EulerOS Virtualization 2.13.0 : polkit (EulerOS-SA-2025-2593)

According to the versions of the polkit packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be...

CVE-2025-67744

DeepChat prior to 0.5.3 is affected by a Mermaid diagram rendering vulnerability that allows arbitrary JavaScript execution. The issue arises from the Electron IPC renderer being exposed to the DOM, enabling a Cross-Site Scripting (XSS) flaw that can escalate to Remote Code Execution (RCE) and al...

SeBERTis: A Framework for Producing Classifiers of Security-Related Issue Reports

Monitoring issue tracker submissions is a crucial software maintenance activity. A key goal is the prioritization of high risk, security-related bugs. If such bugs can be recognized early, the risk of propagation to dependent products and endangerment of stakeholder benefits can be mitigated. To...

SHERLOCK: A Deep Learning Approach to Detect Software Vulnerabilities

The increasing reliance on software in various applications has made the problem of software vulnerability detection more critical. Software vulnerabilities can lead to security breaches, data theft, and other negative outcomes. Traditional software vulnerability detection techniques, such as...

EUVD-2025-203121

Vuetify has a Prototype Pollution vulnerability...

Prototype Pollution

Overview org.webjars.npm:vuetify is an a Material Design component framework for Vue.js. Affected versions of this package are vulnerable to Prototype Pollution via the mergeDeep function used to merge preset options with defaults. An attacker can inject arbitrary properties into all JavaScript...

CVE-2025-8083 Vuetify Prototype Pollution via Preset options

The Preset configuration https://v2.vuetifyjs.com/en/features/presets feature of Vuetify is vulnerable to Prototype Pollution https://cheatsheetseries.owasp.org/cheatsheets/PrototypePollutionPreventionCheatSheet.html due to the internal 'mergeDeep' utility function used to merge options with...

CVE-2025-8083

Vuetify CVE-2025-8083 is a Prototype Pollution flaw in the Preset configuration feature via internal mergeDeep when merging malicious presets. Affected: Vuetify >=2.2.0-beta.2 and

📄 Palo Alto Deep Packet Inspection Information Disclosure

Proof of concept code for Palo Alto deep packet inspection data exfiltration issues that appear to affect PanOS up to version 11.2.0. ============================================================================================================================================= | Title : Palo Alto...

GHSA-HXJ9-33PP-J2CC Elysia vulnerable to prototype pollution with multiple standalone schema validation

Prototype pollution vulnerability in mergeDeep after merging results of two standard schema validations with the same key. Due to the ordering of merging, there must be an any type that is set as a standalone guard, to allow for the proto prop to be merged. When combined with GHSA-8vch-m3f4-q8jf...

Elysia vulnerable to prototype pollution with multiple standalone schema validation

Prototype pollution vulnerability in mergeDeep after merging results of two standard schema validations with the same key. Due to the ordering of merging, there must be an any type that is set as a standalone guard, to allow for the proto prop to be merged. When combined with GHSA-8vch-m3f4-q8jf...

React2Shell: Technical Deep-Dive & In-the-Wild Exploitation of CVE-2025-55182

We break down the exploit mechanics and detail active in-the-wild attacks observed by our team, from credential harvesting to sophisticated cloud backdoors...

Deep Reinforcement Learning for Phishing Detection with Transformer-Based Semantic Features

Phishing is a cybercrime in which individuals are deceived into revealing personal information, often resulting in financial loss. These attacks commonly occur through fraudulent messages, misleading advertisements, and compromised legitimate websites. This study proposes a Quantile Regression De...

Hyperflex: A SIMD-Based DFA Model for Deep Packet Inspection

Deep Packet Inspection DPI has been extensively employed for network security. It examines traffic payloads by searching for regular expressions regex with the Deterministic Finite Automaton DFA model. However, as the network bandwidth and ruleset size are increasing rapidly, the conventional DFA...

libexpat: expat: Improper Restriction of XML Entity Expansion Depth in libexpat

A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash...

DEBIAN-CVE-2025-12084

When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorithm is quadratic. Availability can be impacted when building excessively nested documents...

CVE-2025-12084

CVE-2025-12084 affects Python’s xml.dom.minidom when building nested elements via methods like appendChild() that rely on _clear_id_cache(); the algorithm becomes quadratic, potentially impacting availability under heavily nested documents. Connected advisories confirm a patch exists across multi...

CVE-2025-12084 Quadratic complexity in node ID cache clearing

When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorithm is quadratic. Availability can be impacted when building excessively nested documents...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via algorithmic complexity in the SQL parsing logic. The parser fails to enforce limits when handling deeply nested tuples or unusually large token sequences, allowing an attacker to...

EUVD-2025-199979

Uncontrolled recursion in the json2pb component in Apache bRPC version 1.15.0 on all platforms allows remote attackers to make the server crash via sending deep recursive json data. Root Cause: The bRPC json2pb component uses rapidjson to parse json data from the network. The rapidjson parser use...