378 matches found
EUVD-2014-2282
Malware in sbrugna...
EUVD-2025-20213
Malicious code in bioql PyPI...
EUVD-2022-49886
Malicious code in bioql PyPI...
CVE-2025-54291 Project existence disclosure in LXD images API
Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remote attackers to determine project existence via differing HTTP status code responses...
CVE-2025-54291 Project existence disclosure in LXD images API
Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remote attackers to determine project existence via differing HTTP status code responses...
Semantic-Aware Fuzzing: an Empirical Framework for LLM-Guided, Reasoning-Driven Input Mutation
Security vulnerabilities in Internet-of-Things devices, mobile platforms, and autonomous systems remain critical. Traditional mutation-based fuzzers -- while effectively explore code paths -- primarily perform byte- or bit-level edits without semantic reasoning. Coverage-guided tools such as AFL+...
Age verification and parental controls coming to ChatGPT to protect teens
OpenAI is going to try and predict the ages of its users to protect them better, as stories of AI-induced harms in children mount. The company, which runs the popular ChatGPT AI, is working on what it calls a long-term system to determine whether users are over 18. If it can't verify that a user ...
CVE-2025-9824 User Enumeration via Response Timing
ImpactThe attacker can validate if a user exists by checking the time login returns. This timing difference can be used to enumerate valid usernames, after which an attacker could attempt brute force attacks. PatchesThis vulnerability has been patched, implementing a timing-safe form login...
Linux Distros Unpatched Vulnerability : CVE-2017-15575
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Redmine before 3.2.6 and 3.3.x before 3.3.3, Redmine.pm lacks a check for whether the Repository module is enabled in a project's settings, which might allow...
Linux Distros Unpatched Vulnerability : CVE-2016-7438
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The C software implementation of ECC in wolfSSL formerly CyaSSL before 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit...
Linux Distros Unpatched Vulnerability : CVE-2019-16394
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password-reminder page depending on whether an e-mail address exists, which...
Linux Distros Unpatched Vulnerability : CVE-2023-5981
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct...
Conflicting Scores, Confusing Signals: an Empirical Study of Vulnerability Scoring Systems
Accurately assessing software vulnerabilities is essential for effective prioritization and remediation. While various scoring systems exist to support this task, their differing goals, methodologies and outputs often lead to inconsistent prioritization decisions. This work provides the first...
BIT-LIBPYTHON-2025-0938 URL parser allowed square brackets in domain names
The Python standard library functions urllib.parse.urlsplit and urlparse accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in...
CVE-2025-54999
CVE-2025-54999 affects OpenBao (versions 0.1.0–2.3.1) via the userpass authentication method, enabling user enumeration due to timing differences between non-existent users and those with credentials. This timing side-channel is independent of credential validity. The issue is fixed in version 2....
CVE-2025-54368 uv is vulnerable to ZIP payload obfuscation through parsing differentials
uv is a Python package and project manager written in Rust. In versions 0.8.5 and earlier, remote ZIP archives were handled in a streamwise fashion, and file entries were not reconciled against the archive's central directory. An attacker could contrive a ZIP archive that would extract with...
GHSA-8QF3-X8V5-2PJ8 uv allows ZIP payload obfuscation through parsing differentials
Impact In versions 0.8.5 and earlier of uv, remote ZIP archives were handled in a streamwise fashion, and file entries were not reconciled against the archive's central directory. This enabled two parser differentials against other Python package installers: 1. An attacker could contrive a ZIP...
Frame-Level Temporal Difference Learning for Partial Deepfake Speech Detection
Detecting partial deepfake speech is essential due to its potential for subtle misinformation. However, existing methods depend on costly frame-level annotations during training, limiting real-world scalability. Also, they focus on detecting transition artifacts between bonafide and deepfake...
Weakest Link in the Chain: Security Vulnerabilities in Advanced Reasoning Models
The introduction of advanced reasoning capabilities have improved the problem-solving performance of large language models, particularly on math and coding benchmarks. However, it remains unclear whether these reasoning models are more or less vulnerable to adversarial prompt attacks than their...
Navigating Cookie Consent Violations across the Globe
Online services provide users with cookie banners to accept/reject the cookies placed on their web browsers. Despite the increased adoption of cookie banners, little has been done to ensure that cookie consent is compliant with privacy laws around the globe. Prior studies have found that cookies...