Deep Learning-Based Binary Analysis for Vulnerability Detection in X86-64 Machine Code

While much of the current research in deep learning-based vulnerability detection relies on disassembled binaries, this paper explores the feasibility of extracting features directly from raw x86-64 machine code. Although assembly language is more interpretable for humans, it requires more comple...

FreeBSD : Gitlab -- vulnerabilities (c9b610e9-eebc-11f0-b051-2cf05da270f3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the c9b610e9-eebc-11f0-b051-2cf05da270f3 advisory. Gitlab reports: Stored Cross-site Scripting issue in GitLab Flavored Markdown placeholders...

Server-Side Request Forgery (SSRF)

Craft CMS is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation of the file.url parameter in the GraphQL save Asset mutation, which allows an attacker with asset management permissions to force the server to fetch internal or restricted resources and...

CVE-2025-11246 Insufficient Granularity of Access Control in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.4 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user with specific permissions to remove all project runners from unrelated projects by manipulating GraphQL runner...

CVE-2025-13781 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.5 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to modify instance-wide AI feature provider settings by exploiting missing authorization checks in GraphQL mutations...

CVE-2023-43543

Memory corruption in Audio during a playback or a recording due to race condition between allocation and deallocation of graph object...

CVE-2023-49283

microsoft-graph-core the Microsoft Graph Library for PHP. The Microsoft Graph Beta PHP SDK published packages which contained test code that enabled the use of the phpInfo function from any application that could access and execute the file at...

CVE-2023-45010

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Alex MacArthur Complete Open Graph plugin = 3.4.5 versions...

CVE-2023-49333

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the dashboard graph feature...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000503)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000503 advisory. In the Linux kernel, the following vulnerability has been resolved: tracing: Restructure traceclockglobal to never block It was reported that a fix to the ring buffe...

Exploit for Use After Free in Apple Safari

CVE-2025-43529 TL; DR Apple recently shipped iOS 26.2 and...

CVE-2025-68437 Craft CMS vulnerable to Server-Side Request Forgery (SSRF) via GraphQL Asset Upload Mutation

Craft is a platform for creating digital experiences. In versions 5.0.0-RC1 through 5.8.20 and 4.0.0-RC1 through 4.16.16, the Craft CMS GraphQL saveAsset mutation is vulnerable to Server-Side Request Forgery SSRF. This vulnerability arises because the file input, specifically its url parameter,...

CVE-2025-68437 Craft CMS vulnerable to Server-Side Request Forgery (SSRF) via GraphQL Asset Upload Mutation

Craft is a platform for creating digital experiences. In versions 5.0.0-RC1 through 5.8.20 and 4.0.0-RC1 through 4.16.16, the Craft CMS GraphQL saveAsset mutation is vulnerable to Server-Side Request Forgery SSRF. This vulnerability arises because the file input, specifically its url parameter,...

CVE-2025-61781 GraphQL IDOR allows authenticated user to delete workspace content of other users

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.8.1, the GraphQL mutation "WorkspacePopoverDeletionMutation" allows users to delete workspace-related objects such as dashboards and investigation cases. However, the mutation...

Focus on What Matters: Fisher-Guided Adaptive Multimodal Fusion for Vulnerability Detection

Software vulnerability detection is a critical task for securing software systems and can be formulated as a binary classification problem: given a code snippet, determine whether it contains a vulnerability. Existing multimodal approaches typically fuse Natural Code Sequence NCS representations...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992729)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992729 advisory. In the Linux kernel, the following vulnerability has been resolved: media: xilinx: vipp: Fix refcount leak in xvipgraphdmainit ofgetchildbyname returns a node pointe...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993099)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993099 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/meson: Fix refcount bugs in mesonvpuhasavailableconnectors In this function, there are two...

EUVD-2023-60482

In the Linux kernel, the following vulnerability has been resolved: arm64: set exceptionirqentry with irqentry as a default filterirqstacks is supposed to cut entries which are related irq entries from its call stack. And inirqentrytext which is called by filterirqstacks uses irqentrytextstart/en...

CVE-2023-54322

In the Linux kernel, the following vulnerability has been resolved: arm64: set exceptionirqentry with irqentry as a default filterirqstacks is supposed to cut entries which are related irq entries from its call stack. And inirqentrytext which is called by filterirqstacks uses irqentrytextstart/en...

CVE-2023-54322

In the Linux kernel, the following vulnerability has been resolved: arm64: set exceptionirqentry with irqentry as a default filterirqstacks is supposed to cut entries which are related irq entries from its call stack. And inirqentrytext which is called by filterirqstacks uses irqentrytextstart/en...