CVE-2025-54572

The Ruby SAML library is for implementing the client side of a SAML authorization. In versions 1.18.0 and below, a denial-of-service vulnerability exists in ruby-saml even with the messagemaxbytesize setting configured. The vulnerability occurs because the SAML response is validated for Base64...

CVE-2025-54572 Ruby SAML DOS vulnerability with large SAML response

The Ruby SAML library is for implementing the client side of a SAML authorization. In versions 1.18.0 and below, a denial-of-service vulnerability exists in ruby-saml even with the messagemaxbytesize setting configured. The vulnerability occurs because the SAML response is validated for Base64...

SHoM: a Mental-Synthesis Trust Management Model for Mitigating Botnet-Driven DDoS Attacks in the Internet of Things

The advantages of IoT in strengthening commercial, industrial, and social ecosystems have led to its widespread expansion. Nevertheless, because endpoint devices have limited computation, storage, and communication capabilities, the IoT infrastructure is vulnerable to several cyber threats. As a...

CVE-2025-40600

Use of Externally-Controlled Format String vulnerability in the SonicOS SSL VPN interface allows a remote unauthenticated attacker to cause service disruption...

CVE-2025-40600

Use of Externally-Controlled Format String vulnerability in the SonicOS SSL VPN interface allows a remote unauthenticated attacker to cause service disruption...

CVE-2025-40600

Use of Externally-Controlled Format String vulnerability in the SonicOS SSL VPN interface allows a remote unauthenticated attacker to cause service disruption...

RLSA-2025:4658 Moderate: libtiff security update

The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: libtiff: Heap-based buffer overflow in tools/pal2rgb.c can lead to denial of service CVE-2017-17095 For more details about the security issues, including the impact, a CVSS...

CVE-2025-44137

MapTiler Tileserver-php v2.0 is vulnerable to Directory Traversal. The renderTile function within tileserver.php is responsible for delivering tiles that are stored as files on the server via web request. Creating the path to a file allows the insertion of "../" and thus read any file on the web...

📄 Malicious Windows Script Host VBScript File

This Metasploit module creates a Windows Script Host WSH VBScript .vbs file. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Malicious Windows Script Host VBScript .vbs File', 'Description' = %...

Repairing Vulnerabilities without Invisible Hands. a Differentiated Replication Study on LLMs

Background: Automated Vulnerability Repair AVR is a fast-growing branch of program repair. Recent studies show that large language models LLMs outperform traditional techniques, extending their success beyond code generation and fault detection. Hypothesis: These gains may be driven by hidden...

An Open-Source Implementation and Security Analysis of Triad'S TEE Trusted Time Protocol

The logic of many protocols relies on time measurements. However, in Trusted Execution Environments TEEs like Intel SGX, the time source is outside the Trusted Computing Base: a malicious system hosting the TEE can manipulate that TEE's notion of time, e.g., jumping in time or affecting the...

Measuring and Explaining the Effects of Android App Transformations in Online Malware Detection

It is well known that antivirus engines are vulnerable to evasion techniques e.g., obfuscation that transform malware into its variants. However, it cannot be necessarily attributed to the effectiveness of these evasions, and the limits of engines may also make this unsatisfactory result. In this...

LibTIFF 安全漏洞

LibTIFF is a LibTIFF open source library for reading and writing TIFF Tagged Image File Format files. The library contains some command line tools for working with TIFF files. A security vulnerability exists in LibTIFF version 4.7.0 and earlier, which stems from a buffer overflow in the function...

OESA-2025-1893 tomcat security update

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Security Fixes: Concurrent Execution using Shar...

OESA-2025-1878 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: bpf: consider that tail calls invalidate packet pointers Tail-called programs could execute any of the helpers that invalidate packet pointers. Hence,...

IrfanView CADImage Plugin Buffer Overflow Vulnerability (CNVD-2025-17026)

IrfanView CADImage Plugin is a CAD plugin from IrfanView. IrfanView CADImage Plugin suffers from a buffer overflow vulnerability that stems from a lack of validation of user-supplied data when parsing DXF files, which can be exploited by an attacker to execute code in the context of the current...

How to Copy-Protect Malleable-Puncturable Cryptographic Functionalities under Arbitrary Challenge Distributions

A quantum copy-protection scheme Aaronson, CCC 2009 encodes a functionality into a quantum state such that given this state, no efficient adversary can create two possibly entangled quantum states that are both capable of running the functionality. There has been a recent line of works on...

IrfanView CADImage Plugin Buffer Overflow Vulnerability (CNVD-2025-17027)

IrfanView CADImage Plugin is a CAD plugin from IrfanView. IrfanView CADImage Plugin suffers from a buffer overflow vulnerability that stems from a lack of validation of user-supplied data when parsing DXF files, which can be exploited by an attacker to execute code in the context of the current...

Security update for ImageMagick

This update for ImageMagick fixes the following issues: CVE-2025-53014: Fixed an off-by-one error may cause an out-of-bounds memory access bsc1246530 CVE-2025-53019: Fixed format specifiers in a filename template may cause a memory leak bsc1246534 CVE-2025-53101: Fixed input manipulation may lead...

IrfanView CADImage Plugin Buffer Overflow Vulnerability (CNVD-2025-16829)

IrfanView CADImage Plugin is a CAD plugin from IrfanView. IrfanView CADImage Plugin suffers from a buffer overflow vulnerability that stems from a lack of validation of user data when parsing DWG files, which can be exploited by an attacker to execute code in the context of the current process...