942 matches found
EUVD-2025-1582
Malicious code in bioql PyPI...
EUVD-2024-44565
Malicious code in bioql PyPI...
EUVD-2022-6688
Malicious code in bioql PyPI...
EUVD-2023-1882
Malicious code in bioql PyPI...
EUVD-2023-1764
Malicious code in bioql PyPI...
EUVD-2022-52392
Malicious code in bioql PyPI...
Automated Vulnerability Validation and Verification: A Large Language Model Approach
Software vulnerabilities remain a critical security challenge, providing entry points for attackers into enterprise networks. Despite advances in security practices, the lack of high-quality datasets capturing diverse exploit behavior limits effective vulnerability assessment and mitigation. This...
ATLANTIS: AI-Driven Threat Localization, Analysis, and Triage Intelligence System
We present ATLANTIS, the cyber reasoning system developed by Team Atlanta that won 1st place in the Final Competition of DARPA's AI Cyber Challenge AIxCC at DEF CON 33 August 2025. AIxCC 2023-2025 challenged teams to build autonomous cyber reasoning systems capable of discovering and patching...
ai.ancf.lmos:arc-graphql-spring-boot-starter (>=0.114.0 <=0.120.0), ai.ancf.lmos:arc-memory-mongo-spring-boot-starter (>=0.114.0 <=0.120.0) +7993 more potentially affected by CVE-2025-41249 via org.springframework:spring-core (>=6.2.0 <=6.2.10)
org.springframework:spring-core MAVEN version =6.2.0, =0.114.0, =0.114.0, =0.114.0, =0.114.0, =0.5.0, =0.8.0, =1.17.0, =1.17.0, =1.17.0, =3.3.0, =0.0.1, =0.0.1, =0.0.2 and more Source cves: CVE-2025-41249 Source advisory: OSV:GHSA-JMP9-X22R-554X...
PT-2025-37013
Name of the Vulnerable Software and Affected Versions: versions prior to 2025-41714 Description: The upload endpoint does not adequately validate the Upload-Key request header. An authenticated attacker can use path traversal sequences within the header to create files outside the intended storag...
Linux Distros Unpatched Vulnerability : CVE-2024-10219
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions from 15.6 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that under certain...
Linux Distros Unpatched Vulnerability : CVE-2024-5318
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.11 prior to 16.10.6, starting from 16.11 prior to 16.11.3, and starting fro...
Linux Distros Unpatched Vulnerability : CVE-2024-3959
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1...
Linux Distros Unpatched Vulnerability : CVE-2024-7057
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and...
CVE-2024-48988 Apache StreamPark: SQL injection vulnerability
SQL Injection vulnerability in Apache StreamPark. This issue affects Apache StreamPark: from 2.1.4 before 2.1.6. Users are recommended to upgrade to version 2.1.6, which fixes the issue. This vulnerability is present only in the distribution package SpringBoot platform and does not involve Maven...
CVE-2025-50733
NextChat has an XSS vulnerability in the HTMLPreview component (artifacts.tsx). User-influenced HTML from AI responses is rendered in an iframe with allow-scripts without proper sanitization, enabling injection of JavaScript. Impact stated includes exfiltration of sensitive data (e.g., API keys i...
CVE-2025-50733
NextChat contains a cross-site scripting XSS vulnerability in the HTMLPreview component of artifacts.tsx that allows attackers to execute arbitrary JavaScript code when HTML content is rendered in the AI chat interface. The vulnerability occurs because user-influenced HTML from AI responses is...
PT-2025-34377 · Nextchat · Nextchat
Name of the Vulnerable Software and Affected Versions: NextChat affected versions not specified Description: NextChat contains a cross-site scripting XSS issue in the HTMLPreview component of artifacts.tsx. This allows attackers to execute arbitrary JavaScript code when HTML content is rendered i...
Linux Distros Unpatched Vulnerability : CVE-2018-5709
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in MIT Kerberos 5 aka krb5 through 1.16. There is a variable dbentry-nkeydata in kadmin/dbutil/dump.c that can store 16-bit data but...
BIT-GITLAB-2024-10219 Incorrect Authorization in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 15.6 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that under certain conditions could have allowed authenticated users to bypass access controls and download private artifacts by accessing specific API endpoints...