podman: podman missing TLS verification

A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack...

CVE-2025-53513 Zip slip vulnerability in Juju

The /charms endpoint on a Juju controller lacked sufficient authorization checks, allowing any user with an account on the controller to upload a charm. Uploading a malicious charm that exploits a Zip Slip vulnerability could allow an attacker to gain access to a machine running a unit through th...

YushuTechUnitreeGo1

Based on the provided code, it appears to be a Windows executable file PE file that has been modified to contain a malicious payload. The file is likely a malware dropper or a backdoor that allows remote access to the compromised system. The code is written in C and uses various techniques to eva...

CVE-2025-21445

Memory corruption while copying the result to the transmission queue which is shared between the virtual machine and the host...

CVE-2025-21445 Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in Data HLOS - QX

Memory corruption while copying the result to the transmission queue which is shared between the virtual machine and the host...

CVE-2025-21445

CVE-2025-21445 describes memory corruption when copying results into the transmission queue shared between a virtual machine and the host. The CVE is associated with Qualcomm chipsets, with a CVSSv3.1 base score of 7.8 (HIGH impact): attack vector Local, prerequisites Low, user interaction None, ...

podman: podman missing TLS verification

A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack...

podman: podman missing TLS verification

A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack...

PT-2025-28634

Name of the Vulnerable Software and Affected Versions: Juju affected versions not specified Description: The issue concerns a lack of sufficient authorization checks in the "/charms" endpoint on a Juju controller, allowing any user with an account to upload a charm. This could be exploited by...

PT-2025-28436 · Qualcomm · Snapdragon +23

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: Memory corruption occurs while copying the result to the transmission queue, which is shared between the virtual machine and the host. Recommendations: At the moment, there is no information...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that stems from a memory corruption when copying results in a transfer queue shared between a virtual machine and a host...

Extreme Learning Machine Based System for DDoS Attacks Detections on IoMT Devices

The Internet of Medical Things IoMT represents a paradigm shift in the healthcare sector, enabling the interconnection of medical devices, sensors, and systems to enhance patient monitoring, diagnosis, and management. The rapid evolution of IoMT presents significant benefits to the healthcare...

The vulnerability of the Vagrant framework for creating and managing development environments lies in its ability to allow a hacker to download and edit the Vagrantfile file on the host virtual machine. This enables the hacker to read and modify data, as well as execute arbitrary code.

The vulnerability of the Vagrant framework for creating and managing development environments lies in the ability to load and edit the Vagrantfile file on the host virtual machine, due to the use of a default synchronized folder configuration. Exploiting this vulnerability can allow an attacker t...

Efficient Unlearning with Privacy Guarantees

Privacy protection laws, such as the GDPR, grant individuals the right to request the forgetting of their personal data not only from databases but also from machine learning ML models trained on them. Machine unlearning has emerged as a practical means to facilitate model forgetting of data...

IThermTroj: Exploiting Intermittent Thermal Trojans in Multi-Processor System-On-Chips

Thermal Trojan attacks present a pressing concern for the security and reliability of System-on-Chips SoCs, especially in mobile applications. The situation becomes more complicated when such attacks are more evasive and operate sporadically to stay hidden from detection mechanisms. In this paper...

The vulnerability of the container management system and the virtual machine manager Incus, related to unlimited resource distribution, allows attackers to bypass security restrictions and cause service failures.

The vulnerability of the container management system and the virtual machine manager Incus is related to the unlimited distribution of resources due to incorrect generation of access control rules for local services based on an access control list. Exploiting this vulnerability can allow a...

The vulnerability of the Java VM component of the Oracle Database Server management system allows a hacker to gain access to read, modify, or delete data.

The vulnerability of the Java VM component of the Oracle Database Server management system is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to gain read, modify, or delete access to data remotely...

SoK: a Systematic Review of Context- and Behavior-Aware Adaptive Authentication in Mobile Environments

As mobile computing becomes central to digital interaction, researchers have turned their attention to adaptive authentication for its real-time, context- and behavior-aware verification capabilities. However, many implementations remain fragmented, inconsistently apply intelligent techniques, an...

ML-Enhanced AES Anomaly Detection for Real-Time Embedded Security

Advanced Encryption Standard AES is a widely adopted cryptographic algorithm, yet its practical implementations remain susceptible to side-channel and fault injection attacks. In this work, we propose a comprehensive framework that enhances AES-128 encryption security through controlled anomaly...

Human-Centered Interactive Anonymization for Privacy-Preserving Machine Learning: a Case for Human-Guided K-Anonymity

Privacy-preserving machine learning ML seeks to balance data utility and privacy, especially as regulations like the GDPR mandate the anonymization of personal data for ML applications. Conventional anonymization approaches often reduce data utility due to indiscriminate generalization or...