EUVD-2025-199957

A vulnerability has been found in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected by this issue is some unknown functionality of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/MachineInfoController.java of the component SSH Connection...

CVE-2025-13807

A vulnerability was detected in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected is the function MachineKeyController of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/MachineKeyController.java of the component API. The manipulation result...

CVE-2025-13807 orionsec orion-ops API MachineKeyController.java MachineKeyController improper authorization

A vulnerability was detected in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected is the function MachineKeyController of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/MachineKeyController.java of the component API. The manipulation result...

AI-Driven Cybersecurity Testbed for Nuclear Infrastructure: Comprehensive Evaluation Using METL Operational Data

Advanced nuclear reactor systems face increasing cybersecurity threats as sophisticated attackers exploit cyber-physical interfaces to manipulate control systems while evading traditional IT security measures. This research presents a comprehensive evaluation of artificial intelligence approaches...

PT-2025-48411

A vulnerability was detected in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected is the function MachineKeyController of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/MachineKeyController.java of the component API. The manipulation result...

orion-ops 安全漏洞

orion-ops is a one-stop automated operation and maintenance and automated deployment platform by Jiahang Li, an individual developer. A security vulnerability exists in orion-ops, which stems from the misuse of the parameters host/sshPort/username/password/authType in the file...

EUVD-2025-199922

HTCondor Access Point before 25.3.1 allows an authenticated user to impersonate other users on the local machine by submitting a batch job. This is fixed in 24.12.14, 25.0.3, and 25.3.1. The earliest affected version is 24.7.3...

PT-2025-48384

HTCondor Access Point before 25.3.1 allows an authenticated user to impersonate other users on the local machine by submitting a batch job. This is fixed in 24.12.14, 25.0.3, and 25.3.1. The earliest affected version is 24.7.3...

CVE-2025-66433

HTCondor Access Point before 25.3.1 allows an authenticated user to impersonate other users on the local machine by submitting a batch job. This is fixed in 24.12.14, 25.0.3, and 25.3.1. The earliest affected version is 24.7.3...

SUSE-SU-2025:21150-1 Security update for libvirt

This update for libvirt fixes the following issues: - CVE-2025-13193: Fixed Information disclosure via world-readable VM snapshots bsc1253703 - CVE-2025-12748: Fixed Denial of service in XML parsing bsc1253278 Other fixes: - spec: Adjust dbus dependency bsc1253642 - qemu: Add support for Intel TD...

Remote Code Execution (RCE)

Happy DOM is vulnerable to Remote Code Execution RCE. The vulnerability is due to the use of a non-isolated Node.js VM context with JavaScript evaluation enabled by default, which allows an attacker to run untrusted code that can escape the sandbox—potentially gaining access to process-level...

CVE-2025-58407

Kernel or driver software installed on a Guest VM may post improper commands to the GPU Firmware to exploit a TOCTOU race condition and trigger a read and/or write of data outside the allotted memory escaping the virtual machine...

curl: Infinite loop issue in the state machine of the curl project

Summary: Vulnerability impact: When curl attempts to download files from a malicious FTP server, it triggers an infinite loop in the code execution. I discovered this issue in the FTP functionality of the curl project .As described in...

Unsupervised Anomaly Detection for Smart IoT Devices: Performance and Resource Comparison

The rapid expansion of Internet of Things IoT deployments across diverse sectors has significantly enhanced operational efficiency, yet concurrently elevated cybersecurity vulnerabilities due to increased exposure to cyber threats. Given the limitations of traditional signature-based Anomaly...

kernel: x86/vmscape: Add conditional IBPB mitigation

In the Linux kernel, the following vulnerability has been resolved: x86/vmscape: Add conditional IBPB mitigation VMSCAPE is a vulnerability that exploits insufficient branch predictor isolation between a guest and a userspace hypervisor like QEMU. Existing mitigations already protect kernel/KVM...

MAL-2025-191467 Malicious code in xrpl-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8fb3e61af99fea7b1567f2fa35f2558959e9c0c63f777bc5d37f6e48378ec31f The package xrpl-api was found to contain malicious code. Source: ghsa-malware 892f832257ae1ca9ec7f8ad76b11821b4808750298e4842ff44aa3459b54a125 Any...

kernel: x86/vmscape: Add conditional IBPB mitigation

In the Linux kernel, the following vulnerability has been resolved: x86/vmscape: Add conditional IBPB mitigation VMSCAPE is a vulnerability that exploits insufficient branch predictor isolation between a guest and a userspace hypervisor like QEMU. Existing mitigations already protect kernel/KVM...

SUSE CVE-2025-23259

NVIDIA Mellanox DPDK contains a vulnerability in Poll Mode Driver PMD, where an attacker on a VM in the system might be able to cause information disclosure and denial of service on the network interface...

MAL-2025-191430 Malicious code in soneium-acs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 47ef13235ddcf50988ca14c257fc3e88969c7a99cd07389710789ef758dba1f7 The package soneium-acs was found to contain malicious code. Source: ghsa-malware 0dd54268e2cc4c0ffd1059655c96c56400b08d5eb44bdf09753b1aec34aac8fa An...

MAL-2025-191431 Malicious code in sufetch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8efd418803202b34256057a848e0e9fbd6ad735dd0a011b4e7ca9cd46d088b39 The package sufetch was found to contain malicious code. Source: ghsa-malware 96568dd37a7486f46399a553eecede4295c1c52321560fb15faaa4525e898642 Any...