21254 matches found
Measuring Computational Universality of Fully Homomorphic Encryption
Many real-world applications, such as machine learning and graph analytics, involve combinations of linear and non-linear operations. As these applications increasingly handle sensitive data, there is a significant demand for privacy-preserving computation techniques capable of efficiently...
Making Acoustic Side-Channel Attacks on Noisy Keyboards Viable with LLM-Assisted Spectrograms' "Typo" Correction
The large integration of microphones into devices increases the opportunities for Acoustic Side-Channel Attacks ASCAs, as these can be used to capture keystrokes' audio signals that might reveal sensitive information. However, the current State-Of-The-Art SOTA models for ASCAs, including...
The Obvious Invisible Threat: LLM-Powered GUI Agents' Vulnerability to Fine-Print Injections
A Large Language Model LLM powered GUI agent is a specialized autonomous system that performs tasks on the user's behalf according to high-level instructions. It does so by perceiving and interpreting the graphical user interfaces GUIs of relevant apps, often visually, inferring necessary sequenc...
BIT-GIT-2024-52005 The sideband payload is passed unfiltered to the terminal in git
Git is a source code management tool. When cloning from a server or fetching, or pushing, informational or error messages are transported from the remote Git process to the client via the so-called "sideband channel". These messages will be prefixed with "remote:" and printed directly to the...
BIT-GIT-2024-50349 Git does not sanitize URLs when asking for credentials interactively
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When Git asks for credentials via a terminal prompt i.e. without using any credential helper, it prints out the host name for whic...
The vulnerabilities of the FortiOS graphical interface, the FortiProxy proxy server for protecting against internet attacks, and the scalable cloud-based security system FortiSASE allow attackers to execute arbitrary code.
The vulnerability of the FortiOS graphical interface, the FortiProxy proxy server for protecting against internet attacks, and the scalable cloud-based security system FortiSASE are related to the failure to handle CRLF sequences in HTTP headers. Exploiting this vulnerability allows a remote...
Advisory ROSA-SA-2025-2804
Software: httpd 2.4.37 OS: ROSA Virtualization 3.0 packageevrstring: httpd-2.4.37-65.rv30.3 CVE-ID: CVE-2023-31122 BDU-ID: 2023-07124 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the modmacro module of the Apache HTTP Server web server involves reading beyond memory boundaries. Exploitation of th...
SUSE CVE-2012-0419
Directory traversal vulnerability in the agent HTTP interfaces in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to read arbitrary files via directory traversal sequences in a request...
EulerOS 2.0 SP11 : git (EulerOS-SA-2025-1356)
According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Git is a source code management tool. When cloning from a server or fetching, or pushing, informational or error messages are transported from the...
EulerOS 2.0 SP11 : git (EulerOS-SA-2025-1355)
According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Git is a source code management tool. When cloning from a server or fetching, or pushing, informational or error messages are transported from the...
Huawei EulerOS: Security Advisory for git (EulerOS-SA-2025-1355)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for git (EulerOS-SA-2025-1356)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: IBM Maximo Application Suite - IoT uses multiple dependencies which is vulnerable to CVEs.
Summary IBM Maximo Application Suite - IoT uses pip-9.0.3.dist-info, urllib3-1.24.2-py3.6.egg-info, setuptools-39.2.0.dist-info which is vulnerable to CVE-2019-20916, CVE-2023-43804, CVE-2024-6345. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Detai...
Security Bulletin: Vulnerabilities in Linux Kernel, MongoDB, Python, Samba, OpenSSL and cURL libcurl affect IBM Spectrum Protect Plus
Summary IBM Spectrum Protect Plus can be affected by vulnerabilities in libcurl, MongoDB, Python, Samba, OpenSSL and Linux. Vulnerabilities include obtaining sensitive information, causing a denial of service condition, the elevation of privileges, remote execution of arbitrary code and bypassing...
Brave Software: Prompt Injection via GitHub Patch in Brave AI Chat (Leo)
Component: Brave AI Chat brave-core/components/aichat/ Severity: High Confirmed ability to override AI instructions and persona via fetched content Vulnerability Summary The Brave AI Chat feature allows fetching .patch files from GitHub pull request pages to use as context. A combination of...
Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 292 Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The...
Path Traversal
go.rgst.io/stencil/v2 is vulnerable to Path Traversal. The vulnerability is due to insufficient validation of file paths during archive extraction, which allows directory traversal sequences like ../ to write files outside the intended extraction directory...
📄 MaxTime Database Editor 1.9 Authentication Bypass
MaxTime Database Editor version 1.9 suffers from an authentication bypass vulnerability. This CVE also notes the same flow can be used to execute arbitrary code. Exploit Title: MaxTime Database Editor 1.9 Authentication Bypass Google Dork: N/A Date: 07/09/2024 Exploit Author: Andrew Lemon/Red...
Intelight X-1L Traffic controller Maxtime 1.9.6 - Remote Code Execution (RCE)
Exploit Title: Intelight X-1L Traffic controller Maxtime 1.9.6 - Remote Code Execution RCE Google Dork: N/A Date: 07/09/2024 Exploit Author: Andrew Lemon/Red Threat https://redthreatsec.com Vendor Homepage: https://www.q-free.com Software Link: N/A Version: 1.9 Tested on: Intelight x-1 Linux...
Amazon EC2 SSM Agent Flaw Patched After Privilege Escalation via Path Traversal
Cybersecurity researchers have disclosed details of a now-patched security flaw in the Amazon EC2 Simple Systems Manager SSM Agent that, if successfully exploited, could permit an attacker to achieve privilege escalation and code execution. The vulnerability could permit an attacker to create...