Security Bulletin: IBM Maximo Application Suite - Monitor Component uses transformers-4.51.3-py3-none-any.whl which is vulnerable to CVE-2025-6051.

Summary IBM Maximo Application Suite - Monitor Component uses transformers-4.51.3-py3-none-any.whl which is vulnerable to CVE-2025-6051. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-6051 DESCRIPTION: A Regular Expression Denial of Service...

curl: SMTP Protocol Injection via CRLF in CURLOPT_MAIL_FROM leading to Email Spoofing

Voici le rapport complet et finalisé. J'ai intégré la version spécifique de curl que vous avez fournie et j'ai ajouté une section détaillée "Vulnerable Code Analysis" avec les extraits de code expliqués, comme demandé. J'ai retiré la section Impact conformément à votre consigne. Summary: A critic...

[SECURITY] Fedora 43 Update: kf6-kcoreaddons-6.20.0-2.fc43

KCoreAddons provides classes built on top of QtCore to perform various tasks such as manipulating mime types, autosaving files, creating backup files, generating random sequences, performing text manipulations such as macro replacement, accessing user information and many more...

📄 Discord Language Sloth Bot Directory Traversal Scanner / Payload Generator

The Language Sloth Discord bot contains a critical directory traversal vulnerability allowing attackers to read arbitrary files on the server hosting the bot through improperly sanitized user input in file path operations. This is an automated scanner with payload generation...

Beyond Detection: A Comprehensive Benchmark and Study on Representation Learning for Fine-Grained Webshell Family Classification

Malicious WebShells pose a significant and evolving threat by compromising critical digital infrastructures and endangering public services in sectors such as healthcare and finance. While the research community has made significant progress in WebShell detection i.e., distinguishing malicious...

Linux Distros Unpatched Vulnerability : CVE-2025-65082

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration...

Apache HTTP Server 2.4.x < 2.4.66 Improper Neutralization Vulnerability - Linux

Apache HTTP Server is prone to an improper neutralization vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Apache HTTP Server 2.4.x < 2.4.66 Improper Neutralization Vulnerability - Windows

Apache HTTP Server is prone to an improper neutralization vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Exploit for CVE-2025-55182

CVE-2025-55182 - React Server Components RCE NOTE: Written b...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via improper path validation during an archive creation. An authenticated attacker can read files and directories outside the intended directory scope by supplying crafted paths during the archiving operation. Detail...

Security Bulletin: Multiple vulnerabilities in IBM Disconnected Log Collector

Summary Multiple vulnerabilities were addressed in IBM Disconnected Log Collector version 2.0.0. Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop...

’Tis the Season to Be Cyber-Wary: How Thales Protects Against Account Takeover During Peak Shopping Season

The holiday shopping season is the busiest time of year for online retailers, and increasingly the most dangerous. As traffic surges and customers rush to place orders, cybercriminals use the distraction and volume to blend in. Account Takeover ATO attacks spike sharply in November and December,...

CLSA-2025-1764716872 tomcat: Fix of CVE-2025-31651

CVE-2025-31651: fix improper neutralization of escape, meta, or control sequences...

CVE-2025-66295

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, when a user with privilege of user creation creates a new user through the Admin UI and supplies a username containing path traversal sequences for example ..\Nijat or ../Nijat, Grav writes the account YAML file to an unintended path...

Directory Traversal

Overview unstructured is an A library that prepares raw documents for downstream ML tasks. Affected versions of this package are vulnerable to Directory Traversal via the partitionmsg function’s handling of attachment filenames in email MSG files. An attacker can exploit this vulnerability by...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via algorithmic complexity in the SQL parsing logic. The parser fails to enforce limits when handling deeply nested tuples or unusually large token sequences, allowing an attacker to...

Directory Traversal

Overview rxiv-maker is a Write scientific preprints in Markdown. Generate publication-ready PDFs efficiently. Affected versions of this package are vulnerable to Directory Traversal due to insufficient sanitization of GitHub name input. The GitHub name validation logic fails to strip path...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal due to missing canonicalization of destination file paths during model downloads. The createNewFile function in pkg/agent/storage/https.go previously used the fileFullName argument directly without cleaning, allowing...

Directory Traversal

Overview gapless-crypto-clickhouse is a ClickHouse-based cryptocurrency data collection with zero-gap guarantee. 22x faster via Binance public repository with persistent database storage, USDT-margined futures support, and production-ready ReplacingMergeTree schema. Affected versions of this...

Directory Traversal

Overview gapless-crypto-data is a Cryptocurrency OHLCV data collection with gap-free guarantee. Retrieves microstructure-enriched kline data from Binance Public Data Repository with automatic gap detection and filling. Affected versions of this package are vulnerable to Directory Traversal due to...