940 matches found
EUVD-2025-21796
Malicious code in bioql PyPI...
EUVD-2024-0257
Malicious code in bioql PyPI...
EUVD-2025-18136
Malicious code in bioql PyPI...
EUVD-2022-7146
Malicious code in bioql PyPI...
EUVD-2024-1647
Malicious code in bioql PyPI...
EUVD-2023-32978
Malicious code in bioql PyPI...
PT-2025-40477
Name of the Vulnerable Software and Affected Versions Schema Plugin For Divi, Gutenberg & Shortcodes versions prior to 4.3.2 Description The Schema Plugin For Divi, Gutenberg & Shortcodes for WordPress is susceptible to Object Instantiation up to version 4.3.2 through deserialization of untrusted...
LegalSim: Multi-Agent Simulation of Legal Systems for Discovering Procedural Exploits
We present LegalSim, a modular multi-agent simulation of adversarial legal proceedings that explores how AI systems can exploit procedural weaknesses in codified rules. Plaintiff and defendant agents choose from a constrained action space for example, discovery requests, motions, meet-and-confer,...
GHSA-8PJC-487G-W6P2 vulnerabilities
Vulnerabilities for packages: gcp-compute-persistent-disk-csi-driver, caddy, cerbos, guac, cni-plugins, yunikorn-k8shim, fulcio, spark-operator, consul-k8s, falcoctl, k8sgateway, nri-f5, kubernetes-dashboard-auth, cilium-cli, gatekeeper, nova, wgcf, ko, harbor, migrate, tkn, grafana-alloy, dex,...
CVE-2025-47910 vulnerabilities
Vulnerabilities for packages: trivy, kapp, contour, kuberlr, caddy, fulcio, ko, nuclei, docker-credential-gcr, cloud-provider-gcp-cloud-controller-manager, terraform-provider-azapi, gcp-compute-persistent-disk-csi-driver, portieris, kube-bench, opa, ipfs-cluster, docker-machine-driver-harvester,...
GHSA-8PJC-487G-W6P2 vulnerabilities
Vulnerabilities for packages: trivy, kapp, contour, kuberlr, caddy, fulcio, ko, nuclei, docker-credential-gcr, cloud-provider-gcp-cloud-controller-manager, terraform-provider-azapi, gcp-compute-persistent-disk-csi-driver, portieris, kube-bench, opa, ipfs-cluster, docker-machine-driver-harvester,...
A Cyberattack on Jaguar Land Rover Is Causing a Supply Chain Disaster
The UK-based automaker has been forced to stop vehicle production as a result of the attack—costing JLR tens of millions of dollars and forcing its parts suppliers to lay off workers...
UBUNTU-CVE-2025-39848
In the Linux kernel, the following vulnerability has been resolved: ax25: properly unshare skbs in ax25kissrcv Bernard Pidoux reported a regression apparently caused by commit c353e8983e0d "net: introduce per netns packet chains". skb-dev becomes NULL and we crash in netifreceiveskbcore. Before...
CVE-2025-39848 ax25: properly unshare skbs in ax25_kiss_rcv()
In the Linux kernel, the following vulnerability has been resolved: ax25: properly unshare skbs in ax25kissrcv Bernard Pidoux reported a regression apparently caused by commit c353e8983e0d "net: introduce per netns packet chains". skb-dev becomes NULL and we crash in netifreceiveskbcore. Before...
Vivaldi 7.6: customize everything and rule your tabs
Make the Tab Bar yours Your browser belongs to you. Hence, it must be able to reflect you. Vivaldi is the most customizable browser available, and with our latest update, 7.6, we’re turning customization all the way up to 11. The Tab Bar is where your browsing comes to life, so it's integral that...
gadgetinspector
This is a Java-based tool for finding deserialization gadget chains in Java applications. The tool is called "Gadget Inspector" and is presented as a project that was showcased at Black Hat USA 2018. The tool is designed to automatically discover possible gadget chains in an application's...
ysoserial
This is a proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. The tool, called ysoserial, is a collection of utilities and property-oriented programming "gadget chains" discovered in common Java libraries that can, under the right conditions, exploit Jav...
ysoserial
This is a Java-based proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. The tool, named ysoserial, is designed to create gadgets that can be used to execute arbitrary commands on a vulnerable application. The gadgets are created by wrapping a...
Exploit for Deserialization of Untrusted Data in Telerik Ui_For_Asp.Net_Ajax
CVE-2019-18935-exploit-study In-depth study of...
GHSA-RPW8-82V9-3Q87 Fides' Admin UI User Password Change Does Not Invalidate Current Session
Summary Admin UI user password changes in Fides do not invalidate active user sessions, creating a vulnerability chaining opportunity where attackers who have obtained session tokens through other attack vectors such as XSS can maintain access even after password reset. This issue is not directly...