2773 matches found
CVE-2025-59144 [email protected] contains malware after npm account takeover
debug is a JavaScript debugging utility. On 8 September 2025, the npm publishing account for debug was taken over after a phishing attack. Version 4.4.2 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency...
BIT-KYVERNO-2025-46342 Kyverno vulnerable to bypass of policy rules that use namespace selectors in match statements
Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.13.5 and 1.14.0, it may happen that policy rules using namespace selectors in their match statements are mistakenly not applied during admission review request processing due to a missing error...
BIT-POWERSHELL-2020-0951 Windows Defender Application Control Security Feature Bypass Vulnerability
A security feature bypass vulnerability exists in Windows Defender Application Control WDAC which could allow an attacker to bypass WDAC enforcement. An attacker who successfully exploited this vulnerability could execute PowerShell commands that would be blocked by WDAC. To exploit the...
USN-7726-4 linux-gke, linux-ibm-5.15, linux-kvm vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - NTFS3 file system; - Network traffic control; CVE-2024-27407, CVE-2024-57996, CVE-2025-37752, CVE-2025-38350...
Important: postgresql:13 security update
PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL executes arbitrary code in restore operation CVE-2025-8715 postgresql: PostgreSQL code execution in restore operation CVE-2025-8714 For more details about the security issues,...
ROOT-OS-DEBIAN-12-CVE-2023-46361 CVE-2023-46361 in rootio-jbig2dec - Patched by Root
Root has patched CVE-2023-46361 in the rootio-jbig2dec package for Root:Debian:12. Multiple fixed versions available...
Solaris 10 (i386): 148242-08
SunOS 5.10: SunOS 5.10x86: statd patch. Date this patch was last updated by Sun : Jan/15/24 %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include"compat.inc"; if description scriptid255261; scriptversion"1.1";...
screenshot-desktop vulnerable to command Injection via `format` option
Impact This vulnerability is a command injection issue. When user-controlled input is passed into the format option of the screenshot function, it is interpolated into a shell command without sanitization. An attacker can craft malicious input such as: format: "; echo vulnerable /tmp/hello;" This...
Linux Distros Unpatched Vulnerability : CVE-2016-0503
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML, a...
CVE-2025-54382
Cherry Studio is a desktop client that supports for multiple LLM providers. In version 1.5.1, a remote code execution RCE vulnerability exists in the Cherry Studio platform when connecting to streamableHttp MCP servers. The issue arises from the server’s implicit trust in the oauth auth redirecti...
ROOT-OS-ALPINE-319-CVE-2024-24806 CVE-2024-24806 in rootio-libuv - Patched by Root
Root has patched CVE-2024-24806 in the rootio-libuv package for Root:Alpine:3.19. Multiple fixed versions available...
CVE-2025-55150 Stirling-PDF SSRF vulnerability on /api/v1/convert/html/pdf
Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/html/pdf endpoint to convert HTML to PDF, the backend calls a third-party tool to process it and includes a sanitizer for security sanitization...
BIT-PYTHON-MIN-2025-8194 Tarfile infinite loop during parsing with negative member offset
There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives...
Linux Distros Unpatched Vulnerability : CVE-2025-8176
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function gethistogram of the file...
CVE-2025-5455 affecting package qtbase for versions less than 6.6.3-4
CVE-2025-5455 affecting package qtbase for versions less than 6.6.3-4. A patched version of the package is available...
Linux Distros Unpatched Vulnerability : CVE-2025-38070
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ASoC: sma1307: Add NULL check in sma1307settingloaded All varibale allocated by kzalloc and devmkzalloc could be NULL. Multiple pointer checks and their cleanup...
Linux Distros Unpatched Vulnerability : CVE-2025-37748
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: iommu/mediatek: Fix NULL pointer deference in mtkiommudevicegroup Currently, mtkiommu calls...
Linux Distros Unpatched Vulnerability : CVE-2024-49573
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix NEXTBUDDY Adam reports that enabling NEXTBUDDY insta triggers a WARN in...
Linux Distros Unpatched Vulnerability : CVE-2022-50192
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: spi: tegra20-slink: fix UAF in tegraslinkremove After calling spiunregistermaster, the...
Linux Distros Unpatched Vulnerability : CVE-2022-48916
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix double listadd when enabling VMD in scalable mode When enabling VMD and IOMM...