PT-2025-9062 · Apache · Apache Inlong

Name of the Vulnerable Software and Affected Versions: Apache InLong versions 1.13.0 through 2.1.0 Description: The issue concerns a deserialization of untrusted data, allowing for an arbitrary file read vulnerability. This can be exploited by bypassing security measures through double writing of...

PT-2025-9200 · Ntpd-Rs · Ntpd-Rs

Name of the Vulnerable Software and Affected Versions: ntpd-rs versions prior to 1.5.0 Description: Two denial of service issues were found in the handling of NTS cookies in the client functionality. These issues can cause ntpd-rs to crash when an NTS source is configured and the server sends...

PT-2025-9117 · Unknown · Dario Health

Name of the Vulnerable Software and Affected Versions: Dario Health affected versions not specified Description: The issue concerns the exposure of development environment details in the Dario Health Internet-based server infrastructure, potentially leading to unsafe functionality. Recommendation...

CVE-2024-5174

A flaw in Gliffy results in broken authentication through the reset functionality of the application...

CVE-2022-25773

This advisory addresses a file placement vulnerability that could allow assets to be uploaded to unintended directories on the server. Improper Limitation of a Pathname to a Restricted Directory: A vulnerability exists in the asset upload functionality that allows users to upload files to...

CVE-2022-25773 Relative Path Traversal in assets file upload

This advisory addresses a file placement vulnerability that could allow assets to be uploaded to unintended directories on the server. Improper Limitation of a Pathname to a Restricted Directory: A vulnerability exists in the asset upload functionality that allows users to upload files to...

CVE-2022-25773

CVE-2022-25773 describes a file placement/path traversal vulnerability in Mautic’s asset upload, due to improper pathname restriction that allows uploading assets to directories outside the intended temp dir. Connected sources confirm affected component paths (mautic/core-lib) and versions before...

CVE-2022-49281

CVE-2022-49281 affects Linux kernel CIFS multiuser handling: each user has a separate tcon and handle for a cached directory, but on unmount the kernel must release the pinned dentry for every tcon rather than only the master tcon. If not, unmount can emit warnings of in-use dentries. The issue i...

CVE-2022-49127 ref_tracker: implement use-after-free detection

In the Linux kernel, the following vulnerability has been resolved: reftracker: implement use-after-free detection Whenever reftrackerdirinit is called, mark the struct reftrackerdir as dead. Test the dead status from reftrackeralloc and reftrackerfree This should detect buggy devput/devhold...

CVE-2024-5174

A flaw in Gliffy results in broken authentication through the reset functionality of the application...

CVE-2024-5174 Broken Authentication in Gliffy

A flaw in Gliffy results in broken authentication through the reset functionality of the application...

CVE-2024-5174 Broken Authentication in Gliffy

A flaw in Gliffy results in broken authentication through the reset functionality of the application...

CVE-2024-5174

CVE-2024-5174 affects Perforce Gliffy and describes a flaw in the reset functionality that results in broken authentication. The available connected data identifies Gliffy as the affected software and the underlying issue as an authentication problem during reset, but does not provide concrete de...

CVE-2025-1616

A vulnerability, which was classified as critical, has been found in FiberHome AN5506-01A ONU GPON RP2511. Affected by this issue is some unknown functionality of the component Diagnosis. The manipulation of the argument Destination Address leads to os command injection. The attack may be launche...

PT-2025-7712 · Gliffy · Gliffy

Name of the Vulnerable Software and Affected Versions: Gliffy affected versions not specified Description: A flaw in the application results in broken authentication through the reset functionality. Recommendations: At the moment, there is no information about a newer version that contains a fix...

CVE-2025-1582

A vulnerability was found in PHPGurukul Online Nurse Hiring System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/all-request.php. The manipulation of the argument viewid leads to sql injection. The attack may be launched remotely. The...

CVE-2025-1581

A vulnerability was found in PHPGurukul Online Nurse Hiring System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /book-nurse.php?bookid=1. The manipulation of the argument contactname leads to sql injection. The attack can be launche...

Implementing Cryptography in AI Systems

Interesting research: "How to Securely Implement Cryptography in Deep Neural Networks." Abstract: The wide adoption of deep neural networks DNNs raises the question of how can we equip them with a desired cryptographic functionality e.g, to decrypt an encrypted input, to verify that this input is...

Path Traversal

labelstudiosdk is vulnerable to Path Traversal. The vulnerability is due to improper file path validation in the VOC, COCO, and YOLO export functionalities, where the download function in the label-studio-sdk package fails to properly validate file paths during task exports, allowing attackers to...

Huawei HarmonyOS and EMUI display module memory misreference vulnerability

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scenario distributed operating system based on a microkernel.Huawei EMUI is a user interface developed by Huawei based on the Android operating system. A memory misreference vulnerability exists in Huawei...