytes are...

SUSE CVE-2022-50867

In the Linux kernel, the following vulnerability has been resolved: drm/msm/a6xx: Fix kvzalloc vs statekcalloc usage adrenoshowobject is a trap! It will re-allocate the pointer it is passed on first call, when the data is ascii85 encoded, using kvmalloc/ kvfree. Which means the data passed to it...

SUSE CVE-2023-54179

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Array index may go out of bound Klocwork reports array 'vha-hoststr' of size 16 may use index values 16..19. Use snprintf instead of sprintf...

SUSE CVE-2023-54259

In the Linux kernel, the following vulnerability has been resolved: soundwire: bus: Fix unbalanced pmruntimeput causing usage count underflow This reverts commit 443a98e649b4 "soundwire: bus: use pmruntimeresumeandget" Change calls to pmruntimeresumeandget back to pmruntimegetsync. This fixes a...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992815)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992815 advisory. In the Linux kernel, the following vulnerability has been resolved: sched, cpuset: Fix dlcpubusy panic due to empty cs-cpusallowed With cgroup v2, the cpuset's...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992753)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992753 advisory. In the Linux kernel, the following vulnerability has been resolved: iommu/omap: Fix buffer overflow in debugfs There are two issues here: 1 The len variable needs to...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992755)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992755 advisory. In the Linux kernel, the following vulnerability has been resolved: ipvlan: Dont Use skb-sk in ipvlanprocessv4,6outbound Raw packet from PFPACKET socket ontop of an...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992980)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992980 advisory. In the Linux kernel, the following vulnerability has been resolved: amdkfd: use calloc instead of kzalloc to avoid integer overflow This uses calloc instead of doing...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993208)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993208 advisory. In the Linux kernel, the following vulnerability has been resolved: llc: do not use skbget before devqueuexmit syzbot is able to crash hosts 1, using llc and devices...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993273)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993273 advisory. In the Linux kernel, the following vulnerability has been resolved: cpufreq: zynq: Fix refcount leak in zynqgetrevision offindcompatiblenode returns a node pointer...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992757)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992757 advisory. In the Linux kernel, the following vulnerability has been resolved: video: fbdev: amba-clcd: Fix refcount leak bugs In clcdfbofinitdisplay, we should call ofnodeput...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992749)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992749 advisory. In the Linux kernel, the following vulnerability has been resolved: parport: Proper fix for array out-of-bounds access The recent fix for array out-of-bounds accesse...

CVE-2025-69257 theshit vulnerable to unsafe loading of user-owned Python rules when running as root.

theshit is a command-line utility that automatically detects and fixes common mistakes in shell commands. Prior to version 0.1.1, the application loads custom Python rules and configuration files from user-writable locations e.g., /.config/theshit/ without validating ownership or permissions when...

CVE-2025-65925

An issue was discovered in Zeroheight SaaS prior to 2025-06-13. A legacy user creation API pathway allowed accounts to be created without completing the intended email verification step. While unverified accounts could not access product functionality, the behavior bypassed intended verification...

Malicious Package

Overview nbugs-video is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

Malicious Package

Overview chai-promised-chains is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview vscode-azure-mcp-server is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...