CVE-2025-11915 HTTP Desynchronisation in Vertex AI for certain third-party models

Connection desynchronization between an HTTP proxy and the model backend. The fixes were rolled out for all proxies in front of impacted models by 2025-09-28. Users do not need to take any action...

PT-2025-43062

Name of the Vulnerable Software and Affected Versions versions prior to 2025-09-28 Description A desynchronization issue exists between an HTTP proxy and the model backend. This affects communication within the model backend. Approximately 10,000 devices worldwide are potentially affected. The...

CVE-2025-62518

Vulnerability CVE-2025-62518 affects astral-tokio-tar

CVE-2025-62518 astral-tokio-tar Vulnerable to PAX Header Desynchronization

astral-tokio-tar is a tar archive reading/writing library for async Rust. Versions of astral-tokio-tar prior to 0.5.6 contain a boundary parsing vulnerability that allows attackers to smuggle additional archive entries by exploiting inconsistent PAX/ustar header handling. When processing archives...

CVE-2025-62518 astral-tokio-tar Vulnerable to PAX Header Desynchronization

astral-tokio-tar is a tar archive reading/writing library for async Rust. Versions of astral-tokio-tar prior to 0.5.6 contain a boundary parsing vulnerability that allows attackers to smuggle additional archive entries by exploiting inconsistent PAX/ustar header handling. When processing archives...

astral-tokio-tar Vulnerable to PAX Header Desynchronization

Summary Versions of astral-tokio-tar prior to 0.5.6 contain a boundary parsing vulnerability that allows attackers to smuggle additional archive entries by exploiting inconsistent PAX/ustar header handling. When processing archives with PAX-extended headers containing size overrides, the parser...

GHSA-J5GW-2VRG-8FGX astral-tokio-tar Vulnerable to PAX Header Desynchronization

Summary Versions of astral-tokio-tar prior to 0.5.6 contain a boundary parsing vulnerability that allows attackers to smuggle additional archive entries by exploiting inconsistent PAX/ustar header handling. When processing archives with PAX-extended headers containing size overrides, the parser...

RUSTSEC-2025-0110 astral-tokio-tar Vulnerable to PAX Header Desynchronization

Versions of astral-tokio-tar prior to 0.5.6 contain a boundary parsing vulnerability that allows attackers to smuggle additional archive entries by exploiting inconsistent PAX/ustar header handling. When processing archives with PAX-extended headers containing size overrides, the parser incorrect...

EUVD-2019-19216

Malware in sbrugna...

Unity Linux 20.1070e Security Update: varnish (UTSA-2025-684696)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-684696 advisory. Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client- side desync via HTTP/1 requests, because the product...

Unity Linux 20.1070e Security Update: httpd (UTSA-2025-987456)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987456 advisory. In some modssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker to hijack an HTT...

EUVD-2023-2030

Malicious code in bioql PyPI...

EUVD-2024-20834

Malicious code in bioql PyPI...

EUVD-2023-33089

Malicious code in bioql PyPI...

EUVD-2025-26799

Malicious code in bioql PyPI...

httpd: HTTP Session Hijack via a TLS upgrade

An HTTP session hijacking flaw was found in Apache httpd. In some modssl configurations on Apache HTTP Server, an HTTP desynchronization attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade...

httpd: HTTP Session Hijack via a TLS upgrade

An HTTP session hijacking flaw was found in Apache httpd. In some modssl configurations on Apache HTTP Server, an HTTP desynchronization attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade...

httpd: HTTP Session Hijack via a TLS upgrade

An HTTP session hijacking flaw was found in Apache httpd. In some modssl configurations on Apache HTTP Server, an HTTP desynchronization attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade...

Microsoft Windows Defender Application Control 安全漏洞

Microsoft Windows Defender Application Control WDAC is a security tool from Microsoft Corporation USA that restricts the operation of programs at the software level by configuring policies to reduce the scope of what hackers can attack. A security vulnerability exists in Microsoft Windows Defende...

CVE-2025-48556

In multiple methods of NotificationChannel.java, there is a possible desynchronization from persistence due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...