The vulnerability of the Broker VM component in the Cortex XDR security platform, related to improper protection of the alternative path, allows a perpetrator to disclose protected information.

The vulnerability of the Broker VM component in the Cortex XDR security platform is related to improper protection of the alternative path. Exploiting this vulnerability can allow an attacker to disclose protected information...

Empirical Evaluation of Concept Drift in ML-Based Android Malware Detection

Despite outstanding results, machine learning-based Android malware detection models struggle with concept drift, where rapidly evolving malware characteristics degrade model effectiveness. This study examines the impact of concept drift on Android malware detection, evaluating two datasets and...

BentoML SSRF Vulnerability in File Upload Processing

Description There's an SSRF in the file upload processing system that allows remote attackers to make arbitrary HTTP requests from the server without authentication. The vulnerability exists in the serialization/deserialization handlers for multipart form data and JSON requests, which automatical...

firefox: thunderbird: Incorrect JavaScript state machine for generators

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: The JavaScript engine did not handle closed generators correctly, and it was possible to resume them, resulting in a nullptr dereference...

firefox: thunderbird: Incorrect JavaScript state machine for generators

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: The JavaScript engine did not handle closed generators correctly, and it was possible to resume them, resulting in a nullptr dereference...

RLSA-2025:4492 Moderate: qemu-kvm security update

Kernel-based Virtual Machine KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fixes: QEMU: virtio-net: stack buffer overflow in virtionetflushtx CVE-2023-6693...

firefox: thunderbird: Incorrect JavaScript state machine for generators

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: The JavaScript engine did not handle closed generators correctly, and it was possible to resume them, resulting in a nullptr dereference...

firefox: thunderbird: Incorrect JavaScript state machine for generators

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: The JavaScript engine did not handle closed generators correctly, and it was possible to resume them, resulting in a nullptr dereference...

Programmable Data Planes for Network Security

The emergence of programmable data planes, and particularly switches supporting the P4 language, has transformed network security by enabling customized, line-rate packet processing. These switches, originally intended for flexible forwarding, now play a broader role: detecting and mitigating...

firefox: thunderbird: Incorrect JavaScript state machine for generators

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: The JavaScript engine did not handle closed generators correctly, and it was possible to resume them, resulting in a nullptr dereference...

The vulnerability of the gateway_proxy_handler component in the machine learning lifecycle management platform allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the gatewayproxyhandler component in the Machine Learning Lifecycle Management platform is related to insufficient validation of requests at the server side. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility ...

GyoiThon

This is an offensive tool for penetration testing using machine learning. It is called GyoiThon. The tool is designed to perform penetration testing using machine learning algorithms and can be used to identify vulnerabilities in web applications and services. The tool uses a variety of technique...

AZL-73025 CVE-2025-38403 affecting package kernel for versions less than 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: vsock/vmci: Clear the vmci transport packet properly when initializing it In vmcitransportpacketinit memset the vmcitransportpacket before populating the fields to avoid any uninitialised data being left in the structure...

CVE-2025-38403 vsock/vmci: Clear the vmci transport packet properly when initializing it

In the Linux kernel, the following vulnerability has been resolved: vsock/vmci: Clear the vmci transport packet properly when initializing it In vmcitransportpacketinit memset the vmcitransportpacket before populating the fields to avoid any uninitialised data being left in the structure...

CVE-2025-38367 LoongArch: KVM: Avoid overflow with array index

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Avoid overflow with array index The variable index is modified and reused as array index when modify register EIOINTCENABLE. There will be array index overflow problem...

Microsoft Azure Machine Learning Elevation of Privilege Vulnerability

Microsoft Azure Machine Learning is a machine learning services platform from Microsoft USA. Microsoft Azure Machine Learning has a security vulnerability that can be exploited by an attacker to potentially cause elevation of privilege...

Microsoft Azure Machine Learning elevation of privilege vulnerability (CNVD-2025-17136)

Microsoft Azure Machine Learning is a machine learning services platform from Microsoft USA. Microsoft Azure Machine Learning has a security vulnerability that can be exploited by an attacker to potentially cause elevation of privilege...

Microsoft Azure Machine Learning elevation of privilege vulnerability (CNVD-2025-17135)

Microsoft Azure Machine Learning is a machine learning services platform from Microsoft USA. Microsoft Azure Machine Learning has a security vulnerability that can be exploited by an attacker to potentially cause elevation of privilege...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from not properly initializing the vmci transport packet structure, which could result in uninitialized data...

Malicious code in airbnb-prop (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8aacf36d756bbb283dfe3340b8b1a4f2e5d7f9d2b0d662eba57f8e675728055e Any computer that has this package installed or running should be considered...