CVE-2025-68480 Marshmallow has DoS in Schema.load(many)

Marshmallow is a lightweight library for converting complex objects to and from simple Python datatypes. In versions from 3.0.0rc1 to before 3.26.2 and from 4.0.0 to before 4.1.2, Schema.loaddata, many=True is vulnerable to denial of service attacks. A moderately sized request can consume a...

rexml: REXML denial of service

A denial of service flaw has been discovered in the rubygem REXML. Certain input can cause excess cpu usage and given sufficiently large input this can affect program performance...

CVE-2025-68328 firmware: stratix10-svc: fix bug in saving controller data

In the Linux kernel, the following vulnerability has been resolved: firmware: stratix10-svc: fix bug in saving controller data Fix the incorrect usage of platformsetdrvdata and devsetdrvdata. They both are of the same data and overrides each other. This resulted in the rmmod of the svc driver to...

Insider Threat: Hackers Paying Company Insiders to Bypass Security

A new report from Check Point Research reveals a growing trend of cyber criminals recruiting employees at banks, telecoms, and tech giants. Learn how hackers use the darknet and Telegram to offer payouts up to $15,000 for internal access to companies like Apple, Coinbase, and the Federal Reserve...

PT-2025-52725

Name of the Vulnerable Software and Affected Versions Marshmallow versions 3.0.0rc1 through 3.26.1 Marshmallow versions 4.0.0 through 4.1.1 Description Marshmallow, a library for converting complex objects to and from simple Python datatypes, contains a flaw in the Schema.loaddata, many=True...

CLSA-2025-1766232861 delve: Fix of CVE-2025-58183

rebuild with golang 1.25.3-1 to fix CVE-2025-58183 fix unbounded memory consumption when reading GNU pax 1.0 sparse files - fix failing tests for golang 1.25...

SUSE CVE-2024-29370

In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant...

Malicious Package

Overview nmapchecker is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

Malicious Package

Overview ddos-gacor-v2 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview asdfgh33 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Malicious Package

Overview baidu-tester is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

CLSA-2025-1766137892 grafana: Fix of CVE-2025-58183

rebuild with golang 1.25.3-1 to fix CVE-2025-58183 fix unbounded memory consumption when reading GNU pax 1.0 sparse files...

Malicious Package

Overview yt-smm is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Malicious Package

Overview xvxx is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Malicious Package

Overview vdous is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Malicious Package

Overview azaza is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Malicious Package

Overview viktorparserctf8 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview adk-cli is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Malicious code in usage-tracker-janus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8998ae7ec51b23bfdefe724e7c4bc34ad623362708f171a1c3ffcf4e98be15e0 The package usage-tracker-janus was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-204508

Malicious code in usage-tracker-janus npm...