EUVD-2025-201470

Malicious code in non-modular-buildable npm...

Malicious code in non-modular-buildable (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 89c55595895f1b12b30a16c099606601b1bb2a29cd30ac341a2095d224b33963 The package non-modular-buildable was found to contain malicious code. Source: ghsa-malware...

TeleAI-Safety: A Comprehensive LLM Jailbreaking Benchmark Towards Attacks, Defenses, and Evaluations

While the deployment of large language models LLMs in high-value industries continues to expand, the systematic assessment of their safety against jailbreak and prompt-based attacks remains insufficient. Existing safety evaluation benchmarks and frameworks are often limited by an imbalanced...

[SECURITY] Fedora 42 Update: unbound-1.24.2-1.fc42

Unbound is a validating, recursive, and caching DNSSEC resolver. The C implementation of Unbound is developed and maintained by NLnet Labs. It is based on ideas and algorithms taken from a java prototype developed by Verisign labs, Nominet, Kirei and ep.net. Unbound is designed as a set of modula...

CVE-2025-60455

Unsafe Deserialization vulnerability in Modular Max Serve before 25.6, specifically when the "--experimental-enable-kvcache-agent" feature is used allowing attackers to execute arbitrary code...

JLSEC-2025-204 An issue was discovered in Arm Mbed TLS before 2.23.0

An issue was discovered in Arm Mbed TLS before 2.23.0. Because of a side channel in modular exponentiation, an RSA private key used in a secure enclave could be disclosed...

EUVD-2025-198078

Modular Max Serve has Unsafe Deserialization vulnerability...

GHSA-7XCV-9J6C-2FMC Modular Max Serve has Unsafe Deserialization vulnerability

Unsafe Deserialization vulnerability in Modular Max Serve before 25.6, specifically when the "--experimental-enable-kvcache-agent" feature is used allowing attackers to execute arbitrary code...

Modular Max Serve has Unsafe Deserialization vulnerability

Unsafe Deserialization vulnerability in Modular Max Serve before 25.6, specifically when the "--experimental-enable-kvcache-agent" feature is used allowing attackers to execute arbitrary code...

Deserialization of Untrusted Data

Overview modular is an A suite of AI libraries and tools that accelerates model serving and provides programmability all the way to the GPU kernels Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the kvcacheagent process when the...

CVE-2025-60455

Unsafe Deserialization vulnerability in Modular Max Serve before 25.6, specifically when the "--experimental-enable-kvcache-agent" feature is used allowing attackers to execute arbitrary code...

CVE-2025-60455

Unsafe Deserialization vulnerability in Modular Max Serve before 25.6, specifically when the "--experimental-enable-kvcache-agent" feature is used allowing attackers to execute arbitrary code...

Modular Platform 安全漏洞

Modular Platform is an open source modular platform from Modular Inc. A security vulnerability exists in Modular Platform versions prior to 25.6, which stems from insecure deserialization and could lead to the execution of arbitrary code...

PT-2025-47378

Name of the Vulnerable Software and Affected Versions Modular Max Serve versions prior to 25.6 Description An unsafe deserialization issue exists in Modular Max Serve when the "--experimental-enable-kvcache-agent" feature is utilized. This allows attackers to potentially execute arbitrary code. T...

CVE-2025-60455

Modular Max Serve contains an unsafe deserialization vulnerability (CVE-2025-60455) that can lead to arbitrary code execution when the --experimental-enable-kvcache-agent feature is enabled. Affected versions are prior to 25.6; exploit would require local access (attack vector LOCAL) with no user...

CVE-2025-60455

Unsafe Deserialization vulnerability in Modular Max Serve before 25.6, specifically when the "--experimental-enable-kvcache-agent" feature is used allowing attackers to execute arbitrary code...

Grid-STIX: A STIX 2.1-Compliant Cyber-Physical Security Ontology for Power Grid

Modern electrical power grids represent complex cyber-physical systems requiring specialized cybersecurity frameworks beyond traditional IT security models. Existing threat intelligence standards such as STIX 2.1 and MITRE ATT&CK lack coverage for grid-specific assets, operational technology...

[SECURITY] Fedora 43 Update: unbound-1.24.1-1.fc43

Unbound is a validating, recursive, and caching DNSSEC resolver. The C implementation of Unbound is developed and maintained by NLnet Labs. It is based on ideas and algorithms taken from a java prototype developed by Verisign labs, Nominet, Kirei and ep.net. Unbound is designed as a set of modula...

MalDataGen: A Modular Framework for Synthetic Tabular Data Generation in Malware Detection

High-quality data scarcity hinders malware detection, limiting ML performance. We introduce MalDataGen, an open-source modular framework for generating high-fidelity synthetic tabular data using modular deep learning models e.g., WGAN-GP, VQ-VAE. Evaluated via dual validation TR-TS/TS-TR, seven...

[SECURITY] Fedora 41 Update: unbound-1.24.1-1.fc41

Unbound is a validating, recursive, and caching DNSSEC resolver. The C implementation of Unbound is developed and maintained by NLnet Labs. It is based on ideas and algorithms taken from a java prototype developed by Verisign labs, Nominet, Kirei and ep.net. Unbound is designed as a set of modula...