SUSE CVE-2023-53860

In the Linux kernel, the following vulnerability has been resolved: dm: don't attempt to queue IO under RCU protection dm looks up the table for IO based on the request type, with an assumption that if the request is marked REQNOWAIT, it's fine to attempt to submit that IO while under RCU read lo...

EUVD-2023-60136

In the Linux kernel, the following vulnerability has been resolved: dm: don't attempt to queue IO under RCU protection dm looks up the table for IO based on the request type, with an assumption that if the request is marked REQNOWAIT, it's fine to attempt to submit that IO while under RCU read lo...

CVE-2025-41694

A low privileged remote attacker can run the webshell with an empty command containing whitespace. The server will then block until it receives more data, resulting in a DoS condition of the websserver...

2025 in Review: A Year of Smarter, Context-Aware API Security

As the year draws to a close, it’s worth pausing to look back on what has been an extraordinary year for Wallarm and, more importantly, for the businesses we protect. If 2024 was about laying the groundwork tracking API sessions to understand behavioral attacks, then 2025 was the year we built up...

UBUNTU-CVE-2025-40238

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix IPsec cleanup over MPV device When we do mlx5edetachnetdev we eventually disable blocking events notifier, among those events are IPsec MPV events from IB to core. So before disabling those blocking events, make sur...

IoTEdu: Access Control, Detection, and Automatic Incident Response in Academic IoT Networks

The growing presence of IoT devices in academic environments has increased operational complexity and exposed security weaknesses, especially in academic institutions without unified policies for registration, monitoring, and incident response involving IoT. This work presents IoTEdu, an integrat...

Paris, The Thinker, and why your WAF should block XSS by default

With Thales HQ in Paris, it felt right to detour to the Musée Rodin and stand before The Thinker, the bronze giant by Auguste Rodin whose clenched posture and chin-in-hand stance have become a universal symbol of deep judgment. Conceived for The Gates of Hell in 1880 and first cast monumentally i...

vLLM 安全漏洞

vLLM is a high throughput and memory efficient inference and service engine for LLM from vLLM open source. A security vulnerability exists in vLLM version 0.5.5 through versions prior to 0.11.1, which stems from insufficient validation of the chattemplatekwargs parameter, and may result in API...

GHSA-69J4-GRXJ-J64P vLLM vulnerable to DoS via large Chat Completion or Tokenization requests with specially crafted `chat_template_kwargs`

Summary The /v1/chat/completions and /tokenize endpoints allow a chattemplatekwargs request parameter that is used in the code before it is properly validated against the chat template. With the right chattemplatekwargs parameters, it is possible to block processing of the API server for long...

PT-2025-47650

Name of the Vulnerable Software and Affected Versions vLLM versions 0.5.5 through 0.11.0 Description vLLM is an inference and serving engine for large language models LLMs. The /v1/chat/completions and /tokenize API endpoints accept a chat template kwargs request parameter that is not properly...

EUVD-2025-179183

Malicious code in electron-builder-kaus-non-blocking-europa npm...

EUVD-2025-178462

Malicious code in ichnology-eventhoriz-grus-non-blocking npm...

EUVD-2025-179883

Malicious code in capella-non-blocking-avior-jabbah npm...

EUVD-2025-178836

Malicious code in framework-release-it-fornax-non-blocking npm...

EUVD-2025-178557

Malicious code in helmet-pegasus-non-blocking-phoebe npm...

EUVD-2025-177542

Malicious code in non-blocking-miranda-gridsome-cosmicray npm...

EUVD-2025-177492

Malicious code in octans-non-blocking-repository-cosmiconfig npm...

EUVD-2025-175490

Malicious code in xerxes-non-blocking-baryon-solarnebula npm...

MAL-2025-186377 Malicious code in cross-env-atlas-non-blocking-eslint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c136167139e7da8f2dfa597abcb7ee932a4d5968c1f94382ea87cc5b9e43128d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-190386 Malicious code in xerxes-non-blocking-baryon-solarnebula (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2ae2eb9332acb82fd3f4234327e07742b0664e9628b1ba566bae6f2422fb622e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...