Lucene search
K

2489 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-18313

Malicious code in bioql PyPI...

6.6AI score
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-16049

Malicious code in bioql PyPI...

7.5CVSS6.4AI score0.00242EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/10/02 12:0 a.m.4 views

Rancher 安全漏洞

Rancher is an open source container management platform from Rancher Open Source in the United States, built for organizations that deploy containers in production environments. A security vulnerability exists in Rancher that stems from a lack of server-side authentication, which could lead to...

7.6CVSS9AI score0.00453EPSS
Exploits0References2
CVE
CVE
added 2025/10/02 12:0 a.m.13 views

CVE-2025-57443

FrostWire 6.14.0-build-326 on macOS is affected by a local privilege escalation arising from permissive entitlements (allow-dyld-environment-variables, disable-library-validation). The issue enables unprivileged local attackers to inject code into the FrostWire process via the DYLD_INSERT_LIBRARI...

5.1CVSS6.5AI score0.00126EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2025/09/29 12:0 a.m.3 views

Mapping Quantum Threats: An Engineering Inventory of Cryptographic Dependencies

The emergence of large-scale quantum computers, powered by algorithms like Shor's and Grover's, poses an existential threat to modern public-key cryptography. This vulnerability stems from the ability of these machines to efficiently solve the hard mathematical problems - such as integer...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/28 12:0 a.m.6 views

Automated Vulnerability Validation and Verification: A Large Language Model Approach

Software vulnerabilities remain a critical security challenge, providing entry points for attackers into enterprise networks. Despite advances in security practices, the lack of high-quality datasets capturing diverse exploit behavior limits effective vulnerability assessment and mitigation. This...

7.6AI score
Exploits0
GithubExploit
GithubExploit
added 2025/09/26 4:41 a.m.200 views

XSS-CTFs

XSS-CTFs Contains hands-on XSS test cases from beginner...

6.4AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/09/24 12:0 a.m.3 views

PT-2025-39337

Name of the Vulnerable Software and Affected Versions Omni versions prior to 0.48.0 Description Omni, a Kubernetes management platform, has a potential issue where the Wireguard SideroLink component could be exploited to allow unauthorized packet transmission. The system establishes a peer-to-pee...

9.9CVSS9.4AI score0.02829EPSS
Exploits11References48
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/23 4:37 p.m.6 views

Security Bulletin: Multiple vulnerabilities affect CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition.

Summary Java Runtime Environments and IBM Semeru Runtimes are used by CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition. CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition have been updated in order to address the multip...

8.1CVSS6.4AI score0.01058EPSS
Exploits1Affected Software2
Packet Storm News
Packet Storm News
added 2025/09/23 12:0 a.m.3 views

Obelix: Mitigating Side-Channels through Dynamic Obfuscation

Trusted execution environments TEEs offer hardware-assisted means to protect code and data. However, as shown in numerous results over the years, attackers can use side-channels to leak data access patterns and even single-step the code. While the vendors are slowly introducing hardware-based...

7.2AI score
Exploits0
Fedora
Fedora
added 2025/09/22 12:17 a.m.5 views

[SECURITY] Fedora 43 Update: prometheus-podman-exporter-1.18.1-1.fc43

Prometheus exporter for podman environments exposing containers, pods, images, volumes and networks information...

5.3CVSS7AI score0.00385EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/09/21 12:11 a.m.31 views

CVE-2025-59717

In the @digitalocean/do-markdownit package through 1.16.1 in npm, the callout and fenceenvironment plugins perform .includes substring matching if allowedClasses or allowedEnvironments is a string instead of an array...

5.4CVSS6.7AI score0.00361EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2025/09/19 6:31 a.m.8 views

@digitalocean/do-markdownit has Type Confusion vulnerability

Overview A type confusion issue exists in the @digitalocean/do-markdownit package. In the callout and fenceenvironment plugins, the allowedClasses and allowedEnvironments options are expected to be arrays of strings. If these options are provided as a single string, the code applies .includes...

9.8CVSS6.7AI score0.00361EPSS
Exploits1References5Affected Software1
Snyk
Snyk
added 2025/09/19 6:31 a.m.4 views

Access of Resource Using Incompatible Type ('Type Confusion')

Overview @digitalocean/do-markdownit is a Markdown-It plugin for the DigitalOcean Community. Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' in the callout and fenceenvironment plugins when allowedClasses or allowedEnvironments is...

9.8CVSS6.6AI score0.00361EPSS
Exploits1References2
OSV
OSV
added 2025/09/19 6:31 a.m.4 views

GHSA-2H8J-8R9P-849F @digitalocean/do-markdownit has Type Confusion vulnerability

Overview A type confusion issue exists in the @digitalocean/do-markdownit package. In the callout and fenceenvironment plugins, the allowedClasses and allowedEnvironments options are expected to be arrays of strings. If these options are provided as a single string, the code applies .includes...

5.4CVSS6.7AI score0.00361EPSS
Exploits1References4
NVD
NVD
added 2025/09/19 4:16 a.m.4 views

CVE-2025-59717

In the @digitalocean/do-markdownit package through 1.16.1 in npm, the callout and fenceenvironment plugins perform .includes substring matching if allowedClasses or allowedEnvironments is a string instead of an array...

9.8CVSS0.00361EPSS
Exploits1References3
Packet Storm News
Packet Storm News
added 2025/09/19 12:0 a.m.6 views

Automated Cyber Defense with Generalizable Graph-Based Reinforcement Learning Agents

Deep reinforcement learning RL is emerging as a viable strategy for automated cyber defense ACD. The traditional RL approach represents networks as a list of computers in various states of safety or threat. Unfortunately, these models are forced to overfit to specific network topologies, renderin...

7.1AI score
Exploits0
Cvelist
Cvelist
added 2025/09/19 12:0 a.m.9 views

CVE-2025-59717

In the @digitalocean/do-markdownit package through 1.16.1 in npm, the callout and fenceenvironment plugins perform .includes substring matching if allowedClasses or allowedEnvironments is a string instead of an array...

5.4CVSS0.00361EPSS
Exploits1References3
Packet Storm News
Packet Storm News
added 2025/09/19 12:0 a.m.3 views

Wazuh 4.13.0

Wazuh is a free and open source security platform that unifies XDR and SIEM capabilities. It protects workloads across on-premises, virtualized, containerized, and cloud-based environments. This is the source code release...

7.1AI score
Exploits0
OSV
OSV
added 2025/09/19 12:0 a.m.4 views

CVE-2025-59717

In the @digitalocean/do-markdownit package through 1.16.1 in npm, the callout and fenceenvironment plugins perform .includes substring matching if allowedClasses or allowedEnvironments is a string instead of an array...

5.4CVSS6.8AI score0.00361EPSS
Exploits1References5
Rows per page
Query Builder