PT-2026-38290

Name of the Vulnerable Software and Affected Versions dssrf versions prior to 1.3.0 Description A flaw in the library allows attackers to bypass Server-Side Request Forgery SSRF protections by using various IPv6 address categories. This occurs because the is url safe function fails to properly...

FBI Agent’s Sworn Testimony Contradicts Claims ICE’s Jonathan Ross Made Under Oath

The testimony also calls into question whether Ross failed to follow his training during the incident in which he reportedly shot and killed Minnesota citizen Renee Good...

EUVD-2024-30436

Malicious code in bioql PyPI...

CVE-2020-25790

Typesetter CMS 5.x through 5.1 allows admins to upload and execute arbitrary PHP code via a .php file inside a ZIP archive. NOTE: the vendor disputes the significance of this report because "admins are considered trustworthy"; however, the behavior "contradicts our security policy" and is being...

The vulnerability of the sqlo_preds_contradiction component in the Virtuoso-opensource web application development platform allows a attacker to trigger a service failure.

The vulnerability of the sqlopredscontradiction component in the Virtuoso-opensource web application development platform is related to the improper elimination of special elements used in SQL commands. Exploiting this vulnerability can allow an attacker to trigger a service failure using special...

Gateway API route matching order contradicts specification

Impact Gateway API HTTPRoutes and GRPCRoutes do not follow the match precedence specified in the Gateway API specification. In particular, request headers are matched before request methods, when the specification describes that the request methods must be respected before headers are matched...

CVE-2024-42487 Cilium's Gateway API route matching order contradicts specification

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In the 1.15 branch prior to 1.15.8 and the 1.16 branch prior to 1.16.1, Gateway API HTTPRoutes and GRPCRoutes do not follow the match precedence specified in the Gateway API specification. In particular,...

CVE-2024-32634

In huge memory get unmapped area check, code can never be reached because of a logical contradiction...

CVE-2024-32634

In huge memory get unmapped area check, code can never be reached because of a logical contradiction...

CVE-2024-32634 Logically dead code

In huge memory get unmapped area check, code can never be reached because of a logical contradiction...

CVE-2024-32634

CVE-2024-32634 is described as a logic contradiction in the huge memory unmapped area check that makes a code path dead/unreachable. Connected sources tie this to Asrmicro ASR180x series chips (CNNVD) and reiterate the issue as a logical dead-code condition (PT-Security). There is no publicly doc...

PT-2024-24734

Name of the Vulnerable Software and Affected Versions No specific software or versions are mentioned in the provided descriptions. Description The issue is related to a logical contradiction in the code for checking unmapped areas in huge memory, which results in a section of code that can never ...

CVE-2021-47092

In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Always clear vmx-fail on emulationrequired Revert a relatively recent change that set vmx-fail if the vCPU is in L2 and emulationrequired is true, as that behavior is completely bogus. Setting vmx-fail and synthesizing ...

quorum and quota calculation logic is flawed

Lines of code Vulnerability details Impact quorum and quota calculation logic is flawed Proof of Concept votes to be valid, and if the poll passed or failed. At the time of writing, then QUORUM value is 33% of active stake, and the QUOTA is 50%, meaning that as long as 1/3rd of active stake votes...

Adding balance to accumulator does not depend on the current drawId, while documentation says it does

Lines of code Vulnerability details Impact In documentation protocol states that : To compute the allocated contribution for a draw d we'd compute the integral of curve cd=−t∗lnα∗α^d from lastdraw dold to dnew, and which is equal to −t∗ α^dold + t∗ α^dnew. Which clearly shows that contribution on...

DEBIAN-CVE-2023-31631

An issue in the sqlopredscontradiction component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

Virtuoso Open-Source Edition SQL注入漏洞

Virtuoso Open-Source Edition is a high-performance and scalable multi-model RDBMS, data integration middleware, linked data deployment, and HTTP application server platform from OpenLink Software open source. A security vulnerability exists in Virtuoso Open-Source Edition version v7.2.9, which...

Microsoft ACL Shortcomings

Hi @ll, the following is a substantially shortened version of and Windows NT supports access control for almost all its objects, "How Security Descriptors and Access Control Lists Work" and "How Permissions Work" provide a comprehensive and exhaustive explanation. "Access Control Lists" provides ...

CVE-2020-25790

Summary: CVE-2020-25790 affects Typesetter CMS 5.x through 5.1. A ZIP upload feature allows an admin to place a PHP file inside the archive and, after extraction, execute the code, leading to arbitrary code execution. Root cause: uploaded ZIP contents can be executed via the web interface, confli...