Raspberry Pi Pico As a Radio Transmitter

In this paper we discuss several surprisingly simple methods for transforming the Raspberry Pi Pico RP2 microcontroller into a radio transmitter, by using only cheap off the shelf electronic components, and open source software. While initially this transformation may look as a harmless curiosity...

OSV-2025-688 Security exception in java.base/java.util.Arrays.copyOfRange

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=440841513 Crash type: Security exception Crash state: java.base/java.util.Arrays.copyOfRange java.base/java.lang.StringUTF16.newString java.base/java.lang.StringBuilder.toString...

itsourcecode Apartment Management System 安全漏洞

Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements for parameter ID in file /maintenance/addmaintenancecost.php. An attacker can exploit thi...

Linux Distros Unpatched Vulnerability : CVE-2017-2906

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An exploitable integer overflow exists in the animation playing functionality of the Blender open-source 3d creation suite version 2.78c. A specially created...

Linux Distros Unpatched Vulnerability : CVE-2017-12086

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An exploitable integer overflow exists in the 'BKEmeshcalcnormalstessface' functionality of the Blender open-source 3d creation suite. A specially crafted .blen...

MAL-2025-41261 Malicious code in chartsmaan (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f8090d277adf0bf9266de2213bcb9d97270706324e2872a9c037e431f342fbc5 The OpenSSF Package Analysis project identified 'chartsmaan' @ 0.0.0 npm as malicious. It is considered malicious because: - The package...

OpenBao Code Injection Vulnerability

OpenBao is OpenBao open source a sensitive data management software . A code injection vulnerability exists in OpenBao 2.3.1 and earlier versions that can be exploited by attackers to cause unauthorized code execution and network access...

Malicious code in hkaga-ama (npm)

The package hkaga-ama was found to contain malicious code...

Security Bulletin: Multiple vulnerabilities in IBM Controller

Summary There are vulnerabilities in Open-Source Software OSS components used by IBM Controller. This Security Bulletin relates only to the direct usage of third-party components by IBM Controller and not any nested dependencies within the product. Vulnerability Details CVEID:CVE-2015-6420...

Security Bulletin: Astronomer with IBM is vulnerable to several vulnerabilities (CVE-2008-5730, CVE-2015-5237, CVE-2018-12020, CVE-2019-13050, CVE-2019-14855, CVE-2019-1543, CVE-2020-25125, CVE-2021-3712, CVE-2022-31130, CVE-2023-0464, CVE-2022-1292)

Summary Open source software is used by Astronomer with IBM as part of overall processing functionality. Vulnerability Details CVEID:CVE-2008-5730 DESCRIPTION: Multiple CRLF injection vulnerabilities in AIST NetCat 3.12 and earlier allow remote attackers to have an unknown impact via unspecified...

Security Bulletin: Astronomer with IBM is vulnerable to several vulnerabilities (CVE-2023-26125, CVE-2023-28155, CVE-2024-29018)

Summary Open source software is used by Astronomer with IBM as part of overall processing functionality. Vulnerability Details CVEID:CVE-2023-26125 DESCRIPTION: Versions of the package github.com/gin-gonic/gin before 1.9.0 are vulnerable to Improper Input Validation by allowing an attacker to use...

OpenBao 安全漏洞

OpenBao is OpenBao open source a sensitive data management software . A security vulnerability exists in OpenBao 2.3.1 and earlier versions that can be exploited by attackers to cause elevation of privilege...

CVE-2025-53544 Trilium Notes is Vulnerable to Brute-force Protection Bypass via Initial Sync Seed Retrieval

Trilium Notes is an open-source, cross-platform hierarchical note taking application with focus on building large personal knowledge bases. In versions below 0.97.0, a brute-force protection bypass in the initial sync seed retrieval endpoint allows unauthenticated attackers to guess the login...

Z-Push 安全漏洞

Z-Push is an open source data synchronization software from Z-Hub. A security vulnerability exists in Z-Push versions prior to 2.7.6, which stems from an unparameterized query and could lead to a SQL injection attack...

CVE-2025-54076

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in versions prior to 3.4.6 in the precadastroatendido.php endpoint of the WeGIA application. This vulnerability allows attacke...

[SECURITY] Fedora 41 Update: chromium-138.0.7204.157-1.fc41

Chromium is an open-source web browser, powered by WebKit Blink...

CVE-2025-54058

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.6 in the idatendidofamiliares parameter of the /html/funcionario/dependenteeditarEndereco.php endpoint. This vulnerability...

CVE-2025-53936

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the personalizacaoselecao.php endpoint of the WeGIA application prior to version 3.4.5. This vulnerability allows attackers...

CVE-2025-54076

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in versions prior to 3.4.6 in the precadastroatendido.php endpoint of the WeGIA application. This vulnerability allows attacke...

CVE-2025-54060 WeGIA SQL Injection (Blind Time-Based) Vulnerability in idatendido_familiares Parameter on dependente_editarInfoPessoal.php Endpoint

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.6 in the idatendidofamiliares parameter of the /html/funcionario/dependenteeditarInfoPessoal.php endpoint. This...