Volcano 安全漏洞

Volcano is a batch processing system built on Kubernetes by Volcano Open Source. A security vulnerability exists in Volcano versions prior to 1.11.2, which stems from a service or plugin being under the control of an attacker and could lead to a denial of service and elevation of privilege...

GTSD: Generative Text Steganography Based on Diffusion Model

With the rapid development of deep learning, existing generative text steganography methods based on autoregressive models have achieved success. However, these autoregressive steganography approaches have certain limitations. Firstly, existing methods require encoding candidate words according t...

Updated rust packages fix security vulnerability

The Rust Security Response WG was notified that the Rust standard library did not properly escape arguments when invoking batch files with the bat and cmd extensions on Windows using the Command API. An attacker able to control the arguments passed to the spawned process could execute arbitrary...

MGASA-2025-0136 Updated rust packages fix security vulnerability

The Rust Security Response WG was notified that the Rust standard library did not properly escape arguments when invoking batch files with the bat and cmd extensions on Windows using the Command API. An attacker able to control the arguments passed to the spawned process could execute arbitrary...

gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl().

...

CVE-2025-3327

A vulnerability was found in iteaj iboot 物联网网关 1.1.3 and classified as problematic. This issue affects some unknown processing of the file /common/upload/batch of the component File Upload. The manipulation of the argument File leads to cross site scripting. The attack may be initiated remotely...

iboot 安全漏洞

iboot is a general-purpose IoT gateway, industrial IoT gateway system by iteaj individual developer. A security vulnerability exists in iboot version 1.1.3, which stems from the mishandling of the parameter File in the file upload component /common/upload/batch, which could lead to a cross-site...

BIT-JOOMLA-2020-8419

An issue was discovered in Joomla! before 3.9.15. Missing token checks in the batch actions of various components cause CSRF vulnerabilities...

com.navercorp.pinpoint:pinpoint-batch (>=3.0.0 <=3.0.5), com.navercorp.pinpoint:pinpoint-collector-starter (>=3.0.0 <=3.0.5) +65 more potentially affected by CVE-2024-56325 via org.apache.pinot:pinot-common (>=0.1.0 <=1.2.0)

org.apache.pinot:pinot-common MAVEN version =0.1.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.1, =3.0.1, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =2024.4.0, =2025.1.1 and more Source cves: CVE-2024-56325 Source advisory: OSV:GHSA-6JWP-4WVJ-6597...

Exploit for CVE-2025-30208

CVE-2025-30208 Detection Tool Vulnerability Analysis Vite...

This Week in Spring - March 25th, 2025

Hi, Spring fans! Welcome to another installment of This Week in Spring! This week, I’m in Portland, OR, then I'm off to Austin, TX for the Arc of AI show, and then I'm off to Amsterdam for Voxxed Days Amsterdam! If you're around, be sure to say hi! There's a ton of cool stuff to look at, so witho...

GHSA-P6X3-V6G3-7557 Aim Relative Path Traversal vulnerability

A vulnerability in the runs/delete-batch endpoint of aimhubio/aim version 3.19.3 allows for arbitrary file or directory deletion through path traversal. The endpoint does not mitigate path traversal when handling user-specified run-names, which are used to specify log/metadata files for deletion...

Relative Path Traversal

Overview aim is a super-easy way to record, search and compare AI experiments. Affected versions of this package are vulnerable to Relative Path Traversal through the runs/delete-batch endpoint. An attacker can delete arbitrary files or directories, potentially causing denial of service or data...

Aim 安全漏洞

Aim is an easy-to-use and high-performance open source experiment tracker from Aim Open Source USA. A security vulnerability exists in Aim version 3.19.3, which stems from unmitigated path traversal in the runs/delete-batch endpoint, and could lead to arbitrary file or directory deletion...

Arcane stealer: We want all your data

At the end of 2024, we discovered a new stealer distributed via YouTube videos promoting game cheats. What's intriguing about this malware is how much it collects. It grabs account information from VPN and gaming clients, and all kinds of network utilities like ngrok, Playit, Cyberduck, FileZilla...

Exploit for Deserialization of Untrusted Data in Apache Tomcat

CVE-2025-24813-Exploit Apache Tomcat Remote Code Execution RC...

SUSE CVE-2025-21865

In the Linux kernel, the following vulnerability has been resolved: gtp: Suppress list corruption splat in gtpnetexitbatchrtnl. Brad Spengler reported the listdel corruption splat in gtpnetexitbatchrtnl. 0 Commit eb28fd76c0a0 "gtp: Destroy device along with udp socket's netns dismantle." added th...

DEBIAN-CVE-2025-21865

In the Linux kernel, the following vulnerability has been resolved: gtp: Suppress list corruption splat in gtpnetexitbatchrtnl. Brad Spengler reported the listdel corruption splat in gtpnetexitbatchrtnl. 0 Commit eb28fd76c0a0 "gtp: Destroy device along with udp socket's netns dismantle." added th...

CVE-2025-21865 gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl().

In the Linux kernel, the following vulnerability has been resolved: gtp: Suppress list corruption splat in gtpnetexitbatchrtnl. Brad Spengler reported the listdel corruption splat in gtpnetexitbatchrtnl. 0 Commit eb28fd76c0a0 "gtp: Destroy device along with udp socket's netns dismantle." added th...

PT-2025-35718

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's netfilter module related to handling duplicate devices during netfilter table updates. Specifically, a chain or flowtable update may proceed with...