Security update for libarchive

This update for libarchive fixes the following issues: CVE-2025-5914: Fixed double free due to an integer overflow in the archivereadformatrarseekdata function bsc1244272 CVE-2025-5915: Fixed heap buffer over read in copyfromlzsswindow at archivereadsupportformatrar.c bsc1244273 CVE-2025-5916:...

GNU Binutils elf.c bfd_elf_set_group_contents out-of-bounds write

...

Multi-Stage Knowledge-Distilled VGAE and GAT for Robust Controller-Area-Network Intrusion Detection

The Controller Area Network CAN protocol is a standard for in-vehicle communication but remains susceptible to cyber-attacks due to its lack of built-in security. This paper presents a multi-stage intrusion detection framework leveraging unsupervised anomaly detection and supervised graph learnin...

Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2025-1881)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for openjpeg2 (EulerOS-SA-2025-1731)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CLSA-2025-1754412669 gstreamer1-plugins-bad-free: Fix of CVE-2023-44446

CVE-2023-44446: fix use-after-free in MXF demuxer by storing essence tracks in fixed allocations...

Exploit for Inclusion of Functionality from Untrusted Control Sphere in Sudo_Project Sudo

🚨 PoC: CVE-2025-32463 – Sudo chroot Escape Vulnerability A...

Exploit for Inclusion of Functionality from Untrusted Control Sphere in Sudo_Project Sudo

PoC exploit for CVE-2025-32463, a privilege escalation vulnerabi...

Exploit for Code Injection in Xwiki

CVE-2025-24893 PoC | XWiki Platform 15.10.10 - Remote Code...

PT-2025-40878

Name of the Vulnerable Software and Affected Versions OpenEXR versions prior to 8.0 Description An issue exists in decoding OpenEXR files that utilize DWAA or DWAB compression. The software implicitly assumes image height and width are divisible by 8. When this condition is not met, copy loops ca...

From Legacy to Standard: LLM-Assisted Transformation of Cybersecurity Playbooks into CACAO Format

Existing cybersecurity playbooks are often written in heterogeneous, non-machine-readable formats, which limits their automation and interoperability across Security Orchestration, Automation, and Response platforms. This paper explores the suitability of Large Language Models, combined with Prom...

ASTRA: Autonomous Spatial-Temporal Red-Teaming for AI Software Assistants

AI coding assistants like GitHub Copilot are rapidly transforming software development, but their safety remains deeply uncertain-especially in high-stakes domains like cybersecurity. Current red-teaming tools often rely on fixed benchmarks or unrealistic prompts, missing many real-world...

Git Multiple Vulnerabilities (Aug 2025) - Windows

Git is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:git:git"; ifdescription...

CVE-2025-44958

RUCKUS Network Director RND before 4.5 stores passwords in a recoverable format...

Exploit for Command Injection in Fit2Cloud 1Panel

CVE-2025-54424 CVE-2025-54424: 1Panel client vulnerability in...

SAMSUNG Exynos 安全漏洞

SAMSUNG Exynos is a family of processors from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Exynos that stems from a lack of JPEG length checking, which could lead to out-of-bounds writes...

Medium: ImageMagick

Issue Overview: ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-0 and 6.9.13-26 have a heap buffer overflow in the InterpretImageFilename function. The issue stems from an off-by-one error that causes out-of-bounds memory acce...

Complete Evasion, Zero Modification: PDF Attacks on AI Text Detection

AI-generated text detectors have become essential tools for maintaining content authenticity, yet their robustness against evasion attacks remains questionable. We present PDFuzz, a novel attack that exploits the discrepancy between visual text layout and extraction order in PDF documents. Our...

CVE-2025-54572

The Ruby SAML library is for implementing the client side of a SAML authorization. In versions 1.18.0 and below, a denial-of-service vulnerability exists in ruby-saml even with the messagemaxbytesize setting configured. The vulnerability occurs because the SAML response is validated for Base64...

Exploit for Relative Path Traversal in Articatech Artica_Proxy

LFI to RCE Exploit via Log Poisoning Python3 exploit for CVE...