Malicious Package

Overview @onlytoodles/crypto-jsa is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

SUSE CVE-2022-50643

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix xid leak in cifscopyfilerange If the file is used by swap, before return -EOPNOTSUPP, should free the xid, otherwise, the xid will be leaked...

SUSE CVE-2022-50672

In the Linux kernel, the following vulnerability has been resolved: mailbox: zynq-ipi: fix error handling while deviceregister fails If deviceregister fails, it has two issues: 1. The name allocated by devsetname is leaked. 2. The parent of device is not NULL, deviceunregister is called in...

SUSE CVE-2023-53791

In the Linux kernel, the following vulnerability has been resolved: md: fix warning for holder mismatch from exportrdev Commit a1d767191096 "md: use mddev-external to select holder in exportrdev" fix the problem that 'claimrdev' is used for blkdevgetbydev while 'rdev' is used for blkdevput...

EUVD-2025-201889

A low privileged remote attacker can use the ssh feature to execute commands directly after login. The process stays open and uses resources which leads to a reduced performance of the management functions. Switching functionality is not affected...

Google Adds Layered Defenses to Chrome to Block Indirect Prompt Injection Threats

Google on Monday announced a set of new security features in Chrome, following the company's addition of agentic artificial intelligence AI capabilities to the web browser. To that end, the tech giant said it has implemented layered defenses to make it harder for bad actors to exploit indirect...

CVE-2025-26487

Server-Side Request Forgery SSRF vulnerability in Infinera MTC-9 version allows remote unauthenticated users to gain access to other network resources using HTTPS requests through the appliance used as a bridge...

expat: large number of colons in input makes parser consume high amount of resources, leading to DoS

It was discovered that the "setElementTypePrefix" function incorrectly extracted XML namespace prefixes. By tricking an application into processing a specially crafted XML file, an attacker could cause unusually high consumption of memory resources and possibly lead to a denial of service...

CVE-2025-41693 Authenticated Denial-of-Service via SSH

A low privileged remote attacker can use the ssh feature to execute commands directly after login. The process stays open and uses resources which leads to a reduced performance of the management functions. Switching functionality is not affected...

Denial Of Service (DoS)

Apache Struts is vulnerable to Denial Of Service DoS. The vulnerability is due to a file leak in multipart request processing, where temporary files are not properly cleaned up, allowing attackers to trigger uncontrolled disk usage and exhaust server storage...

Malicious Package

Overview jsonify-errors is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

CVE-2025-40327 perf/core: Fix system hang caused by cpu-clock usage

In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix system hang caused by cpu-clock usage cpu-clock usage by the async-profiler tool can trigger a system hang, which got bisected back to the following commit by Octavia Togami: 18dbcbfabfff "perf: Fix the POLLHUP...

EUVD-2023-60115

In the Linux kernel, the following vulnerability has been resolved: md: fix warning for holder mismatch from exportrdev Commit a1d767191096 "md: use mddev-external to select holder in exportrdev" fix the problem that 'claimrdev' is used for blkdevgetbydev while 'rdev' is used for blkdevput...

EUVD-2022-55713

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix xid leak in cifscopyfilerange If the file is used by swap, before return -EOPNOTSUPP, should free the xid, otherwise, the xid will be leaked...

CVE-2025-42873 Denial of Service (DoS) in SAPUI5 framework (Markdown-it component)

SAPUI5 and OpenUI5 packages use outdated 3rd party libraries with known security vulnerabilities. When markdown-it encounters special malformed input, it fails to terminate properly, resulting in an infinite loop. This Denial of Service via infinite loop causes high CPU usage and system...

CVE-2025-42873

SAPUI5 (and OpenUI5) packages include the markdown-it component with outdated third‑party libraries, enabling an infinite loop on specially malformed input. This DoS causes high CPU use and unresponsiveness by blocking the processing thread, with no confidentiality or integrity impact reported. N...

CVE-2023-53847

CVE-2023-53847 affects the Linux kernel usb-storage alauda subdriver. The root cause is alauda_check_media() using USB transfer data without verifying transfer success, risking uninitialized data usage; a related issue exists in alauda_get_media_status(). The fix adds a check for transfer success...

CVE-2023-53828

The CVE-2023-53828 entry describes a use-after-free in the Linux kernel Bluetooth HCI path when adding an advertising monitor. KSAN flagged the use-after-free in hci_add_adv_monitor() through a chain including msft_add_monitor_pattern(), msft_add_monitor_sync(), and msft_le_monitor_advertisement_...

DEBIAN-CVE-2022-50638

In the Linux kernel, the following vulnerability has been resolved: ext4: fix bugon in estreesearch caused by bad boot loader inode We got a issue as fllows: ================================================================== kernel BUG at fs/ext4/extentsstatus.c:203! invalid opcode: 0000 1 PREEMP...

DEBIAN-CVE-2022-50643

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix xid leak in cifscopyfilerange If the file is used by swap, before return -EOPNOTSUPP, should free the xid, otherwise, the xid will be leaked...