Exploit for Heap-based Buffer Overflow in Microsoft

CVE-2025-21333 Windows Hyper-V NT Kernel Integration VSP Eleva...

[SECURITY] Fedora 42 Update: qt6-qtmqtt-6.9.1-1.fc42

MQTT is a machine-to-machine M2M protocol utilizing the publish-and-subscri be paradigm, and provides a channel with minimal communication overhead. The Qt MQTT module provides a standard compliant implementation of the MQTT protocol specification. It enables applications to act as telemetry...

CVE-2024-1243

The CVE-2024-1243 entry concerns Wazuh agent for Windows prior to 4.8.0. It states improper input validation can be exploited by an attacker who controls the Wazuh server or agent key to configure the agent to connect to a malicious UNC path, leading to leakage of the machine account NetNTLMv2 ha...

Delta Electronics CNCSoft out-of-bounds write vulnerability (CNVD-2025-22961)

Delta Electronics CNCSoft is a CNC machine simulation system software from Delta Electronics China. An out-of-bounds write vulnerability exists in Delta Electronics CNCSoft, which can be exploited by an attacker to execute arbitrary code on the system...

EulerOS 2.0 SP13 : openssh (EulerOS-SA-2025-1622)

According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious...

Delta Electronics CNCSoft Out-of-Bounds Write Vulnerability

Delta Electronics CNCSoft is a CNC machine simulation system software from Delta Electronics China. An out-of-bounds write vulnerability exists in Delta Electronics CNCSoft, which can be exploited by an attacker to execute arbitrary code on the system...

SALAD: Systematic Assessment of Machine Unlearing on LLM-Aided Hardware Design

Large Language Models LLMs offer transformative capabilities for hardware design automation, particularly in Verilog code generation. However, they also pose significant data security challenges, including Verilog evaluation data contamination, intellectual property IP design leakage, and the ris...

Delta Electronics CNCSoft Out-of-Bounds Write Vulnerability

Delta Electronics CNCSoft is a CNC machine simulation system software from Delta Electronics China. Delta Electronics CNCSoft suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to execute code in the context of the current process...

EulerOS 2.0 SP13 : openssh (EulerOS-SA-2025-1639)

According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious...

Malicious code in server-bare-log (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 39c5415871a73082265e769aa9eb273c1fa34089a841af9700ebb890c064d102 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in smart-request-buffers (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c193e11c3cf5464ecf688ef533a29644044e7786f835d3a0f8d4e4fe1d96d8c4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in pyserial (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bad99aa8d1920abaf90491f3c8160c6903da1e7bdb086b854dd0e1e2ae434367 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in pipreqs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 94775693df8241bc82973cceb421a0a3263d044d7a810c724173c0b4ada361bd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Striking Back at Cobalt: Using Network Traffic Metadata to Detect Cobalt Strike Masquerading Command and Control Channels

Off-the-shelf software for Command and Control is often used by attackers and legitimate pentesters looking for discretion. Among other functionalities, these tools facilitate the customization of their network traffic so it can mimic popular websites, thereby increasing their secrecy. Cobalt...

Data-Driven Understanding of Security Issue Reporting in GitHub Repositories of Open Source Npm Packages

The npm Node Package Manager ecosystem is the most important package manager for JavaScript development with millions of users. Consequently, a plethora of earlier work investigated how vulnerability reporting, patch propagation, and in general detection as well as resolution of security issues i...

SoK: Data Reconstruction Attacks against Machine Learning Models: Definition, Metrics, and Benchmark

Data reconstruction attacks, which aim to recover the training dataset of a target model with limited access, have gained increasing attention in recent years. However, there is currently no consensus on a formal definition of data reconstruction attacks or appropriate evaluation metrics for...

NewStart CGSL MAIN 7.02 : openssh Vulnerability (NS-SA-2025-0089)

The remote NewStart CGSL host, running version MAIN 7.02, has openssh packages installed that are affected by a vulnerability: - A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a...

Network Threat Detection: Addressing Class Imbalanced Data with Deep Forest

With the rapid expansion of Internet of Things IoT networks, detecting malicious traffic in real-time has become a critical cybersecurity challenge. This research addresses the detection challenges by presenting a comprehensive empirical analysis of machine learning techniques for malware detecti...

NanoZone: Scalable, Efficient, and Secure Memory Protection for Arm CCA

Arm Confidential Computing Architecture CCA currently isolates at the granularity of an entire Confidential Virtual Machine CVM, leaving intra-VM bugs such as Heartbleed unmitigated. The state-of-the-art narrows this to the process level, yet still cannot stop attacks that pivot within the same...

Ai-Driven Vulnerability Analysis in Smart Contracts: Trends, Challenges and Future Directions

Smart contracts, integral to blockchain ecosystems, enable decentralized applications to execute predefined operations without intermediaries. Their ability to enforce trustless interactions has made them a core component of platforms such as Ethereum. Vulnerabilities such as numerical overflows,...