EUVD-2025-13252

Malicious code in bioql PyPI...

EUVD-2025-21180

Malicious code in bioql PyPI...

EUVD-2024-27512

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2017-9149

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Metadata Anonymisation Toolkit MAT 0.6 and 0.6.1 silently fails to perform Clean metadata actions upon invocation from the Nautilus contextual menu, which allow...

KillChainGraph: ML Framework for Predicting and Mapping ATT&CK Techniques

The escalating complexity and volume of cyberattacks demand proactive detection strategies that go beyond traditional rule-based systems. This paper presents a phase-aware, multi-model machine learning framework that emulates adversarial behavior across the seven phases of the Cyber Kill Chain...

LMDG: Advancing Lateral Movement Detection through High-Fidelity Dataset Generation

Lateral Movement LM attacks continue to pose a significant threat to enterprise security, enabling adversaries to stealthily compromise critical assets. However, the development and evaluation of LM detection systems are impeded by the absence of realistic, well-labeled datasets. To address this...

Detecting and Visualizing Lateral Movement Attacks with Trellix XDR

Detecting and Visualizing Lateral Movement Attacks with Trellix Helix Connect By Maulik Maheta and Adithya Chandra · July 17, 2025 Executive summary This blog marks the third installment in our series on detecting and visualizing lateral movement attacks with Trellix Helix Connect. A lateral...

CVE-2025-7566

A vulnerability has been found in jshERP up to 3.5 and classified as critical. This vulnerability affects the function exportExcelByParam of the file /src/main/java/com/jsh/erp/controller/SystemConfigController.java. The manipulation of the argument Title leads to path traversal. The attack can b...

CVE-2025-34092

Rejected reason: Neither filed by Chrome nor a valid security vulnerability...

PT-2025-27354 · Unknown · Langchain-Chatchat

Name of the Vulnerable Software and Affected Versions: Langchain-Chatchat versions up to 0.3.1 Description: A critical vulnerability has been found in Langchain-Chatchat, affecting the upload temp docs function of the /knowledge base/upload temp docs file in the Backend component. The manipulatio...

CVE-2025-5029

A vulnerability has been found in Kingdee Cloud Galaxy Private Cloud BBC System up to 9.0 Patch April 2025 and classified as critical. Affected by this vulnerability is the function BaseServiceFactory.getFileUploadService.deleteFileAction of the file fileUpload/deleteFileAction.jhtml of the...

SonicWall Secure Mobile Access < 10.2.1.15-81sv (SNWLID-2025-0011)

The version of SonicWall Secure Mobile Access installed on the remote host is prior to 10.2.1.15-81sv. It is, therefore, affected by multiple vulnerabilities as referenced in the SNWLID-2025-0011 advisory: - A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user...

CVE-2025-4185 Wangshen SecGate 3600 g=obj_area_export_save path traversal

A vulnerability, which was classified as critical, has been found in Wangshen SecGate 3600 2024. This issue affects some unknown processing of the file ?g=objareaexportsave. The manipulation of the argument filename leads to path traversal. The attack may be initiated remotely. The exploit has be...

Automating Function-Level TARA for Automotive Full-Lifecycle Security

As modern vehicles evolve into intelligent and connected systems, their growing complexity introduces significant cybersecurity risks. Threat Analysis and Risk Assessment TARA has therefore become essential for managing these risks under mandatory regulations. However, existing TARA automation...

CVE-2025-3562

A vulnerability was found in Yonyou YonBIP MA2.7. It has been declared as problematic. Affected by this vulnerability is the function FileInputStream of the file /mobsm/common/userfile. The manipulation of the argument path leads to path traversal. The attack can be launched remotely. The exploit...

CVE-2025-3043

A vulnerability, which was classified as critical, has been found in GuoMinJim PersonManage 1.0. This issue affects the function preHandle of the file /login/. The manipulation of the argument Request leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to...

CVE-2025-2961

A vulnerability classified as problematic was found in opensolon up to 3.1.0. This vulnerability affects the function rendermav of the file /aa of the component org.noear.solon.core.handle.RenderManager. The manipulation of the argument template with the input ../org/example/HelloApp.class leads ...

CVE-2025-2618 D-Link DAP-1620 Path api set_ws_action heap-based overflow

A vulnerability, which was classified as critical, has been found in D-Link DAP-1620 1.03. Affected by this issue is the function setwsaction of the file /dws/api/ of the component Path Handler. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit...

CVE-2025-2363

A vulnerability classified as critical has been found in lenve VBlog up to 1.0.0. Affected is the function uploadImg of the file blogserver/src/main/java/org/sang/controller/ArticleController.java. The manipulation of the argument filename leads to path traversal. It is possible to launch the...

CVE-2025-1336

A vulnerability has been found in CmsEasy 7.7.7.9 and classified as problematic. Affected by this vulnerability is the function deleteimgaction in the library lib/admin/imageadmin.php. The manipulation of the argument imgname leads to path traversal. The attack can be launched remotely. The explo...