CVE-2025-40213 Bluetooth: MGMT: fix crash in set_mesh_sync and set_mesh_complete

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: fix crash in setmeshsync and setmeshcomplete There is a BUG: KASAN: stack-out-of-bounds in setmeshsync due to memcpy from badly declared on-stack flexible array. Another crash is in setmeshcomplete due to double...

ROS-20251124-10

The Kea open source DHCP server vulnerability is related to the use of a pointer offset outside the range. Exploitation of the vulnerability could allow an attacker to escalate privileges on the system...

CVE-2025-59116

Windu CMS is vulnerable to User Enumeration. This issue occurs during logon, where a difference in messages could allow an attacker to determine if the login is valid or not, enabling a brute force attack with valid logins. Only version 4.1 was tested and confirmed as vulnerable. This issue was...

BIT-MOODLE-2025-62398 Moodle: possible to bypass mfa

A serious authentication flaw allowed attackers with valid credentials to bypass multi-factor authentication under certain conditions, potentially compromising user accounts...

CVE-2025-13319

An injection vulnerability has been discovered in the API feature in Digi On-Prem Manager, enabling an attacker with valid API tokens to inject SQL via crafted input. The API is not enabled by default, and a valid API token is required to perform the attack...

CVE-2025-20346

A vulnerability in Cisco Catalyst Center could allow an authenticated, remote attacker to execute operations that should require Administrator privileges. The attacker would need valid read-only user credentials. This vulnerability is due to improper role-based access control RBAC. An attacker...

EUVD-2025-124949

In the Linux kernel, the following vulnerability has been resolved: dm: fix NULL pointer dereference in dmsuspend There is a race condition between dm device suspend and table load that can lead to null pointer dereference. The issue occurs when suspend is invoked before table load completes: BUG...

Malicious Package

Overview aes-core-valid-ipherv is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

EUVD-2025-120000

Malicious code in aes-core-valid-ipherv npm...

MAL-2025-149905 Malicious code in aes-core-valid-ipherv (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c4b3e5a270d63d751fe142a9d81d59870ee3c9bbe18403a4da5fbff3c5cce2b8 The package aes-core-valid-ipherv was found to contain malicious code. Source: ghsa-malware...

Malicious code in valid-crimson-hippopotamus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 43bab958e94e0c20206a07309497c85049427f209cd0030f77275c219a9a6bc0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-117010

Malicious code in valid-crimson-hippopotamus npm...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990875)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990875 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check numvalidsets before accessing readerwmsets WHY & HOW numvalidsets needs to...

EUVD-2025-101060

Malicious code in validflamingoz3n npm...

EUVD-2025-88124

Malicious code in validgazellez3n npm...

EUVD-2025-88125

Malicious code in validcanidaez3n npm...

EUVD-2025-75301

Malicious code in validearwig-appteadev npm...

MAL-2025-110319 Malicious code in valid_barnacle_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 48d4f6378d1dfa46b140466976c95edf1c3f391d4112d33f765706c337e0cb93 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-77997

Malicious code in validbarnaclez3n npm...

EUVD-2025-77996

Malicious code in validcatfishz3n npm...