EUVD-2024-40035

Malicious code in bioql PyPI...

EUVD-2022-30929

Malicious code in bioql PyPI...

EUVD-2024-38077

Malicious code in bioql PyPI...

EUVD-2022-27383

Malicious code in bioql PyPI...

Tech Overtakes Gaming as Top DDoS Attack Target, New Gcore Radar Report Finds

The latest Gcore Radar report analyzing attack data from Q1–Q2 2025, reveals a 41% year-on-year increase in total attack volume. The largest attack peaked at 2.2 Tbps, surpassing the 2 Tbps record in late 2024. Attacks are growing not only in scale but in sophistication, with longer durations,...

DDoS Attacks in Cloud Computing: Detection and Prevention

DDoS attacks are one of the most prevalent and harmful cybersecurity threats faced by organizations and individuals today. In recent years, the complexity and frequency of DDoS attacks have increased significantly, making it challenging to detect and mitigate them effectively. The study analyzes...

SUSE CVE-2024-47522

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, invalid ALPN in TLS/QUIC traffic when JA4 matching/logging is enabled can lead to Suricata aborting with a panic. This issue has been addressed in 7.0.7. O...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through handling of RTP packets in the NewPacket function of packetfactory.go. An attacker can trigger a panic in the system by sending malformed RTP packets containing a padding size...

Pion Interceptor's improper RTP padding handling allows remote crash for SFU users (DoS)

Impact Pion Interceptor versions v0.1.36 through v0.1.38 contain a bug in a RTP packet factory that can be exploited to trigger a panic with Pion based SFU via crafted RTP packets, This only affect users that use pion/interceptor. Patches Upgrade to v0.1.39 or later, which includes PR 338 which...

CVE-2022-45597

ComponentSpace.Saml2 4.4.0 Missing SSL Certificate Validation. NOTE: the vendor does not consider this a vulnerability because the report is only about use of certificates at the application layer not the transport layer and "Certificates are exchanged in a controlled fashion between entities...

F5 BIG-IP 代码问题漏洞

F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, and load balancing from F5 USA. A code issue vulnerability exists in the F5 BIG-IP that stems from a SIP MRF ALG configuration that results in TMM termination...

openssl: SSL_select_next_proto buffer overread

A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSLselectnextproto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called...

openssl: SSL_select_next_proto buffer overread

A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSLselectnextproto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called...

The vulnerability of the Application-Layer Protocol Negotiation (ALPN) component in Mozilla Firefox, Firefox ESR, and email clients Thunderbird, Thunderbird ESR, allows a hacker to redirect users to any desired URL address.

The vulnerability of the Application-Layer Protocol Negotiation ALPN component in Mozilla Firefox, Firefox ESR, and Thunderbird email clients, including Thunderbird ESR, is related to the redirection of URLs to unreliable websites. Exploiting this vulnerability allows a malicious actor to redirec...

CVE-2024-11301

CVE-2024-11301 affects lunary-ai/lunary prior to 1.6.3. The issue is the absence of a unique constraint on the combination of projectId and slug when creating evaluators, allowing an attacker to overwrite an existing evaluator by submitting a POST with the same slug. This leads to data integrity ...

The vulnerability of the application layer in real-time database content management system SQL Directus, related to bypassing authentication using a user-controlled key, allows attackers to gain access to the user’s account.

The vulnerability of the application layer in real-time content management system SQL Directus relates to bypassing authentication by using a user-controlled key. Exploiting this vulnerability could allow an attacker to gain access to the user account...

CVE-2025-20045

When SIP session Application Level Gateway mode ALG profile with Passthru Mode enabled and SIP router ALG profile are configured on a Message Routing type virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached...

CVE-2024-43099

The session hijacking attack targets the application layer's control mechanism, which manages authenticated sessions between a host PC and a PLC. During such sessions, a session key is utilized to maintain security. However, if an attacker captures this session key, they can inject traffic into a...

PT-2025-5728 · F5 · Traffic Management Microkernel +1

Name of the Vulnerable Software and Affected Versions: No specific software name is mentioned, but based on the context, it appears to be related to a product from a company like F5, given the mention of terms like "Traffic Management Microkernel TMM" and "Application Level Gateway mode ALG"...

Silicon Simplicity SDK 安全漏洞

Silicon Simplicity SDK is an embedded software development platform from Silicon, Inc. for building IoT products based on our Series 2 and upcoming Series 3 wireless and MCU devices. A security vulnerability exists in the Silicon Simplicity SDK that stems from a misformatted packet that could cau...