CVE-2023-33100

Transient DOS while processing DL NAS Transport message when message ID is not defined in the 3GPP specification...

CVE-2022-47165

Cross-Site Request Forgery CSRF vulnerability in CoSchedule plugin = 3.3.8 versions...

CVE-2020-0705

An information disclosure vulnerability exists when the Windows Network Driver Interface Specification NDIS improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Network Driver Interface Specification NDIS...

CVE-2020-5300

In Hydra an OAuth2 Server and OpenID Certified™ OpenID Connect Provider written in Go, before version 1.4.0+oryOS.17, when using client authentication method 'privatekeyjwt' 1, OpenId specification says the following about assertion jti: "A unique identifier for the token, which can be used to...

CVE-2018-18689

The Portable Document Format PDF specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, a Signature Wrapping vulnerability exists in multiple products. An attacker can use /ByteRange and xref manipulations that are not detected...

CVE-2019-8136

An insecure component vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Magento 2 codebase leveraged outdated versions of HTTP specification abstraction implemented in symphony component...

D4+: Emergent Adversarial Driving Maneuvers with Approximate Functional Optimization

Intelligent mechanisms implemented in autonomous vehicles, such as proactive driving assist and collision alerts, reduce traffic accidents. However, verifying their correct functionality is difficult due to complex interactions with the environment. This problem is exacerbated in adversarial...

CVE-2025-48219

O2 UK before 2025-05-19 allows subscribers to determine the Cell ID of other subscribers by initiating an IMS IP Multimedia Subsystem call and then reading the utran-cell-id-3gpp field of a Cellular-Network-Info SIP header, aka an ECI E-UTRAN Cell Identity leak. The Cell ID might be usable to...

Alibaba Cloud Linux 3 : 0116: rust-toolset:rhel8 (ALINUX3-SA-2022:0116)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0116 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2019-12083: The Rust Programming...

Erlang/OTP (Erlang OTP) Prefix Truncation Attacks in SSH Specification (Terrapin Attack) - Windows

Erlang/OTP Erlang OTP is vulnerable to a novel prefix truncation attack a.k.a. Terrapin attack in the SSH component. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Security update for cosign

This update for cosign fixes the following issues: CVE-2024-6104: cosign: hashicorp/go-retryablehttp: Fixed sensitive information disclosure to log file bsc1227031 CVE-2024-51744: cosign: github.com/golang-jwt/jwt/v4: Fixed bad documentation of error handling in ParseWithClaims leading to...

CVE-2025-32395 Vite has an `server.fs.deny` bypass with an invalid `request-target`

Vite is a frontend tooling framework for javascript. Prior to 6.2.6, 6.1.5, 6.0.15, 5.4.18, and 4.5.13, the contents of arbitrary files can be returned to the browser if the dev server is running on Node or Bun. HTTP 1.1 spec RFC 9112 does not allow in request-target. Although an attacker can sen...

CVE-2025-32395

CVE-2025-32395 affects Vite (frontend tooling for JavaScript). The vulnerability arises when a dev server is exposed to the network on Node/Bun (not Deno) and a request-target containing a # is processed, bypassing server.fs.deny due to req.url handling. Affected versions prior to 6.2.6, 6.1.5, 6...

Juniper Junos OS Vulnerability (JSA96452)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA96452 advisory. - An Improper Following of Specification by Caller vulnerability in web management J-Web, Captive Portal, 802.1X, Juniper Secure Connect JSC of Juniper Networks Junos OS on...

DEBIAN-CVE-2022-49740

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Check the count value of channel spec to prevent out-of-bounds reads This patch fixes slab-out-of-bounds reads in brcmfmac that occur in brcmfconstructchaninfo and brcmfenablebw402g when the count value of channel...

CVE-2022-49740 wifi: brcmfmac: Check the count value of channel spec to prevent out-of-bounds reads

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Check the count value of channel spec to prevent out-of-bounds reads This patch fixes slab-out-of-bounds reads in brcmfmac that occur in brcmfconstructchaninfo and brcmfenablebw402g when the count value of channel...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an out-of-bounds read due to a failure to check channel specification count values...

CVE-2024-8616

CVE-2024-8616 affects h2oai/h2o-3 v3.46.0. The flaw resides in the /99/Models/{name}/json handler where user-controllable exportModelDetails uses the mexport.dir parameter to choose the file path, enabling arbitrary file overwrite on the host. This is due to inadequate validation in the underlyin...

Linux Distros Unpatched Vulnerability : CVE-2022-48707

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: cxl/region: Fix null pointer dereference for resetting decoder Not all decoders have a reset...

API Specifications: Why, When, and How to Enforce Them

APIs facilitate communication between different software applications and power a wide range of everyday digital experiences, from weather apps to streaming services and everything in between. They are also a critical ingredient of AI. However, if not structured and standardized properly, APIs ca...