DataHub 信任管理问题漏洞

DataHub is a metadata platform for a modern data stack, open-sourced by the datahub-project. Versions of DataHub prior to 1.3.1.8 contained a vulnerability related to trust management. This vulnerability stemmed from the LDAP intake source being vulnerable to man-in-the-middle attacks carried out...

EUVD-2025-198527

Improper input validation in the TLS 1.3 CertificateVerify signature algorithm negotiation in wolfSSL 5.8.2 and earlier on multiple platforms allows for downgrading the signature algorithm used. For example when a client sends ECDSA P521 as the supported signature algorithm the server previously...

EUVD-2012-6125

Malware in sbrugna...

EUVD-2023-25284

Malicious code in bioql PyPI...

EUVD-2023-58760

Malicious code in bioql PyPI...

CVE-2025-57902

Cross-Site Request Forgery CSRF vulnerability in Md Taufiqur Rahman RIS Version Switcher – Downgrade or Upgrade WP Versions Easily ris-version-switcher allows Cross Site Request Forgery.This issue affects RIS Version Switcher – Downgrade or Upgrade WP Versions Easily: from n/a through = 1.0...

CVE-2025-54596

Abnormal Security /v1.0/rbac/usersv2/USERID/ before 2025-02-19 allows downgrading the privileges of other user accounts...

CVE-2025-54596

Abnormal Security /v1.0/rbac/usersv2/USERID/ before 2025-02-19 allows downgrading the privileges of other user accounts...

CVE-2025-54596

Abnormal Security /v1.0/rbac/usersv2/USERID/ before 2025-02-19 allows downgrading the privileges of other user accounts...

CVE-2025-54596

Abnormal Security /v1.0/rbac/usersv2/USERID/ before 2025-02-19 allows downgrading the privileges of other user accounts...

PT-2025-30913 · Unknown · Abnormal Security

Name of the Vulnerable Software and Affected Versions: Abnormal Security versions prior to 2025-02-19 Description: The software contains an issue that allows downgrading the privileges of other user accounts. The issue is related to the /v1.0/rbac/users v2/USER ID/ API endpoint, where USER ID is ...

Nonmalleable Progress Leakage

Information-flow control systems often enforce progress-insensitive noninterference, as it is simple to understand and enforce. Unfortunately, real programs need to declassify results and endorse inputs, which noninterference disallows, while preventing attackers from controlling leakage, includi...

An Algebraic Approach to Asymmetric Delegation and Polymorphic Label Inference (Technical Report)

Language-based information flow control IFC enables reasoning about and enforcing security policies in decentralized applications. While information flow properties are relatively extensional and compositional, designing expressive systems that enforce such properties remains challenging. In...

CVE-2024-29153

A vulnerability was discovered in Samsung Mobile Processor, Wearable Processor, and Modems with versions Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos W930, Exynos Modem...

OpenSSL Server-Side ChangeCipherSpec Injection Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Scanner include Msf::Auxiliary::Report CIPHERSUITES = 0xc014,...

DEBIAN-CVE-2024-42281

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a segment issue when downgrading gsosize Linearize the skb when downgrading gsosize because it may trigger a BUGON later when the skb is segmented as described in 1,2...

CVE-2024-29153

A vulnerability was discovered in Samsung Mobile Processor, Wearable Processor, and Modems with versions Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos W930, Exynos Modem...

CVE-2024-29153

A vulnerability was discovered in Samsung Mobile Processor, Wearable Processor, and Modems with versions Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos W930, Exynos Modem...

CVE-2024-29153

A vulnerability was discovered in Samsung Mobile Processor, Wearable Processor, and Modems with versions Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos W930, Exynos Modem...

Security Bulletin: IBM i Access Client Solutions is vulnerable to a remote attacker bypassing integrity checks in Apache Mina SSHD Common (CVE-2023-48795)

Summary IBM i Access Client Solutions is vulnerable to a remote attacker bypassing integrity checks CVE-2023-48795 found in Apache Mina SSHD Common. Apache Mina SSHD Common is used by the Open Source Package Manager feature of IBM i Access Client Solutions when authenticating to the IBM i server...