146 matches found
Unity Linux 20.1050a Security Update: kernel (UTSA-2026-007029)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007029 advisory. In the Linux kernel, the following vulnerability has been resolved: efivarfs: Fix slab-out-of-bounds in efivarfsdcompare Observed on kernel 6.6 present on master as...
jsrsasign 安全漏洞
jsrsasign is a signature verification library developed by Kenji Urushima. Versions of jsrsasign from 7.0.0 to 11.1.1 contained security vulnerabilities. These vulnerabilities stemmed from incomplete comparisons in the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions located...
H3 安全漏洞
H3 is an open-source HTTP framework developed by H3. Versions of H3 from 2.0.1-beta.0 to 2.0.0-rc.8 contain security vulnerabilities. These vulnerabilities stem from the use of insecure string comparisons in the requireBasicAuth function, which may lead to timing side-channel attacks...
Security Assessment and Mitigation Strategies for Large Language Models: A Comprehensive Defensive Framework
Large Language Models increasingly power critical infrastructure from healthcare to finance, yet their vulnerability to adversarial manipulation threatens system integrity and user safety. Despite growing deployment, no comprehensive comparative security assessment exists across major LLM...
NocoDB 安全漏洞
NocoDB is an open-source alternative to Airtable. It converts any MySQL, PostgreSQL, SQL Server, SQLite, and MariaDB databases into intelligent spreadsheets. Versions of NocoDB prior to 0.301.3 contained a security vulnerability. This vulnerability stemmed from storing shared view passwords as...
Evaluating and Enhancing the Vulnerability Reasoning Capabilities of Large Language Models
Large Language Models LLMs have demonstrated remarkable proficiency in vulnerability detection. However, a critical reliability gap persists: models frequently yield correct detection verdicts based on hallucinated logic or superficial patterns that deviate from the actual root cause. This...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from the BPF validator incorrectly disabling pointer comparisons...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from mpicmpui not handling zero-value comparisons correctly, which could lead to a null pointer dereference...
TeleAI-Safety: A Comprehensive LLM Jailbreaking Benchmark Towards Attacks, Defenses, and Evaluations
While the deployment of large language models LLMs in high-value industries continues to expand, the systematic assessment of their safety against jailbreak and prompt-based attacks remains insufficient. Existing safety evaluation benchmarks and frameworks are often limited by an imbalanced...
JLSEC-2025-324 A flaw was found in rsync which could be triggered when rsync compares file checksums
A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length s2length to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time...
CVE-2025-64753 grist-core has insufficient access control in endpoints for comparisons between documents and versions
grist-core is a spreadsheet hosting server. Prior to version 1.7.7, a user with only partial read access to a document could still access endpoints listing hashes for versions of that document and receive a full list of changes between versions, even if those changes contained cells, columns, or...
Timing Attack
Dragonfly is vulnerable to Timing Attack. The vulnerability is due to the use of simple string comparisons in the Proxy feature’s access control mechanism, which allows an attacker to guess the password one character at a time by analyzing response time variations...
EUVD-2025-34730
Mattermost has an Observable Timing Discrepancy vulnerability...
CVE-2025-54499 Insecure string comparison enables timing attacks
Mattermost versions 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to use constant-time comparison for sensitive string comparisons which allows attackers to exploit timing oracles to perform byte-by-byte brute force attacks via response time analysis on Cloud API keys and OAuth client secrets...
EUVD-2012-0527
Malware in sbrugna...
EUVD-2018-3837
Malware in sbrugna...
EUVD-2015-7516
Malware in sbrugna...
EUVD-2017-16783
Malware in sbrugna...
EUVD-2013-4875
Malware in sbrugna...
EUVD-2019-19249
Malware in sbrugna...