670 matches found
DALIBO PostgreSQL Anonymizer 安全漏洞
DALIBO PostgreSQL Anonymizer is an extension software developed by the French company DALIBO. It is designed to mask or replace personally identifiable information PII or commercially sensitive data in PostgreSQL databases. There is a security vulnerability in PostgreSQL Anonymizer, which stems...
OPENSUSE-SU-2026:20192-1 Security update for tailscale
This update for tailscale fixes the following issues: Changes in tailscale: - Update to version 1.94.0: IS SET and NOT SET have been added as device posture operators India DERP Region City Name updated Custom DERP servers support GCP Certificate Manager Tailscale SSH authentication, when...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the WebsiteAddContent process. An attacker can access sensitive files on the server by supplying crafted path values containing directory traversal sequences. This is only exploitable if the attacker has an...
CISA: Suspicious Unmanned Aircraft System Activity Guidance V2
Suspicious Unmanned Aircraft System Activity Guidance for Critical Infrastructure Owners and Operators is intended for critical infrastructure stakeholders who are concerned with unmanned aircraft system UAS activity near or around their facilities. This is version 2 of CISA's document...
CVE-2005-1641
modchannel in The Ignition Project ignitionServer 0.3.0 to 0.3.6, and possibly earlier versions, does not allow protected operators to access channels that have been locked out by a key, which allows IRC users to cause a denial of service...
CVE-2023-25074
Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Competencies. This issue affects Command Centre: vEL8.90 prior to vEL8.90.1318 MR1, vEL8.80 prior to vEL8.80.1192 MR2, vEL8.70 prior to vEL8.70.2185 MR4, vEL8.60 prior to...
CVE-2025-55125
This vulnerability allows a Backup or Tape Operator to perform remote code execution RCE as root by creating a malicious backup configuration file...
CISA: Suspicious Unmanned Aircraft System Activity Guidance
Suspicious Unmanned Aircraft System Activity Guidance for Critical Infrastructure Owners and Operators is intended for critical infrastructure stakeholders who are concerned with unmanned aircraft system UAS activity near or around their facilities...
airflow-balancer (>=0.7.0 <=0.7.6), airflow-clickhouse-plugin (=1.5.0) +20 more potentially affected by CVE-2025-66388 via apache-airflow-task-sdk (>=1.0.0rc4 <=1.1.4)
apache-airflow-task-sdk PYPI version =1.0.0rc4, =0.7.0, =0.6.1, =1.10.7, =0.1.0, =1.4.3, =1.2.10, =0.1.1, =3.0.0rc3, =3.0.0rc3, =1.6.0, =1.5.3, =1.25.0rc1, =3.12.0, =0.0.4, =0.0.6.dev1 and more Source cves: CVE-2025-66388 Source advisory: SNYK:PYTHON-APACHEAIRFLOWTASKSDK-14459396...
COGNITION: From Evaluation to Defense against Multimodal LLM CAPTCHA Solvers
This paper studies how multimodal large language models MLLMs undermine the security guarantees of visual CAPTCHA. We identify the attack surface where an adversary can cheaply automate CAPTCHA solving using off-the-shelf models. We evaluate 7 leading commercial and open-source MLLMs across 18...
CISA: Suspicious Unmanned Aircraft System Activity Guidance
Suspicious Unmanned Aircraft System Activity Guidance for Critical Infrastructure Owners and Operators is intended for critical infrastructure stakeholders who are concerned with unmanned aircraft system UAS activity near or around their facilities...
GHSA-4H97-WPXP-3757 LangGraph's SQLite store implementation has a SQL Injection Vulnerability
A SQL injection vulnerability exists in the langchain-ai/langgraph repository, specifically in the LangGraph's SQLite store implementation. The affected version is langgraph-checkpoint-sqlite 2.0.10. The vulnerability arises from improper handling of filter operators $eq, $ne, $gt, $lt, $gte, $lt...
CVE-2025-47699
Exposure of Sensitive System Information to an Unauthorized Control Sphere CWE-497 in the Gallagher Morpho integration could allow an authenticated operator with limited site permissions to make critical changes to local Morpho devices. This issue affects Command Centre Server: 9.30 prior to...
CVE-2025-35981
Exposure of Private Personal Information to an Unauthorized Actor CWE-359 in the Command Centre Server allows a privileged Operator to view limited personal data about a Cardholder they would not normally have permissions to view. This issue affects Command Centre Server: 9.30.1874 MR1, 9.20.2337...
CVE-2025-35981
The CVE-2025-35981 issue affects Gallagher Command Centre Server versions 9.30.1874 (MR1), 9.20.2337 (MR3), and 9.10.3194 (MR6). It describes exposure of private personal information to an unauthorized, privileged Operator who can view limited cardholder data outside normal permissions. The docum...
RUSTSEC-2025-0075 `unic-char-range` is unmaintained
All Unicode crates that are part of https://github.com/open-i18n/rust-unic are unmaintained. Recommended alternatives - Since version 1.45.0 Rust supports using char with ops::Range, RangeFrom, RangeFull, RangeInclusive, RangeTo to iterate over a range of codepoints...
Post-Quantum Cryptography and Quantum-Safe Security: A Comprehensive Survey
Post-quantum cryptography PQC is moving from evaluation to deployment as NIST finalizes standards for ML-KEM, ML-DSA, and SLH-DSA. This survey maps the space from foundations to practice. We first develop a taxonomy across lattice-, code-, hash-, multivariate-, isogeny-, and MPC-in-the-Head...
EUVD-2021-0331
Malware in sbrugna...
EUVD-2019-13459
Malware in sbrugna...
EUVD-2007-4393
Malware in sbrugna...