Arbitrary Command Injection

Overview @nestjs/devtools-integration is a Nest - modern, fast, powerful node.js web framework @devtools-integration Affected versions of this package are vulnerable to Arbitrary Command Injection via the inspector/graph/interact endpoint, which accepts JSON input containing a code field and...

Malicious code in ensmallen-graph (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-6500 Malicious code in ensmallen-graph (PyPI)

--- -= Per source details. Do not edit below this line.=-...

GHSA-7QW8-3VMF-GJ32 MaterialX Null Pointer Dereference in MaterialXCore Shader Generation due to Unchecked implGraphOutput

Summary When parsing shader nodes in a MTLX file, the MaterialXCore code accesses a potentially null pointer, which can lead to crashes with maliciously crafted files. Details In source/MaterialXCore/Material.cpp, the following code extracts the output nodes for a given implementation graph: cpp...

CVE-2025-53944 AutoGPT Platform Exposes Graph Execution Results via Authorization Gap

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents. In v0.6.15 and below, the external API's getgraphexecutionresults endpoint has an authorization bypass vulnerability. While it correctly validates user access to the graphid, it fails ...

CVE-2025-53944 AutoGPT Platform Exposes Graph Execution Results via Authorization Gap

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents. In v0.6.15 and below, the external API's getgraphexecutionresults endpoint has an authorization bypass vulnerability. While it correctly validates user access to the graphid, it fails ...

CVE-2025-53944 AutoGPT Platform Exposes Graph Execution Results via Authorization Gap

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents. In v0.6.15 and below, the external API's getgraphexecutionresults endpoint has an authorization bypass vulnerability. While it correctly validates user access to the graphid, it fails ...

Breaking Obfuscation: Cluster-Aware Graph with LLM-Aided Recovery for Malicious JavaScript Detection

With the rapid expansion of web-based applications and cloud services, malicious JavaScript code continues to pose significant threats to user privacy, system integrity, and enterprise security. But, detecting such threats remains challenging due to sophisticated code obfuscation techniques and...

Hierarchical Graph Neural Network for Compressed Speech Steganalysis

Steganalysis methods based on deep learning DL often struggle with computational complexity and challenges in generalizing across different datasets. Incorporating a graph neural network GNN into steganalysis schemes enables the leveraging of relational data for improved detection accuracy and...

Benchmarking Fraud Detectors on Private Graph Data

We introduce the novel problem of benchmarking fraud detectors on private graph-structured data. Currently, many types of fraud are managed in part by automated detection algorithms that operate over graphs. We consider the scenario where a data holder wishes to outsource development of fraud...

GUARD-CAN: Graph-Understanding and Recurrent Architecture for CAN Anomaly Detection

Modern in-vehicle networks face various cyber threats due to the lack of encryption and authentication in the Controller Area Network CAN. To address this security issue, this paper presents GUARD-CAN, an anomaly detection framework that combines graph-based representation learning with time-seri...

CVE-2025-8279 Missing Authentication for Critical Function in GitLab Language Server

Insufficient input validation within GitLab Language Server 7.6.0 and later before 7.30.0 allows arbitrary GraphQL query execution...

CVE-2025-38468

In the Linux kernel, the following vulnerability has been resolved: net/sched: Return NULL when htblookupleaf encounters an empty rbtree htblookupleaf has a BUGON that can trigger with the following: tc qdisc del dev lo root tc qdisc add dev lo root handle 1: htb default 1 tc class add dev lo...

JetBrains TeamCity 跨站请求伪造漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides features such as continuous unit testing, code quality analysis and build issue analysis reports. A cross-site request forgery vulnerability exists in...

GitLab Language Server 访问控制错误漏洞

GitLab Language Server is a language server from GitLab USA. An access control error vulnerability exists in GitLab Language Server versions prior to 7.6.0 through 7.30.0 that stems from insufficient input validation and could lead to arbitrary GraphQL query execution...

PyPitfall: Dependency Chaos and Software Supply Chain Vulnerabilities in Python

Python software development heavily relies on third-party packages. Direct and transitive dependencies create a labyrinth of software supply chains. While it is convenient to reuse code, vulnerabilities within these dependency chains can propagate through dependencies, potentially affecting...

Learning-Based Privacy-Preserving Graph Publishing against Sensitive Link Inference Attacks

Publishing graph data is widely desired to enable a variety of structural analyses and downstream tasks. However, it also potentially poses severe privacy leakage, as attackers may leverage the released graph data to launch attacks and precisely infer private information such as the existence of...

Access of Resource Using Incompatible Type ('Type Confusion')

Overview org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' via the lack of limitation on max inlining ids ...

MAL-2025-6187 Malicious code in nf-graph-examples (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 68c85cb3b4e04f7e1368dde1be75808c76da67cc6c23f52ed008ac697722496a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in nf-graph-examples (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 68c85cb3b4e04f7e1368dde1be75808c76da67cc6c23f52ed008ac697722496a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...