PT-2025-20458 · Microsoft +2 · Comctl32.Dll +21

Name of the Vulnerable Software and Affected Versions: Patch My PC Home Updater versions up to 5.1.3.0 Description: A critical issue affects some unknown processing in various system libraries, including advapi32.dll, BCrypt.dll, comctl32.dll, crypt32.dll, dwmapi.dll, gdi32.dll, gdiplus.dll,...

Comparing Classical and Quantum Conditional Disclosure of Secrets

The conditional disclosure of secrets CDS setting is among the most basic primitives studied in information-theoretic cryptography. Motivated by a connection to non-local quantum computation and position-based cryptography, CDS with quantum resources has recently been considered. Here, we study t...

CVE-2025-4272

A vulnerability was found in Mechrevo Control Console 1.0.2.70. It has been rated as critical. Affected by this issue is some unknown functionality in the library C:\Program Files\OEM\MECHREVO Control Center\UniwillService\MyControlCenter\csCAPI.dll of the component GCUService. The manipulation...

CVE-2025-4272 Mechrevo Control Console GCUService csCAPI.dll uncontrolled search path

A vulnerability was found in Mechrevo Control Console 1.0.2.70. It has been rated as critical. Affected by this issue is some unknown functionality in the library C:\Program Files\OEM\MECHREVO Control Center\UniwillService\MyControlCenter\csCAPI.dll of the component GCUService. The manipulation...

CVE-2025-4272 Mechrevo Control Console GCUService csCAPI.dll uncontrolled search path

A vulnerability was found in Mechrevo Control Console 1.0.2.70. It has been rated as critical. Affected by this issue is some unknown functionality in the library C:\Program Files\OEM\MECHREVO Control Center\UniwillService\MyControlCenter\csCAPI.dll of the component GCUService. The manipulation...

CVE-2025-4215

A vulnerability was found in gorhill uBlock Origin up to 1.63.3b16. It has been classified as problematic. Affected is the function currentStateChanged of the file src/js/1p-filters.js of the component UI. The manipulation leads to inefficient regular expression complexity. It is possible to laun...

CVE-2025-4215

A vulnerability was found in gorhill uBlock Origin up to 1.63.3b16. It has been classified as problematic. Affected is the function currentStateChanged of the file src/js/1p-filters.js of the component UI. The manipulation leads to inefficient regular expression complexity. It is possible to laun...

CVE-2025-4215

CVE-2025-4215 affects gorhill uBlock Origin up to 1.63.3b16, specifically the UI function currentStateChanged in src/js/1p-filters.js. The issue is described as an inefficient regular expression pattern used in filters, which can be triggered remotely and carries a relatively high attack complexi...

CVE-2025-4215 gorhill uBlock Origin UI 1p-filters.js currentStateChanged redos

A vulnerability was found in gorhill uBlock Origin up to 1.63.3b16. It has been classified as problematic. Affected is the function currentStateChanged of the file src/js/1p-filters.js of the component UI. The manipulation leads to inefficient regular expression complexity. It is possible to laun...

Security Bulletin: An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing, affects watsonx.data

Summary An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-45338 DESCRIPTION: An attacker can craft an input to the Parse...

CVE-2025-46560 vLLM phi4mm: Quadratic Time Complexity in Input Token Processing​ leads to denial of service

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.8.0 and prior to 0.8.5 are affected by a critical performance vulnerability in the input preprocessing logic of the multimodal tokenizer. The code dynamically replaces placeholder tokens...

CVE-2025-3985

A vulnerability was found in Apereo CAS 5.2.6. It has been classified as problematic. This affects the function ResponseEntity of the file cas-5.2.6\webapp-mgmt\cas-management-webapp-support\src\main\java\org\apereo\cas\mgmt\services\web\ManageRegisteredServicesMultiActionController.java. The...

phi4mm: Quadratic Time Complexity in Input Token Processing​ leads to denial of service

Summary A critical performance vulnerability has been identified in the input preprocessing logic of the multimodal tokenizer. The code dynamically replaces placeholder tokens e.g., , with repeated tokens based on precomputed lengths. Due to ​​inefficient list concatenation operations​​, the...

GHSA-VC6M-HM49-G9QG phi4mm: Quadratic Time Complexity in Input Token Processing​ leads to denial of service

Summary A critical performance vulnerability has been identified in the input preprocessing logic of the multimodal tokenizer. The code dynamically replaces placeholder tokens e.g., , with repeated tokens based on precomputed lengths. Due to ​​inefficient list concatenation operations​​, the...

AWorld OS Command Injection vulnerability

A vulnerability was found in inclusionAI AWorld up to 8c257626e648d98d793dd9a1a950c2af4dd84c4e. It has been rated as critical. This issue affects the function subprocess.run/subprocess.Popen of the file AWorld/aworld/virtualenvironments/terminals/shelltool.py. The manipulation leads to os command...

GHSA-JMJF-MFHM-J3GF AWorld OS Command Injection vulnerability

A vulnerability was found in inclusionAI AWorld up to 8c257626e648d98d793dd9a1a950c2af4dd84c4e. It has been rated as critical. This issue affects the function subprocess.run/subprocess.Popen of the file AWorld/aworld/virtualenvironments/terminals/shelltool.py. The manipulation leads to os command...

CVE-2025-4032

A vulnerability was found in inclusionAI AWorld up to 8c257626e648d98d793dd9a1a950c2af4dd84c4e. It has been rated as critical. This issue affects the function subprocess.run/subprocess.Popen of the file AWorld/aworld/virtualenvironments/terminals/shelltool.py. The manipulation leads to os command...

CVE-2025-4032

CVE-2025-4032 affects inclusionAI AWorld, specifically the shell_tool.py component where subprocess.run/subprocess.Popen can lead to OS command injection. The vulnerability is exploitable remotely; exploitation is considered difficult with high complexity across multiple CVSS sources. Affected co...

Leveraging LLM to Strengthen ML-Based Cross-Site Scripting Detection

According to the Open Web Application Security Project OWASP, Cross-Site Scripting XSS is a critical security vulnerability. Despite decades of research, XSS remains among the top 10 security vulnerabilities. Researchers have proposed various techniques to protect systems from XSS attacks, with...

Apereo CAS has inefficient regular expression complexity

A vulnerability was found in Apereo CAS 5.2.6. It has been declared as problematic. This vulnerability affects unknown code of the file cas-5.2.6\core\cas-server-core-configuration-metadata-repository\src\main\java\org\apereo\cas\metadata\rest\CasConfigurationMetadataServerController.java. The...