ReSMT: An SMT-Based Tool for Reverse Engineering

Software obfuscation techniques make code more difficult to understand, without changing its functionality. Such techniques are often used by authors of malicious software to avoid detection. Reverse Engineering of obfuscated code, i.e., the process of overcoming obfuscation and answering questio...

NIST and CISA Release Draft Interagency Report on Protecting Tokens and Assertions from Tampering Theft and Misuse for Public Comment

The Cybersecurity and Infrastructure Security Agency CISA and National Institute of Standards and Technology NIST have released an initial draft of Interagency Report IR 8597 Protecting Tokens and Assertions from Forgery, Theft, and Misuse for public comment through January 30, 2026. This report ...

Authentication Bypass

Node-SAML is vulnerable to an Authentication Bypass. The vulnerability is due to loading assertions from the unsigned original SAML response instead of the signature-verified data, allowing attackers to modify authentication details within a valid assertion, such as altering the username, and...

EUVD-2018-1798

Malware in sbrugna...

EUVD-2024-53303

Malicious code in bioql PyPI...

EUVD-2022-3265

Malicious code in bioql PyPI...

EUVD-2022-7699

Malicious code in bioql PyPI...

EUVD-2023-0131

Malicious code in bioql PyPI...

Fedora 43 : bird (2025-182c305561)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-182c305561 advisory. BIRD 3.1.4 2025-09-22 BGP: Fixed crash on Notification with a message, CVE-2025-59688 BGP: Fixed invalid memory access in pending TX flush BGP: Fixed a rare...

fs: relax assertions on failure to encode file handles

...

CVE-2023-53183

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

Unbreakable Enterprise kernel security update

5.4.17-2136.347.6 - netsched: schsfq: move the limit validation Octavian Purdila Orabug: 38377926 CVE-2025-37752 - netsched: schsfq: use a temporary work area for validating configuration Octavian Purdila Orabug: 38377926 - netsched: schsfq: don't allow 1 packet limit Octavian Purdila Orabug:...

Linux Distros Unpatched Vulnerability : CVE-2022-41912

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The crewjam/saml go library prior to version 0.4.9 is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion...

cmake 安全漏洞

cmake is a cross-platform software building tool from CMake open source. A security vulnerability exists in cmake version 4.1.20250725-gb5cce23, which stems from reachable assertions...

CVE-2025-38544

CVE-2025-38544 : The Linux kernel’s rxrpc implementation had a bug where preallocated call IDs could collide, triggering cleanup assertions when an in-use ID was released. The fix sets the call state in rxrpc_service_prealloc_one() and marks the call as released before cleanup, preventing both as...

CVE-2025-38544 rxrpc: Fix bug due to prealloc collision

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix bug due to prealloc collision When userspace is using AFRXRPC to provide a server, it has to preallocate incoming calls and assign to them call IDs that will be used to thread related recvmsg and sendmsg together. The...

CVE-2025-38544

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix bug due to prealloc collision When userspace is using AFRXRPC to provide a server, it has to preallocate incoming calls and assign to them call IDs that will be used to thread related recvmsg and sendmsg together. The...

qt6-qtbase: qt5-qtbase: QtCore Assertion Failure Denial of Service

A flaw was found in QtCore's qDecodeDataUrl function. This vulnerability allows an application level denial of service via a malformed data URL with a missing charset value when assertions are enabled...

Improper Verification of Cryptographic Signature

Overview node-saml is a SAML 2.0 Library Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to loading assertions from unsigned response documents. An attacker can alter authentication details, such as modifying the username in a SAML assertio...

node-saml 数据伪造问题漏洞

node-saml is a SAML library that does not depend on any framework running in Node.js. A data forgery issue vulnerability exists in Node-SAML 5.0.1 and prior versions, which stems from an unvalidated assertion document that could result in modifying authentication details in SAML assertions...