node-forge 安全漏洞

node-forge is a software application. A WebJar for node-forge. A security vulnerability exists in node-forge 1.3.1 and earlier versions, which stems from uncontrolled recursion and could lead to a denial of service triggered by a remote, unauthenticated attacker via a deep ASN.1 structure...

PT-2025-48202

Name of the Vulnerable Software and Affected Versions node-forge versions 1.3.1 and below Description An uncontrolled recursion issue exists in node-forge, a native implementation of Transport Layer Security in JavaScript. The issue allows remote, unauthenticated attackers to create complex ASN.1...

@cycle-mega-driver/database (>=0.2.1 <=0.3.2), @fluidnotions/rx-pouch (>=0.6.7 <=0.6.8) +2 more potentially affected by unknown CVE via flatten-unflatten (=1.0.0)

flatten-unflatten NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on flatten-unflatten and may be impacted: - @cycle-mega-driver/database =0.2.1, =0.6.7, =1.0.0, =0.3.0, =0.6.9 Source cves: unknown CVE Source advisory: OSV:MAL-2025-1910...

@cycle-mega-driver/database (>=0.2.1 <=0.3.2), @fluidnotions/rx-pouch (>=0.6.7 <=0.6.8) +3 more potentially affected by unknown CVE via set-nested-prop (=2.0.0)

set-nested-prop NPM version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on set-nested-prop and may be impacted: - @cycle-mega-driver/database =0.2.1, =0.6.7, =1.0.0, =0.3.0, =0.6.9 Source cves: unknown CVE Source advisory: OSV:MAL-2025-191010...

@cycle-mega-driver/database (>=0.2.1 <=0.3.2), @fluidnotions/rx-pouch (>=0.6.7 <=0.6.8) +2 more potentially affected by unknown CVE via flatten-unflatten (=1.0.0)

flatten-unflatten NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on flatten-unflatten and may be impacted: - @cycle-mega-driver/database =0.2.1, =0.6.7, =1.0.0, =0.3.0, =0.6.9 Source cves: unknown CVE Source advisory:...

A Novel and Practical Universal Adversarial Perturbations against Deep Reinforcement Learning Based Intrusion Detection Systems

Intrusion Detection Systems IDS play a vital role in defending modern cyber physical systems against increasingly sophisticated cyber threats. Deep Reinforcement Learning-based IDS, have shown promise due to their adaptive and generalization capabilities. However, recent studies reveal their...

Systematically Deconstructing APVD Steganography and Its Payload with a Unified Deep Learning Paradigm

In the era of digital communication, steganography allows covert embedding of data within media files. Adaptive Pixel Value Differencing APVD is a steganographic method valued for its high embedding capacity and invisibility, posing challenges for traditional steganalysis. This paper proposes a...

TencentOS Server 3: nodejs:20 (TSSA-2024:0765)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0765 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

RampoNN: A Reachability-Guided System Falsification for Efficient Cyber-Kinetic Vulnerability Detection

Detecting kinetic vulnerabilities in Cyber-Physical Systems CPS, vulnerabilities in control code that can precipitate hazardous physical consequences, is a critical challenge. This task is complicated by the need to analyze the intricate coupling between complex software behavior and the system's...

Exploring AI in Steganography and Steganalysis: Trends, Clusters, and Sustainable Development Potential

Steganography and steganalysis are strongly related subjects of information security. Over the past decade, many powerful and efficient artificial intelligence AI - driven techniques have been designed and presented during research into steganography as well as steganalysis. This study presents a...

Security Bulletin: Security vulnerability affect IBM Business Automation Workflow - CVE-2025-52999

Summary IBM Business Automation Workflow Case documentation in before 25.0.0 built upon a version of DITA, which packages a vulnerable copy of jackson-core. Vulnerability Details CVEID:CVE-2025-52999 DESCRIPTION: jackson-core contains core low-level incremental "streaming" parser and generator...

Adaptive Intrusion Detection for Evolving RPL IoT Attacks Using Incremental Learning

The routing protocol for low-power and lossy networks RPL has become the de facto routing standard for resource-constrained IoT systems, but its lightweight design exposes critical vulnerabilities to a wide range of routing-layer attacks such as hello flood, decreased rank, and version number...

Siemens SIMATIC S7-1500 Uncontrolled Resource Consumption (CVE-2022-25313)

In Expat aka libexpat before 2.4.5, an attacker can trigger stack exhaustion in buildmodel via a large nesting depth in the DTD element. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

EUVD-2025-100121

Malicious code in deepmousez3n npm...

Malicious code in deep_mouse_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8b27ddd39a385a54c537ff3bf355d61713507d1d7b87755de26dc828ab3625a8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-77142

Malicious code in deepdragonfly-apptea npm...

Malicious code in deep_cicada_0xrequest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9ae6b14165d16889ff6bcc1f138693e1ff909f8be81118c345645660eefe90a9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-86640

Malicious code in deepparakeetz3n npm...

Malicious code in deep_moth_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3f354db9a6cc466cec0c7181b13efe583d5f7bd8fcbca695bcda293450074ace This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-84331 Malicious code in deep_moth_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3f354db9a6cc466cec0c7181b13efe583d5f7bd8fcbca695bcda293450074ace This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...