git: The sideband payload is passed unfiltered to the terminal in git

A flaw was found in Git. When cloning, fetching, or pushing from a server, informational or error messages are transported from the remote Git process to the client via a sideband channel. These messages are prefixed with "remote:" and printed directly to the standard error output. Typically, thi...

SecReEvalBench: a Multi-Turned Security Resilience Evaluation Benchmark for Large Language Models

The increasing deployment of large language models in security-sensitive domains necessitates rigorous evaluation of their resilience against adversarial prompt-based attacks. While previous benchmarks have focused on security evaluations with limited and predefined attack domains, such as...

Security Bulletin: Vulnerability in Jinja affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Jinja has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerability...

Learning How to Hack: Why Offensive Security Training Benefits Your Entire Security Team

Organizations across industries are experiencing significant escalations in cyberattacks, particularly targeting critical infrastructure providers and cloud-based enterprises. Verizon's recently released 2025 Data Breach Investigations Report found an 18% YoY increase in confirmed breaches, with...

Denial Of Service (DoS)

Django is vulnerable to Denial-of-Service DoS. The vulnerability is due to inefficient HTML parsing due to the striptags function's slow performance when processing large sequences of incomplete HTML tags, which also affects the striptags template filter...

IBM Concert Software Path Traversal Vulnerability

IBM Concert Software is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. A path traversal vulnerability exists in IBM Concert Software that stems from improperly handling URL requests that contain point sequences, a...

Alibaba Cloud Linux 3 : 0083: python-cryptography (ALINUX3-SA-2022:0083)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0083 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2020-25659: python-cryptography 3.2 is...

Alibaba Cloud Linux 3 : 0018: subversion:1.10 (ALINUX3-SA-2021:0018)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2021:0018 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2019-0203: In Apache Subversion versio...

Alibaba Cloud Linux 3 : 0116: rust-toolset:rhel8 (ALINUX3-SA-2022:0116)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0116 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2019-12083: The Rust Programming...

Alibaba Cloud Linux 3 : 0088: util-linux (ALINUX3-SA-2024:0088)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2024:0088 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-28085: wall in util-linux through 2.40,...

Alibaba Cloud Linux 3 : 0003: grub2 (ALINUX3-SA-2023:0003)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2023:0003 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-2601: A buffer overflow was found...

Kirby vulnerable to path traversal of snippet names in the `snippet()` helper

TL;DR This vulnerability affects all Kirby sites that use the snippet helper or $kirby-snippet method with a dynamic snippet name such as a snippet name that depends on request or user data. Sites that only use fixed calls to the snippet helper/$kirby-snippet method i.e. calls with a simple strin...

GHSA-FW82-87P8-V6HP Kirby vulnerable to path traversal of snippet names in the `snippet()` helper

TL;DR This vulnerability affects all Kirby sites that use the snippet helper or $kirby-snippet method with a dynamic snippet name such as a snippet name that depends on request or user data. Sites that only use fixed calls to the snippet helper/$kirby-snippet method i.e. calls with a simple strin...

Kirby vulnerable to path traversal of collection names during file system lookup

TL;DR This vulnerability affects all Kirby sites that use the collection helper or $kirby-collection method with a dynamic collection name such as a collection name that depends on request or user data. Sites that only use fixed calls to the collection helper/$kirby-collection method i.e. calls...

GHSA-X275-H9J4-7P4H Kirby vulnerable to path traversal of collection names during file system lookup

TL;DR This vulnerability affects all Kirby sites that use the collection helper or $kirby-collection method with a dynamic collection name such as a collection name that depends on request or user data. Sites that only use fixed calls to the collection helper/$kirby-collection method i.e. calls...

git: The sideband payload is passed unfiltered to the terminal in git

A flaw was found in Git. When cloning, fetching, or pushing from a server, informational or error messages are transported from the remote Git process to the client via a sideband channel. These messages are prefixed with "remote:" and printed directly to the standard error output. Typically, thi...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal due to the improper handling of dynamic collection names in the collection helper or $kirby-collection method. An attacker can execute arbitrary PHP code and access sensitive files on the server by manipulating the...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the snippet helper or $kirby-snippet method with a dynamic snippet name. An attacker can access arbitrary files by manipulating the snippet path to traverse to directories outside of the intended snippet's root...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via a missing check in the router implementation. An attacker can navigate and determine the existence of files on the server using special elements such as .. and / separators. Details A Directory Traversal attack...

php: Single byte overread with convert.quoted-printable-decode filter

A memory-related vulnerability was found in PHP’s filter handling system, particularly when processing input with convert.quoted-printable-decode filters. This issue can lead to a segmentation fault. This vulnerability is triggered through specific sequences of input data, causing PHP to crash...