ETrace:Event-Driven Vulnerability Detection in Smart Contracts Via LLM-Based Trace Analysis

With the advance application of blockchain technology in various fields, ensuring the security and stability of smart contracts has emerged as a critical challenge. Current security analysis methodologies in vulnerability detection can be categorized into static analysis and dynamic analysis...

CVE-2021-21626

Jenkins Warnings Next Generation Plugin 8.4.4 and earlier does not perform a permission check in methods implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match...

Directory Traversal

Vite is vulnerable to Directory Traversal. The vulnerability is due to access control bypass due to insufficient enforcement of file access restrictions when using pattern-matching with dot-slash /. in network-exposed development servers...

The Automation Advantage in AI Red Teaming

This paper analyzes Large Language Model LLM security vulnerabilities based on data from Crucible, encompassing 214,271 attack attempts by 1,674 users across 30 LLM challenges. Our findings reveal automated approaches significantly outperform manual techniques 69.5% vs 47.6% success rate, despite...

OESA-2025-1427 golang security update

. Security Fixes: Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied.CVE-2025-22870...

CVE-2025-22870

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...

UBUNTU-CVE-2025-22870

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...

CLSA-2025-1741215702 libxml2: Fix of CVE-2025-27113

CVE-2025-27113: fix NULL pointer dereference in xmlPatMatch in pattern.c...

Security update for libxml2

This update for libxml2 fixes the following issues: CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c bsc1237363. CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c bsc1237370. CVE-2025-27113: NULL pointer...

OESA-2025-1225 libxml2 security update

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...

redis: Denial-of-service due to unbounded pattern matching in Redis

A flaw was found in Redis. This flaw allows authenticated users to trigger a denial of service by using specially crafted, long string match patterns on supported commands such as KEYS, SCAN, PSUBSCRIBE, FUNCTION LIST, COMMAND LIST, and ACL definitions. Matching of extremely long patterns may...

AlmaLinux 8 : redis:6 (ALSA-2025:0595)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:0595 advisory. redis: Integer overflow in the Redis HRANDFIELD and ZRANDMEMBER commands may lead to denial-of-service CVE-2023-22458 redis: Integer overflow in the Redis...

redis: Denial-of-service due to unbounded pattern matching in Redis

A flaw was found in Redis. This flaw allows authenticated users to trigger a denial of service by using specially crafted, long string match patterns on supported commands such as KEYS, SCAN, PSUBSCRIBE, FUNCTION LIST, COMMAND LIST, and ACL definitions. Matching of extremely long patterns may...

redis: Denial-of-service due to unbounded pattern matching in Redis

A flaw was found in Redis. This flaw allows authenticated users to trigger a denial of service by using specially crafted, long string match patterns on supported commands such as KEYS, SCAN, PSUBSCRIBE, FUNCTION LIST, COMMAND LIST, and ACL definitions. Matching of extremely long patterns may...

Fedora 41 : valkey (2024-e717420659)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-e717420659 advisory. update to 8.0.1 fixes CVE-2024-31449 Lua library commands may lead to stack overflow and potential RCE. CVE-2024-31227 Potential Denial-of-service d...

Denial-of-service due to unbounded pattern matching in Redis

...

Fedora: Security Advisory (FEDORA-2024-8a9a692906)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 40 : redis (2024-5d4eb04e76)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-5d4eb04e76 advisory. Redis Community Edition 7.2.6 Released Wed 02 Oct 2024 20:17:04 IDT Upgrade urgency SECURITY: See security fixes below. Security fixes CVE-2024-3144...

SUSE SLES15 / openSUSE 15 Security Update : redis (SUSE-SU-2024:3575-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3575-1 advisory. - CVE-2024-31228: Fixed unbounded recursive pattern matching bsc1231265 - CVE-2024-31449: Fixed integer overflow bug ...

Security update for redis

This update for redis fixes the following issues: CVE-2024-31228: Fixed unbounded recursive pattern matching bsc1231265 CVE-2024-31449: Fixed integer overflow bug in Lua bittohex bsc1231264 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...