Amazon Linux 2023 : php8.3, php8.3-bcmath, php8.3-cli (ALAS2023-2025-873)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-873 advisory. The upstream advisory describes this issue as follows: A memory-related vulnerability in PHP's filter handling system, particularly when processing input with convert.quoted-printable-decode...

Emoji-Based Jailbreaking of Large Language Models

Large Language Models LLMs are integral to modern AI applications, but their safety alignment mechanisms can be bypassed through adversarial prompt engineering. This study investigates emoji-based jailbreaking, where emoji sequences are embedded in textual prompts to trigger harmful and unethical...

Directory Traversal

Overview chainlit is a Build Conversational AI. Affected versions of this package are vulnerable to Directory Traversal via the updatethreadelement and deletethreadelement handlers in backend/chainlit/server.py. An authenticated attacker can read arbitrary files from the server by sending a craft...

PT-2026-2950

Name of the Vulnerable Software and Affected Versions Undici versions prior to 7.18.0 Undici versions prior to 6.23.0 Description Undici is an HTTP/1.1 client for Node.js. A malicious server can insert thousands of compression steps due to an unbounded number of links in the decompression chain a...

PT-2026-4876

Name of the Vulnerable Software and Affected Versions libsoup affected versions not specified Description A flaw exists in libsoup, an HTTP client library, related to CRLF Carriage Return Line Feed Injection. This issue occurs when an HTTP proxy is configured and the library improperly handles...

PT-2026-22158

Name of the Vulnerable Software and Affected Versions FTP GVfs backend affected versions not specified Description An input validation issue exists in the FTP GVfs backend. A remote attacker can exploit this by providing specially crafted file paths with carriage return and line feed CRLF...

PT-2026-5130

Name of the Vulnerable Software and Affected Versions libsoup affected versions not specified Description A flaw exists in libsoup where an attacker controlling the input for the Content-Disposition header can inject CRLF Carriage Return Line Feed sequences into the header value. These sequences...

PT-2026-21772

Name of the Vulnerable Software and Affected Versions Caddy versions prior to 2.11.1 Description Caddy’s HTTP path request matcher is intended to be case-insensitive, but when the match pattern contains percent-escape sequences %xx it compares against the request's escaped path without lowercasin...

Tracing logging user input may result in poisoning logs with ANSI escape sequences

...

EulerOS Virtualization 2.13.0 : aide (EulerOS-SA-2025-2604)

According to the versions of the aide package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability...

EulerOS Virtualization 2.13.1 : aide (EulerOS-SA-2025-2618)

According to the versions of the aide package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability...

Huawei EulerOS: Security Advisory for aide (EulerOS-SA-2025-2604)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for aide (EulerOS-SA-2025-2618)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Zip Slip

Overview psitransfer is a Simple open source self-hosted file sharing solution Affected versions of this package are vulnerable to Zip Slip in the archive download functionality in endpoints.js‎. An attacker can write arbitrary files outside the intended extraction directory by uploading files wi...

GHSA-XPHH-5V4R-R3RX PsiTransfer has Zip Slip Path Traversal via TAR Archive Download

Summary A Zip Slip vulnerability in PsiTransfer allows an unauthenticated attacker to upload files with path traversal sequences in the filename e.g. ../../../.ssh/authorizedkeys. When a victim downloads the bucket as a .tar.gz archive and extracts it, malicious files are written outside the...

PsiTransfer has Zip Slip Path Traversal via TAR Archive Download

Summary A Zip Slip vulnerability in PsiTransfer allows an unauthenticated attacker to upload files with path traversal sequences in the filename e.g. ../../../.ssh/authorizedkeys. When a victim downloads the bucket as a .tar.gz archive and extracts it, malicious files are written outside the...

MongoDB Memory Disclosure (CVE-2025-14847) - Mongobleed

This module exploits a memory disclosure vulnerability in MongoDB's zlib decompression handling CVE-2025-14847. By sending crafted OPCOMPRESSED messages with inflated BSON document lengths, the server reads beyond the decompressed buffer and returns leaked memory contents in error messages. The...

Exploit for CVE-2025-52691

CVE-2025-52691 POC Proof of Concept exploit for CVE-2025-5269...

How to Integrate AI into Modern SOC Workflows

Artificial intelligence AI is making its way into security operations quickly, but many practitioners are still struggling to turn early experimentation into consistent operational value. This is because SOCs are adopting AI without an intentional approach to operational integration. Some teams...

Exploit for CVE-2018-8581

CVE-2018-8581 Testing Environment This directory contains a r...