Xen 安全漏洞

Xen is an open source virtual machine monitor product from Xen Open Source. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. A security vulnerability exists in Xen that stems from an...

Expanding ML-Documentation Standards for Better Security

This article presents the current state of ML-security and of the documentation of ML-based systems, models and datasets in research and practice based on an extensive review of the existing literature. It shows a generally low awareness of security aspects among ML-practitioners and organization...

Malicious code in datadog-instrumentations (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cbf74efed2b32abd010705d5410e78270b572065e8fc02c3a1961b4afc2585ba Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

The vulnerability of the Virtual Machine Communication Interface (VMCI) implementation in software products such as VMware ESXi, Workstation, Fusion, and Cloud Foundation allows a perpetrator to execute arbitrary code.

The vulnerability of the Virtual Machine Communication Interface VMCI implementation in software products such as VMware ESXi, Workstation, Fusion, and Cloud Foundation lies in buffer overflow attacks. Exploiting this vulnerability allows an attacker to execute arbitrary code...

CVE-2025-50069

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.27 and 21.3-21.18. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise...

CVE-2025-41237

VMware ESXi, Workstation, and Fusion contain an integer-underflow in VMCI Virtual Machine Communication Interface that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX...

CVE-2025-41239 vSockets information-disclosure vulnerability

VMware ESXi, Workstation, Fusion, and VMware Tools contains an information disclosure vulnerability due to the usage of an uninitialised memory in vSockets. A malicious actor with local administrative privileges on a virtual machine may be able to exploit this issue to leak memory from processes...

CVE-2025-41238

VMware ESXi, Workstation, and Fusion contain a heap-overflow vulnerability in the PVSCSI Paravirtualized SCSI controller that leads to an out of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine'...

CVE-2025-41237

VMware ESXi, Workstation, and Fusion contain an integer-underflow in VMCI Virtual Machine Communication Interface that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX...

CVE-2025-41237

CVE-2025-41237 describes an integer-underflow in the VMCI component of VMware ESXi, Workstation, and Fusion that can cause an out-of-bounds write. A local attacker with VM-level admin privileges may execute code as the VMX process on the host; exploitation is contained within the VMX sandbox on E...

Malicious code in crypto-notifier (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 14edf6ea7a68922079f8577f719246d4b53f4a31565dab3714813dc76cb78bcf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in okta-ui-private-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d9cde1163c4cd1320ef67a954307e5ac2fdf19ea7925c9b0cd032910b171e6e8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Oracle Database Server 安全漏洞

Oracle Database Server is a set of relational database management system of the United States Oracle Oracle. The database management system provides data management, distributed processing and other functions. A security vulnerability exists in the Java VM of Oracle Database Server, which can be...

Reporte De Vulnerabilidades En IIoT. Proyecto DEFENDER

The main objective of this technical report is to conduct a comprehensive study on devices operating within Industrial Internet of Things IIoT environments, describing the scenarios that define this category and analysing the vulnerabilities that compromise their security. To this end, the report...

DNS Tunneling: Threat Landscape and Improved Detection Solutions

Detecting Domain Name System DNS tunneling is a significant challenge in security due to its capacity to hide harmful actions within DNS traffic that appears to be normal and legitimate. Traditional detection methods are based on rule-based approaches or signature matching methods that are often...

BandFuzz: an ML-Powered Collaborative Fuzzing Framework

Collaborative fuzzing has recently emerged as a technique that combines multiple individual fuzzers and dynamically chooses the appropriate combinations suited for different programs. Unlike individual fuzzers, which rely on specific assumptions to maintain their effectiveness, collaborative...

CVE-2025-1384

CVE-2025-1384 affects Omron NJ/NX-series Machine Automation Controllers and Sysmac Studio Software. The issue is a Least Privilege Violation (CWE-272) in the communications function between these products, allowing a remote attacker to gain unauthorized access and potentially execute arbitrary co...

[SECURITY] Fedora 42 Update: luajit-2.1.1748459687-2.fc42

LuaJIT implements the full set of language features defined by Lua 5.1. The virtual machine VM is API- and ABI-compatible to the standard Lua interpreter and can be deployed as a drop-in replacement...

LLMalMorph: on the Feasibility of Generating Variant Malware Using Large-Language-Models

Large Language Models LLMs have transformed software development and automated code generation. Motivated by these advancements, this paper explores the feasibility of LLMs in modifying malware source code to generate variants. We introduce LLMalMorph, a semi-automated framework that leverages...

CVE-2025-52983

A UI Discrepancy for Security Feature vulnerability in the UI of Juniper Networks Junos OS on VM Host systems allows a network-based, unauthenticated attacker to access the device. On VM Host Routing Engines RE, even if the configured public key for root has been removed, remote users which are i...