2489 matches found
EUVD-2025-18313
Malicious code in bioql PyPI...
EUVD-2025-16049
Malicious code in bioql PyPI...
Rancher 安全漏洞
Rancher is an open source container management platform from Rancher Open Source in the United States, built for organizations that deploy containers in production environments. A security vulnerability exists in Rancher that stems from a lack of server-side authentication, which could lead to...
CVE-2025-57443
FrostWire 6.14.0-build-326 on macOS is affected by a local privilege escalation arising from permissive entitlements (allow-dyld-environment-variables, disable-library-validation). The issue enables unprivileged local attackers to inject code into the FrostWire process via the DYLD_INSERT_LIBRARI...
Mapping Quantum Threats: An Engineering Inventory of Cryptographic Dependencies
The emergence of large-scale quantum computers, powered by algorithms like Shor's and Grover's, poses an existential threat to modern public-key cryptography. This vulnerability stems from the ability of these machines to efficiently solve the hard mathematical problems - such as integer...
Automated Vulnerability Validation and Verification: A Large Language Model Approach
Software vulnerabilities remain a critical security challenge, providing entry points for attackers into enterprise networks. Despite advances in security practices, the lack of high-quality datasets capturing diverse exploit behavior limits effective vulnerability assessment and mitigation. This...
XSS-CTFs
XSS-CTFs Contains hands-on XSS test cases from beginner...
PT-2025-39337
Name of the Vulnerable Software and Affected Versions Omni versions prior to 0.48.0 Description Omni, a Kubernetes management platform, has a potential issue where the Wireguard SideroLink component could be exploited to allow unauthorized packet transmission. The system establishes a peer-to-pee...
Security Bulletin: Multiple vulnerabilities affect CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition.
Summary Java Runtime Environments and IBM Semeru Runtimes are used by CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition. CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition have been updated in order to address the multip...
Obelix: Mitigating Side-Channels through Dynamic Obfuscation
Trusted execution environments TEEs offer hardware-assisted means to protect code and data. However, as shown in numerous results over the years, attackers can use side-channels to leak data access patterns and even single-step the code. While the vendors are slowly introducing hardware-based...
[SECURITY] Fedora 43 Update: prometheus-podman-exporter-1.18.1-1.fc43
Prometheus exporter for podman environments exposing containers, pods, images, volumes and networks information...
CVE-2025-59717
In the @digitalocean/do-markdownit package through 1.16.1 in npm, the callout and fenceenvironment plugins perform .includes substring matching if allowedClasses or allowedEnvironments is a string instead of an array...
@digitalocean/do-markdownit has Type Confusion vulnerability
Overview A type confusion issue exists in the @digitalocean/do-markdownit package. In the callout and fenceenvironment plugins, the allowedClasses and allowedEnvironments options are expected to be arrays of strings. If these options are provided as a single string, the code applies .includes...
Access of Resource Using Incompatible Type ('Type Confusion')
Overview @digitalocean/do-markdownit is a Markdown-It plugin for the DigitalOcean Community. Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' in the callout and fenceenvironment plugins when allowedClasses or allowedEnvironments is...
GHSA-2H8J-8R9P-849F @digitalocean/do-markdownit has Type Confusion vulnerability
Overview A type confusion issue exists in the @digitalocean/do-markdownit package. In the callout and fenceenvironment plugins, the allowedClasses and allowedEnvironments options are expected to be arrays of strings. If these options are provided as a single string, the code applies .includes...
CVE-2025-59717
In the @digitalocean/do-markdownit package through 1.16.1 in npm, the callout and fenceenvironment plugins perform .includes substring matching if allowedClasses or allowedEnvironments is a string instead of an array...
Automated Cyber Defense with Generalizable Graph-Based Reinforcement Learning Agents
Deep reinforcement learning RL is emerging as a viable strategy for automated cyber defense ACD. The traditional RL approach represents networks as a list of computers in various states of safety or threat. Unfortunately, these models are forced to overfit to specific network topologies, renderin...
CVE-2025-59717
In the @digitalocean/do-markdownit package through 1.16.1 in npm, the callout and fenceenvironment plugins perform .includes substring matching if allowedClasses or allowedEnvironments is a string instead of an array...
Wazuh 4.13.0
Wazuh is a free and open source security platform that unifies XDR and SIEM capabilities. It protects workloads across on-premises, virtualized, containerized, and cloud-based environments. This is the source code release...
CVE-2025-59717
In the @digitalocean/do-markdownit package through 1.16.1 in npm, the callout and fenceenvironment plugins perform .includes substring matching if allowedClasses or allowedEnvironments is a string instead of an array...