CVE-2025-5278

A flaw was found in GNU Coreutils. The sort utility's begfield function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitiv...

UBUNTU-CVE-2025-5278

A flaw was found in GNU Coreutils. The sort utility's begfield function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitiv...

CVE-2025-48798

A flaw was found in GIMP when processing XCF image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing use-after-free issues...

DEBIAN-CVE-2025-48797

A flaw was found in GIMP when processing certain TGA image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing a heap buffer overflow...

Malicious code in react_code_format (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 361ad03064f5e32012ed273f2a774a1528ef81284235b9757bb2947671dff09b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in eslint-format (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 990c333445462efa33b1726d3ff2b0b14a86a3c474eb5f2564f583456e64cb0d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-4476 Malicious code in eslint-format (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 990c333445462efa33b1726d3ff2b0b14a86a3c474eb5f2564f583456e64cb0d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

IRCopilot: Automated Incident Response with Large Language Models

Incident response plays a pivotal role in mitigating the impact of cyber attacks. In recent years, the intensity and complexity of global cyber threats have grown significantly, making it increasingly challenging for traditional threat detection and incident response methods to operate effectivel...

Scrapers Selectively Respect Robots.Txt Directives: Evidence from a Large-Scale Empirical Study

Online data scraping has taken on new dimensions in recent years, as traditional scrapers have been joined by new AI-specific bots. To counteract unwanted scraping, many sites use tools like the Robots Exclusion Protocol REP, which places a robots.txt file at the site root to dictate scraper...

pypickle 安全漏洞

pypickle is a tool by Erdogan Personal Developers for saving and loading files in pickle format. A security vulnerability exists in pypickle version 1.1.5 and earlier, which stems from improper authorization...

Exposing Go's Hidden Bugs: a Novel Concolic Framework

The widespread adoption of the Go programming language in infrastructure backends and blockchain projects has heightened the need for improved security measures. Established techniques such as unit testing, static analysis, and program fuzzing provide foundational protection mechanisms. Although...

[SECURITY] Fedora 41 Update: ghostscript-10.03.1-6.fc41

This package provides useful conversion utilities based on Ghostscript softwa re, for converting PS, PDF and other document formats between each other. Ghostscript is a suite of software providing an interpreter for Adobe Systems' PostScript PS and Portable Document Format PDF page description...

CVE-2024-50050

Llama Stack prior to revision 7a8aa775e5a267cf8660d83140011a0b7f91e005 used pickle as a serialization format for socket communication, potentially allowing for remote code execution. Socket communication has been changed to use JSON instead...

CVE-2024-9129

In versions of Zend Server 8.5 and prior to version 9.2 a format string injection was discovered. Reported by Dylan Marino...

CVE-2024-45330

A use of externally-controlled format string in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.2 through 7.2.5 allows attacker to escalate its privileges via specially crafted requests...

Bypassing MTE with CVE-2025-0072

Memory Tagging Extension MTE is an advanced memory safety feature that is intended to make memory corruption vulnerabilities almost impossible to exploit. But no mitigation is ever completely airtight--especially in kernel code that manipulates memory at a low level. Last year, I wrote about...

CVE-2024-25091

Protection mechanism failure issue exists in RevoWorks SCVX prior to scvimage4.10.211013 when using 'VirusChecker' or 'ThreatChecker' feature and RevoWorks Browser prior to 2.2.95 when using 'VirusChecker' or 'ThreatChecker' feature. If data containing malware is saved in a specific file format...

CVE-2024-21640

Chromium Embedded Framework CEF is a simple framework for embedding Chromium-based browsers in other applications.CefVideoConsumerOSR::OnFrameCaptured does not check pixelformat properly, which leads to out-of-bounds read out of the sandbox. This vulnerability was patched in commit 1f55d2e...

CVE-2024-36581

A Prototype Pollution issue in abw badger-database 1.2.1 allows an attacker to execute arbitrary code via dist/badger-database.esm...

CVE-2024-50399

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have already fixed the...