Linux Distros Unpatched Vulnerability : CVE-2025-40158

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ipv6: use RCU in ip6output Use RCU in ip6output in order to use dstdevrcu to prevent possible UAF. We can remove rcureadlock/rcureadunlock pairs from...

MAL-2025-137645 Malicious code in utomo-kue63-sumpek (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0c3211dbf48501db8f45cf871e4e4545fa5163e5a4545a6bd3b3864ace9922f0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

rack: Rack's multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)

A flaw was found in Rack where Rack::Multipart::Parser stores non-file form fields entirely in memory without size limits. An attacker can send a multipart/form-data request with an extremely large text field, causing the server to allocate large amounts of memory which leads to a denial of servi...

kernel: wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy()

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmsmac: add gain range check to wlcphyiqcalgainparamsnphy In 'wlcphyiqcalgainparamsnphy', add gain range check to WARN instead of possible out-of-bounds 'tbliqcalgainparamsnphy' access. Compile tested only. Found by Linux...

Malicious Package

Overview transform-es2015-block-scoping is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and thi...

Malicious Package

Overview supports-validation-checkerlib is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and thi...

Malicious Package

Overview grumpy-squidward is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview vite-plugin-postcss-tools is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

Malicious Package

Overview @walletwave/core is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview read-async is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

CVE-2025-64509 Bugsink vulnerable to unauthenticated remote DoS via crafted Brotli input (via CPU)

Bugsink is a self-hosted error tracking tool. In versions prior to 2.0.6, a specially crafted Brotli-compressed envelope can cause Bugsink to spend excessive CPU time in decompression, leading to denial of service. This can be done if the DSN is known, which it is in many common setups JavaScript...

Malicious Package

Overview karemv1 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Parameter-parsing Bypass

Rack is vulnerable to a parameter-parsing Bypass. The vulnerability is due to Rack::QueryParser enforcing its paramslimit only for parameters separated by & while still splitting on both & and ;, which allows an attacker to bypass the parameter count limit by using ; separators to submit excessiv...

Malicious Package

Overview web-vitals-help is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview @mts-ds/icons is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview le-front-monitor is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview synqroomkit is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

[SECURITY] Fedora 43 Update: rust-get-size2-0.7.1-1.fc43

Determine the size in bytes an object occupies inside RAM...

Bugsink 安全漏洞

Bugsink is a self-hosted bug tracking software from Bugsink Open Source. A security vulnerability exists in Bugsink versions prior to 2.0.6, which stems from a specially crafted Brotli compressed envelope that may lead to excessive CPU time consumption, possibly resulting in a denial of service...

Advisory ROSA-SA-2025-3048

Software: libxml2 2.9.7 OS: ROSA Virtualization 3.1 unaffected versions = libxml2-2.9.7-21.0.1.rv31.3 affected versions libxml2-2.9.7-21.0.1.1.rv31.3 CVE-ID: CVE-2016-3709 BDU-ID: CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Libxml2 library is related to the failure to take measures to...