DEBIAN-CVE-2025-38272

In the Linux kernel, the following vulnerability has been resolved: net: dsa: b53: do not enable EEE on bcm63xx BCM63xx internal switches do not support EEE, but provide multiple RGMII ports where external PHYs may be connected. If one of these PHYs are EEE capable, we may try to enable EEE for t...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel, which stems from an EEE support issue in b53 that could cause the system to hang...

CVE-2025-43880

Inefficient regular expression complexity issue exists in GROWI prior to v7.1.6. If exploited, a logged-in user may cause a denial of service DoS condition...

CVE-2025-49597

handcraftedinthealps goodby-csv is a highly memory efficient, flexible and extendable open-source CSV import/export library. Prior to 1.4.3, goodby-csv could be used as part of a chain of methods that is exploitable when an insecure deserialization vulnerability exists in an application. This...

[SECURITY] Fedora 41 Update: aerc-0.20.1-2.fc41

Aerc is an email client that runs in your terminal. It is highly efficient and extensible, perfect for the discerning hacker...

[SECURITY] Fedora 42 Update: aerc-0.20.1-3.fc42

Aerc is an email client that runs in your terminal. It is highly efficient and extensible, perfect for the discerning hacker...

CVE-2025-49597

handcraftedinthealps goodby-csv is a highly memory efficient, flexible and extendable open-source CSV import/export library. Prior to 1.4.3, goodby-csv could be used as part of a chain of methods that is exploitable when an insecure deserialization vulnerability exists in an application. This...

CVE-2025-49597

The CVE-2025-49597 entry concerns handcraftedinthealps/goodby-csv prior to version 1.4.3. It describes an insecure deserialization gadget chain that, if an application deserializes untrusted data due to another vulnerability, could be leveraged to achieve remote code execution. The issue is patch...

CVE-2025-5891

A vulnerability classified as problematic was found in Unitech pm2 up to 6.0.6. This vulnerability affects unknown code of the file /lib/tools/Config.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely. The exploit has been disclosed to th...

IF-GUIDE: Influence Function-Guided Detoxification of LLMs

We study how training data contributes to the emergence of toxic behaviors in large-language models. Most prior work on reducing model toxicity adopts $reactive$ approaches, such as fine-tuning pre-trained and potentially toxic models to align them with human values. In contrast, we propose a...

PT-2025-28992

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains an issue within the networking subsystem, specifically related to the b53 driver for Broadcom BCM63xx switches. The driver attempts to enable Energy Efficient...

Blockchain Powered Edge Intelligence for U-Healthcare in Privacy Critical and Time Sensitive Environment

Edge Intelligence EI serves as a critical enabler for privacy-preserving systems by providing AI-empowered computation and distributed caching services at the edge, thereby minimizing latency and enhancing data privacy. The integration of blockchain technology further augments EI frameworks by...

Heterogeneous Graph Backdoor Attack

Heterogeneous Graph Neural Networks HGNNs excel in modeling complex, multi-typed relationships across diverse domains, yet their vulnerability to backdoor attacks remains unexplored. To address this gap, we conduct the first investigation into the susceptibility of HGNNs to existing graph backdoo...

[SECURITY] Fedora 41 Update: mozilla-ublock-origin-1.64.0-1.fc41

An efficient blocker: easy on memory and CPU footprint, and yet can load and enforce thousands more filters than other popular blockers out there. Flexible, it's more than an "ad blocker": it can also read and create filters from hosts files...

Permissioned LLMs: Enforcing Access Control in Large Language Models

In enterprise settings, organizational data is segregated, siloed and carefully protected by elaborate access control frameworks. These access control structures can completely break down if an LLM fine-tuned on the siloed data serves requests, for downstream tasks, from individuals with disparat...

gstreamer1-plugins-bad-free: mingw-gstreamer1-plugins-bad-free: GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

A flaw was found in GStreamer H265 Codec Parsing gstreamer1-plugins-bad-free. This vulnerability allows remote attackers to execute arbitrary code by parsing H265 slice headers...

Grassroots Consensus

Grassroots platforms aim to offer an egalitarian alternative to global platforms -- centralized/autocratic and decentralized/plutocratic alike. Within the grassroots architecture, consensus is needed to realize platforms that employ digital social contracts, which are like smart contracts except...

[SECURITY] Fedora 41 Update: zsync-0.6.2-3.fc41

zsync is a file transfer program. It allows you to download a file from a remote server, where you have a copy of an older version of the file on your computer already. zsync downloads only the new parts of the file. It uses the same algorithm as rsync. However, where rsync is designed for...

[SECURITY] Fedora 42 Update: zsync-0.6.2-3.fc42

zsync is a file transfer program. It allows you to download a file from a remote server, where you have a copy of an older version of the file on your computer already. zsync downloads only the new parts of the file. It uses the same algorithm as rsync. However, where rsync is designed for...

CVE-2006-5924

Cross-site scripting XSS vulnerability in index.php in Efficient IP iPmanager IPm 2.3 allows remote attackers to inject arbitrary web script or HTML via the errmsg parameter. NOTE: the provenance of this information is unknown; details are obtained from third party sources...