3386 matches found
EUVD-2022-35019
Malicious code in bioql PyPI...
EUVD-2022-5023
Malicious code in bioql PyPI...
EUVD-2022-1994
Malicious code in bioql PyPI...
EUVD-2025-13027
Malicious code in bioql PyPI...
EUVD-2025-25100
Malicious code in bioql PyPI...
EUVD-2025-26789
Malicious code in bioql PyPI...
EUVD-2025-31700
Malicious code in bioql PyPI...
BIT-MONGODB-2024-10921 Improper neutralization of null bytes may lead to buffer over-reads in MongoDB Server
An authorized user may trigger crashes or receive the contents of buffer over-reads of Server memory by issuing specially crafted requests that construct malformed BSON in the MongoDB Server. This issue affects MongoDB Server v5.0 versions prior to 5.0.30 , MongoDB Server v6.0 versions prior to...
CVE-2025-39913
In the Linux kernel, the following vulnerability has been resolved: tcpbpf: Call skmsgfree when tcpbpfsendverdict fails to allocate psock-cork. syzbot reported the splat below. 0 The repro does the following: 1. Load a skmsg prog that calls bpfmsgcorkbytesmsg, corkbytes 2. Attach the prog to a...
Evaluating the Robustness of a Production Malware Detection System to Transferable Adversarial Attacks
As deep learning models become widely deployed as components within larger production systems, their individual shortcomings can create system-level vulnerabilities with real-world impact. This paper studies how adversarial attacks targeting an ML component can degrade or bypass an entire...
SUSE SLES15 / openSUSE 15 Security Update : nginx (SUSE-SU-2025:03444-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03444-1 advisory. - CVE-2025-53859:?the server side may leak arbitrary bytes during the NGINX SMTP authentication process bsc1248070. ...
Windows Shortcut (LNK) Padding
This module generates Windows LNK shortcut file that can execute arbitrary commands. The LNK file uses environment variables and execute its arguments from COMMANDLINEARGUMENTS with extra juicy whitespace character padding bytes and concatenates the actual payload. Module Options msf use...
CVE-2023-53463 ibmvnic: Do not reset dql stats on NON_FATAL err
In the Linux kernel, the following vulnerability has been resolved: ibmvnic: Do not reset dql stats on NONFATAL err All ibmvnic resets, make a call to netdevtxresetqueue when re-opening the device. netdevtxresetqueue resets the numqueued and numcompleted byte counters. These stats are used in Byt...
CVE-2025-39913 tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork.
In the Linux kernel, the following vulnerability has been resolved: tcpbpf: Call skmsgfree when tcpbpfsendverdict fails to allocate psock-cork. syzbot reported the splat below. 0 The repro does the following: 1. Load a skmsg prog that calls bpfmsgcorkbytesmsg, corkbytes 2. Attach the prog to a...
Suricata 代码问题漏洞
Suricata is a network IDS, IPS and NSM engine from the Open Information Security Foundation. A code issue vulnerability exists in Suricata version 8.0.0 that stems from the use of the tls.subjectaltname keyword when decoding subjectaltname to contain null bytes, which could lead to a segmentation...
@nubosoftware/node-static failure to catch exception can result in server crash
This affects all versions of the package node-static; all versions of the package @nubosoftware/node-static. The package fails to catch an exception when user input includes null bytes. This allows attackers to access http://host/%00 and crash the server...
CVE-2025-11149
CVE-2025-11149 affects all versions of node-static and @nubosoftware/node-static. The root issue is that the package fails to catch an exception when user input contains null bytes, allowing an attacker to access the URL http://host/%00 and cause a server crash. The connected Nessus/Red Hat/GHSA/...
CVE-2025-11149
This affects all versions of the package node-static; all versions of the package @nubosoftware/node-static. The package fails to catch an exception when user input includes null bytes. This allows attackers to access http://host/%00 and crash the server...
CLSA-2025-1758744098 gimp: Fix of CVE-2025-48797
CVE-2025-48797: fix TGA loader buffer overflows by validating colormap alpha, color IDs, bytes-per-pixel, and limiting error messages...
PT-2025-38881
Name of the Vulnerable Software and Affected Versions WP Compiler versions through 1.0.0 Description A Cross-Site Request Forgery CSRF issue exists in WP Compiler. This allows attackers to perform actions on behalf of an unsuspecting user. Recommendations At the moment, there is no information...