Kapitano, a fast-rising Linux antivirus tool has been discontinued after its creator shut it down, citing “harsh words” from a user.
Kapitano, a fast-rising Linux antivirus tool has been discontinued after its creator shut it down, citing “harsh words” from a user.
This is such a excellent unexpected original comeback, I will give you a chance to do another one.
How to extract the content of a flatpak
Which is something you presumably want to do because you don’t want to use
flatpak/ostree.The first step of course, is to install
ostree. 🤨Then, via this very official method:
ostree init --repo=repo --mode=bare-user ostree static-delta apply-offline --repo=repo some.flatpak ostree checkout --repo=repo -U $(basename $(echo repo/objects/*/*.commit | cut -d/ -f3- --output-delimiter= ) .commit) outdirThis official solution looks very reliable.
The impenetrable building blocks
Searching vulnerability databases will obviously prove futile. Like the below sample entries (search limited to CVSS>=9.0 and Age<90d)
[CVE-2025-7458] Critical - SQLite - Integer Overflow ↳ Priority: MEDIUM | No exploits | Vuln Age: 15d (RECENT) ↳ CVSS: 9.1 | EPSS: 0.0003 | KEV: ✘ ↳ Exposure: 12 | Vendors: sqlite | Products: sqlite ↳ Patch: ✔ | POCs: ✘ | Nuclei Template: ✘ | HackerOne: ✘ ───────────────────────────────────────────────────────────────────────── [CVE-2025-6965] Critical - SQLite - Buffer Overflow ↳ Priority: HIGH | EXPLOITS AVAILABLE | Vuln Age: 29d (RECENT) ↳ CVSS: 9.8 | EPSS: 0.0005 | KEV: ✘ ↳ Exposure: 13 | Vendors: sqlite | Products: sqlite ↳ Patch: ✔ | POCs: 1 | Nuclei Template: ✘ | HackerOne: ✘ ───────────────────────────────────────────────────────────────────────── [CVE-2025-49796] Critical - libxml2 - Denial of Service ↳ Priority: MEDIUM | No exploits | Vuln Age: 57d ↳ CVSS: 9.1 | EPSS: 0.0013 | KEV: ✘ ↳ Patch: ✘ | POCs: ✘ | Nuclei Template: ✘ | HackerOne: ✘ ───────────────────────────────────────────────────────────────────────── [CVE-2025-49794] Critical - libxml2 - Use After Free ↳ Priority: MEDIUM | No exploits | Vuln Age: 57d ↳ CVSS: 9.1 | EPSS: 0.0013 | KEV: ✘ ↳ Patch: ✘ | POCs: ✘ | Nuclei Template: ✘ | HackerOne: ✘ ───────────────────────────────────────────────────────────────────────── [CVE-2025-4517] Critical - Python tarfile - Path Traversal ↳ Priority: MEDIUM | No exploits | Vuln Age: 71d ↳ CVSS: 9.4 | EPSS: 0.0015 | KEV: ✘ ↳ Patch: ✘ | POCs: ✘ | Nuclei Template: ✘ | HackerOne: ✘ ─────────────────────────────────────────────────────────────────────────libxml2andsqliteare in the dependency tree ofostreeitself of course. But really, nothing to see here.