EulerOS Virtualization 2.12.0 : unbound (EulerOS-SA-2025-1575)

According to the versions of the unbound packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that i...

EulerOS Virtualization 2.12.1 : unbound (EulerOS-SA-2025-1559)

According to the versions of the unbound packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that i...

Security Bulletin: Vulnerabilities in jQuery, Moment, Jackson-mapper-asl and Red Hat JBoss Enterprise Application Platform might affect IBM Storage Defender Copy Data Management.

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in jQuery, Moment, Jackson-mapper-asl and Red Hat JBoss Enterprise Application Platform. Vulnerabilities include an attacker or a remote attacker could use or exploit these vulnerabilities to steal the victim's...

Security Bulletin: Vulnerabilities in Beego and golang crypto might affect IBM Storage Defender Copy Data Management.

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Beego and golang crypto. Vulnerabilities include Applications and libraries which misuse connection.serverAuthenticate via callback field ServerConfig.PublicKeyCallback may be susceptible to an authorization...

OESA-2025-1524 python-django security update

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.striptags function is vulnerable to a potential...

Security Bulletin: Due to the use of Apache Tomcat, IBM ApplinX is vulnerable to an Improper Encoding or Escaping of Output vulnerability (CVE-2025-31651) and an Improper Input Validation vulnerability (CVE-2025-31651).

Summary Due to the use of Apache Tomcat, IBM ApplinX is vulnerable to an Improper Encoding or Escaping of Output vulnerability CVE-2025-31651 and an Improper Input Validation vulnerability CVE-2025-31651. Apache Tomcat has been updated within IBM ApplinX in order to address the vulnerabilities...

Diverging Towards Hallucination: Detection of Failures in Vision-Language Models Via Multi-Token Aggregation

Vision-language models VLMs now rival human performance on many multimodal tasks, yet they still hallucinate objects or generate unsafe text. Current hallucination detectors, e.g., single-token linear probing SLP and PTrue, typically analyze only the logit of the first generated token or just its...

git: The sideband payload is passed unfiltered to the terminal in git

A flaw was found in Git. When cloning, fetching, or pushing from a server, informational or error messages are transported from the remote Git process to the client via a sideband channel. These messages are prefixed with "remote:" and printed directly to the standard error output. Typically, thi...

git: The sideband payload is passed unfiltered to the terminal in git

A flaw was found in Git. When cloning, fetching, or pushing from a server, informational or error messages are transported from the remote Git process to the client via a sideband channel. These messages are prefixed with "remote:" and printed directly to the standard error output. Typically, thi...

SecReEvalBench: a Multi-Turned Security Resilience Evaluation Benchmark for Large Language Models

The increasing deployment of large language models in security-sensitive domains necessitates rigorous evaluation of their resilience against adversarial prompt-based attacks. While previous benchmarks have focused on security evaluations with limited and predefined attack domains, such as...

Security Bulletin: Vulnerability in Jinja affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Jinja has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerability...

Learning How to Hack: Why Offensive Security Training Benefits Your Entire Security Team

Organizations across industries are experiencing significant escalations in cyberattacks, particularly targeting critical infrastructure providers and cloud-based enterprises. Verizon's recently released 2025 Data Breach Investigations Report found an 18% YoY increase in confirmed breaches, with...

Denial Of Service (DoS)

Django is vulnerable to Denial-of-Service DoS. The vulnerability is due to inefficient HTML parsing due to the striptags function's slow performance when processing large sequences of incomplete HTML tags, which also affects the striptags template filter...

IBM Concert Software Path Traversal Vulnerability

IBM Concert Software is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. A path traversal vulnerability exists in IBM Concert Software that stems from improperly handling URL requests that contain point sequences, a...

Alibaba Cloud Linux 3 : 0003: grub2 (ALINUX3-SA-2023:0003)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2023:0003 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-2601: A buffer overflow was found...

Alibaba Cloud Linux 3 : 0083: python-cryptography (ALINUX3-SA-2022:0083)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0083 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2020-25659: python-cryptography 3.2 is...

Alibaba Cloud Linux 3 : 0088: util-linux (ALINUX3-SA-2024:0088)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2024:0088 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-28085: wall in util-linux through 2.40,...

Alibaba Cloud Linux 3 : 0018: subversion:1.10 (ALINUX3-SA-2021:0018)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2021:0018 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2019-0203: In Apache Subversion versio...

Alibaba Cloud Linux 3 : 0116: rust-toolset:rhel8 (ALINUX3-SA-2022:0116)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0116 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2019-12083: The Rust Programming...

GHSA-FW82-87P8-V6HP Kirby vulnerable to path traversal of snippet names in the `snippet()` helper

TL;DR This vulnerability affects all Kirby sites that use the snippet helper or $kirby-snippet method with a dynamic snippet name such as a snippet name that depends on request or user data. Sites that only use fixed calls to the snippet helper/$kirby-snippet method i.e. calls with a simple strin...