Exploit for Deserialization of Untrusted Data in Microsoft

SharePoint "ToolShell" RCE Exploit CVE-2025-53770 Overvi...

The vulnerability of the Java VM component of the Oracle Database Server system allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Java VM component of the Oracle Database Server management system is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

Zeroday vulnerabilities discovered in Microsoft SharePoint Server

Microsoft has released information about actively exploited zeroday vulnerabilities in on-premises versions of Microsoft SharePoint Server. SharePoint Online part of Microsoft 365 has not been affected. The zeroday vulnerabilities, marked CVE-2025-53770 and CVE-2025-53771, allow a malicious perso...

Restricted Boltzmann Machine As a Probabilistic Enigma

We theoretically propose a symmetric encryption scheme based on Restricted Boltzmann Machines that functions as a probabilistic Enigma device, encoding information in the marginal distributions of visible states while utilizing bias permutations as cryptographic keys. Theoretical analysis reveals...

The vulnerability of the Kubernetes Image Builder software lies in its use of hard-coded credentials, which allows an attacker to gain access to the virtual machine.

The vulnerability of the Kubernetes Image Builder software lies in the use of strictly encrypted credentials. Exploiting this vulnerability could allow a malicious actor to gain access to the virtual machine remotely...

Leveraging Trustworthy AI for Automotive Security in Multi-Domain Operations: Towards a Responsive Human-AI Multi-Domain Task Force for Cyber Social Security

Multi-Domain Operations MDOs emphasize cross-domain defense against complex and synergistic threats, with civilian infrastructures like smart cities and Connected Autonomous Vehicles CAVs emerging as primary targets. As dual-use assets, CAVs are vulnerable to Multi-Surface Threats MSTs,...

Malicious code in pre-and-postinstall-scripts-example (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a4994e0104f427d4e6ac062c0ec26e609127db5c43b703a286194e39d36ae9e9 Any computer that has this package installed or running should be considered...

Malicious code in api-key-provider (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0a88a62f8ea00d632d4e82aaad35c4ba5fc30f8c8974e967235a721edb9df9c6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in kiwi-module-browse (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware aa443b2926415ab44d835ed23e575a34e448c6501a1dee55d6dfa760ad0c5d40 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Exploit for Deserialization of Untrusted Data in Microsoft

CVE-2025-53770 SharePoint Vulnerability Scanner 100% hacked t...

Unspecified Vulnerability in Oracle Database Server (CNVD-2025-24077)

Oracle Database Server is a set of relational database management system of the United States Oracle Oracle. The database management system provides data management, distributed processing and other functions. A security vulnerability exists in the Java VM of Oracle Database Server, which can be...

INVT VT-Designer 安全漏洞

INVT VT-Designer is an HMI programming and configuration software from China-based INVT. A security vulnerability exists in INVT VT-Designer that stems from a type confusion when parsing PM3 files, which could lead to remote code execution...

The vulnerability of Oracle Java SE’s 2D software platform and the Oracle GraalVM virtual machine allows a hacker to gain full control over the application.

The vulnerability of the Oracle Java SE 2D software platform and the Oracle GraalVM Enterprise Edition virtual machine is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain full control over the application...

CVE-2025-49746

Improper authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network...

CVE-2025-49747

Missing authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network...

CVE-2025-47995

Weak authentication in Azure Machine Learning allows an authorized attacker to elevate privileges over a network...

MAL-2025-191779 Malicious code in lazmat (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 292e8512aa9e77a20a04a58cee3529ea31b9451e5c9067bbad7be57b5eb8c7fb Importing the module starts a telegram bot that connects to a chat and executes provided commands --- Category: MALICIOUS - The campaign has clearly malicious...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from unfiltered non-canonical addresses and could lead to a virtual machine failure...

CVE-2025-49747

Missing authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network...

CVE-2025-49746

Improper authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network...