CVE-2025-12763

CVE-2025-12763 affects pgAdmin 4 versions up to 9.9 on Windows, where a command-injection vulnerability is caused by using shell=True during backup/restore operations, enabling an attacker to execute arbitrary system commands via crafted file paths. Multiple independent sources note this can lead...

Malicious Package

Overview @walletify/core is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview @walletify/ui is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview vite-chunk-master is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match().

...

EUVD-2025-150395

In the Linux kernel, the following vulnerability has been resolved: ext4: verify orphan file size is not too big In principle orphan file can be arbitrarily large. However orphan replay needs to traverse it all and we also pin all its buffers in memory. Thus filesystems with absurdly large orphan...

GHSA-RRX3-2X4G-MQ2H Bugsink is vulnerable to unauthenticated remote DoS via crafted Brotli input (via CPU)

Impact In affected versions, a specially crafted Brotli-compressed envelope can cause Bugsink to spend excessive CPU time in decompression, leading to denial of service. This can be done if the DSN is known, which it is in many common setups JavaScript, Mobile Apps. Patches Patched in Bugsink 2.0...

Siemens SIMATIC S7-1500 Allocation of Resources Without Limits or Throttling (CVE-2024-28182)

nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK...

Siemens SIMATIC S7-1500 Initialization of a Resource with an Insecure Default (CVE-2024-56433)

shadow-utils aka shadow 4.4 through 4.17.0 establishes a default /etc/subuid behavior e.g., uid 100000 through 165535 for the first user account that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by...

DEBIAN-CVE-2025-40179

In the Linux kernel, the following vulnerability has been resolved: ext4: verify orphan file size is not too big In principle orphan file can be arbitrarily large. However orphan replay needs to traverse it all and we also pin all its buffers in memory. Thus filesystems with absurdly large orphan...

CVE-2025-40179

In the Linux kernel, the following vulnerability has been resolved: ext4: verify orphan file size is not too big In principle orphan file can be arbitrarily large. However orphan replay needs to traverse it all and we also pin all its buffers in memory. Thus filesystems with absurdly large orphan...

UBUNTU-CVE-2025-40179

In the Linux kernel, the following vulnerability has been resolved: ext4: verify orphan file size is not too big In principle orphan file can be arbitrarily large. However orphan replay needs to traverse it all and we also pin all its buffers in memory. Thus filesystems with absurdly large orphan...

CVE-2025-40179

In the Linux kernel, the following vulnerability has been resolved: ext4: verify orphan file size is not too big In principle orphan file can be arbitrarily large. However orphan replay needs to traverse it all and we also pin all its buffers in memory. Thus filesystems with absurdly large orphan...

CVE-2025-40179 ext4: verify orphan file size is not too big

In the Linux kernel, the following vulnerability has been resolved: ext4: verify orphan file size is not too big In principle orphan file can be arbitrarily large. However orphan replay needs to traverse it all and we also pin all its buffers in memory. Thus filesystems with absurdly large orphan...

CVE-2025-40179

CVE-2025-40179 concerns the Linux kernel’s ext4 filesystem. The issue arises from how orphan files are replayed: an orphan file can be arbitrarily large, and replay requires traversing it and pinning its buffers in memory, which can lead to excessive memory consumption on filesystems with very la...

CVE-2025-40179 ext4: verify orphan file size is not too big

In the Linux kernel, the following vulnerability has been resolved: ext4: verify orphan file size is not too big In principle orphan file can be arbitrarily large. However orphan replay needs to traverse it all and we also pin all its buffers in memory. Thus filesystems with absurdly large orphan...

EUVD-2025-131921

If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side request forgery vulnerability, since an attacker could send a request f...

Denial of Service (DoS)

Overview github.com/dvsekhvalnov/jose2go is a Pure Golang GO library for generating, decoding and encrypting JSON Web Tokens. Zero dependency, relies only on standard library. Affected versions of this package are vulnerable to Denial of Service DoS via the processing of crafted JSON Web Encrypti...

UBUNTU-CVE-2025-59089

If an attacker causes kdcproxy to connect to an attacker-controlled KDC server e.g. through server-side request forgery, they can exploit the fact that kdcproxy does not enforce bounds on TCP response length to conduct a denial-of-service attack. While receiving the KDC's response, kdcproxy copie...

Malicious code in teagood-nalikoli15 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d91a931061fcb62d1fd2d120c43e06ad1091614b1711184b4668ff816615f5a0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...