UBUNTU-CVE-2025-5683

When loading a specifically crafted ICNS format image file in QImage then it will trigger a crash. This issue affects Qt from versions 6.3.0 through 6.5.9, from 6.6.0 through 6.8.4, 6.9.0. This is fixed in 6.5.10, 6.8.5 and 6.9.1...

CVE-2025-5683

CVE-2025-5683 : A vulnerability in Qt image loading (qtimageformats) exists when parsing ICNS image files in QImage, leading to a crash. The issue affects Qt 6.3.0–6.5.9, 6.6.0–6.8.4, and 6.9.0. A fixed patch is available in Qt releases 6.5.10, 6.8.5, and 6.9.1. The connected security advisory/ N...

CVE-2025-5683

When loading a specifically crafted ICNS format image file in QImage then it will trigger a crash. This issue affects Qt from versions 6.3.0 through 6.5.9, from 6.6.0 through 6.8.4, 6.9.0. This is fixed in 6.5.10, 6.8.5 and 6.9.1...

Exploit for Prototype Pollution in Naver Billboard.Js

💥 CVE-2025-49223 - Prototype Pollution in Billboard.js bill...

[SECURITY] Fedora 42 Update: libmodsecurity-3.0.14-1.fc42

Libmodsecurity is one component of the ModSecurity v3 project. The library codebase serves as an interface to ModSecurity Connectors taking in web traffic and applying traditional ModSecurity processing. In general, it provides the capability to load/interpret rules written in the ModSecurity...

Lichess: ImageId Format Injection in Image Upload Endpoint

The image upload endpoint in the Lichess application did not properly validate the 'rel' parameter, allowing an attacker to inject special characters that broke the expected format of the generated ImageId. This could have led to parsing issues in other parts of the application that relied on the...

Attention Knows Whom to Trust: Attention-Based Trust Management for LLM Multi-Agent Systems

Large Language Model-based Multi-Agent Systems LLM-MAS have demonstrated strong capabilities in solving complex tasks but remain vulnerable when agents receive unreliable messages. This vulnerability stems from a fundamental gap: LLM agents treat all incoming messages equally without evaluating...

Synchronic Web Digital Identity: Speculations on the Art of the Possible

As search, social media, and artificial intelligence continue to reshape collective knowledge, the preservation of trust on the public infosphere has become a defining challenge of our time. Given the breadth and versatility of adversarial threats, the best--and perhaps only--defense is an equall...

Low: ImageMagick

Issue Overview: In MIFF image processing in ImageMagick before 7.1.1-44, image depth is mishandled after SetQuantumFormat is used. CVE-2025-43965 Affected Packages: ImageMagick Issue Correction: Run dnf update ImageMagick --releasever 2023.7.20250527 or dnf update --advisory ALAS2023-2025-972...

Medium: nvidia-fs

Issue Overview: NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a failure to check the length of a buffer could allow a user to cause the tool to crash or execute arbitrary code by passing in a malformed ELF file. A successful exploit of this...

Blockchain-Enabled Privacy-Preserving Second-Order Federated Edge Learning in Personalized Healthcare

Federated learning FL has attracted increasing attention to mitigate security and privacy challenges in traditional cloud-centric machine learning models specifically in healthcare ecosystems. FL methodologies enable the training of global models through localized policies, allowing independent...

Security update for postgresql16

This update for postgresql16 fixes the following issues: Upgrade to 16.9: CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation bsc1242931 Changelog: https://www.postgresql.org/docs/release/16.9/ Patch Instructions: To...

OESA-2025-1580 ghostscript security update

Ghostscript is an interpreter for PostScript™ and Portable Document Format PDF files. Ghostscript consists of a PostScript interpreter layer, and a graphics library. Security Fixes: gslibctxstashsanitizedarg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for...

AZL-62262 CVE-2025-44905 affecting package hdf5 for versions less than 1.14.6-1

hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the H5Zfilterscaleoffset function...

Roundcube Webmail 1.6.7 Cross Site Scripting

Roundcube Webmail versions 1.6.7 and below email capture listener and cross site scripting proof of concept exploit...

HDF5 安全漏洞

HDF5 is an HDF open source library. A security vulnerability exists in HDF5 v1.14.6, which stems from a heap buffer overflow in the H5VMmemcpyvv function that could lead to the execution of arbitrary code...

HDF5 安全漏洞

HDF5 is an HDF open source library. A security vulnerability exists in HDF5 v1.14.6, which stems from a heap buffer overflow in the H5Zfilterscaleoffset function that could lead to the execution of arbitrary code...

thunderbird: JavaScript Execution via Spoofed PDF Attachment and file:/// Link

The Mozilla Foundation's Security Advisory describes the following issue: Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment message/rfc822 and setting its content type to...

PHP Exec, PHP Command, Double Reverse TCP Connection (via Perl)

Execute a PHP payload from a command. Creates an interactive shell via perl Module Options msf use payload/cmd/unix/php/reverseperl msf payloadreverseperl show actions ...actions... msf payloadreverseperl set ACTION msf payloadreverseperl show options ...show and set options... msf...

PHP Exec, PHP Command Shell, Bind TCP (via Perl)

Execute a PHP payload from a command. Listen for a connection and spawn a command shell via perl persistent Module Options msf use payload/cmd/unix/php/bindperl msf payloadbindperl show actions ...actions... msf payloadbindperl set ACTION msf payloadbindperl show options ...show and set options...