Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : ImageMagick vulnerabilities (USN-7876-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-7876-1 advisory. It was discovered that ImageMagick did not properly handle memory when encoding BMP images. An attacke...

JLSEC-2025-203 In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows...

In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level administrator attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single...

CVE-2025-25613

FS Inc S3150-8T2F 8-Port Gigabit Ethernet L2+ Switch, 8 x Gigabit RJ45, with 2 x 1Gb SFP, Fanless. All versions before 2.2.0D Build 135103 were discovered to transmit cookies for their web based administrative application containing usernames and passwords. These were transmitted in cleartext usi...

USN-7876-1 imagemagick vulnerabilities

It was discovered that ImageMagick did not properly handle memory when encoding BMP images. An attacker could possibly use this issue to cause ImageMagick to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue exists due to an incomplete fix for CVE-2025-57803...

DEBIAN-CVE-2025-60796

phpPgAdmin 7.13.0 and earlier contains multiple cross-site scripting XSS vulnerabilities across various components. User-supplied input from $REQUEST parameters is reflected in HTML output without proper encoding or sanitization in multiple locations including sequences.php, indexes.php, admin.ph...

BIT-GITLAB-2025-11990 Improper Handling of URL Encoding (Hex Encoding) in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated user to gain CSRF tokens by exploiting improper input validation in repository references combined with redirect handling weaknesses...

phpPgAdmin 安全漏洞

phpPgAdmin is an open source application of phppgadmin. The premier web-based administration tool for postgresql. A security vulnerability exists in phpPgAdmin 7.13.0 and prior versions, which stems from multiple components that do not properly encode or clean up user input, and could lead to a...

TencentOS Server 3: container-tools:4.0 (TSSA-2024:0104)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0104 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

TencentOS Server 4: gdk-pixbuf2 (TSSA-2025:0706)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0706 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

TencentOS Server 4: python3.12 (TSSA-2025:0248)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0248 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

TencentOS Server 4: libpq (TSSA-2025:0367)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0367 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

TencentOS Server 4: postgresql (TSSA-2025:0369)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0369 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Exploit for Deserialization of Untrusted Data in Laravel

CVE-2018-15133-PoC Este script Python implementa un exploit d...

CVE-2025-64765 Astro middleware authentication checks based on url.pathname can be bypassed via url encoded values

Astro is a web framework. Prior to version 5.15.8, a mismatch exists between how Astro normalizes request paths for routing/rendering and how the application’s middleware reads the path for validation checks. Astro internally applies decodeURI to determine which route to render, while the...

CLSA-2025-1763371545 gdk-pixbuf2: Fix of CVE-2025-7345

CVE-2025-7345: fix heap buffer overflow during base64 encoding in gdkpixbufjpegimageloadincrement...

Interpretable Ransomware Detection Using Hybrid Large Language Models: A Comparative Analysis of BERT, RoBERTa, and DeBERTa through LIME and SHAP

Ransomware continues to evolve in complexity, making early and explainable detection a critical requirement for modern cybersecurity systems. This study presents a comparative analysis of three Transformer-based Large Language Models LLMs BERT, RoBERTa, and DeBERTa for ransomware detection using...

CVE-2025-11990 Improper Handling of URL Encoding (Hex Encoding) in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated user to gain CSRF tokens by exploiting improper input validation in repository references combined with redirect handling weaknesses...

CVE-2025-11990

GitLab CVE-2025-11990 affects GitLab EE with affected versions 18.4 before 18.4.4 and 18.5 before 18.5.2. The issue arises from improper input validation in repository references combined with redirect handling weaknesses, enabling an authenticated user to obtain CSRF tokens. Remediation per conn...

CVE-2025-11990 Improper Handling of URL Encoding (Hex Encoding) in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated user to gain CSRF tokens by exploiting improper input validation in repository references combined with redirect handling weaknesses...

File Browser has risk of HTTP Request/Response smuggling through vulnerable dependency

The standard library net/http package dependency used by File Browser improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. I can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a...