CVE-2025-14618

The Sweet Energy Efficiency plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on the 'sweetenergyefficiencyaction' AJAX handler in all versions up to, and including, 1.0.6. This makes it possible for authenticated attackers...

Basecamp: Link unfurling calls out to arbitrary URLs and the private-network guard misses link-local addresses

A vulnerability was discovered in the application that allowed authenticated users to supply a URL that the server would fetch for OpenGraph data. The "private network" guard only blocked certain IP ranges, but ignored link-local addresses, enabling server-side requests to be made to those hosts...

EUVD-2024-45934

Malicious code in bioql PyPI...

CVE-2025-52581

An integer overflow vulnerability exists in the GDF parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch 35a819fa. A specially crafted GDF file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2025-52581

An integer overflow vulnerability exists in the GDF parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch 35a819fa. A specially crafted GDF file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2025-52581

CVE-2025-52581 describes an integer overflow in the GDF parsing functionality of The Biosig Project’s libbiosig 3.9.0 and Master Branch (commit 35a819fa). A specially crafted GDF file can trigger code execution on vulnerable systems. The vulnerability affects the GDF parsing path within libbiosig...

The Biosig Project libbiosig GDF parsing integer overflow to heap-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2025-2233 The Biosig Project libbiosig GDF parsing integer overflow to heap-based buffer overflow vulnerability August 25, 2025 CVE Number CVE-2025-52581 SUMMARY An integer overflow vulnerability exists in the GDF parsing functionality of The Biosig Project...

Benchmarking Fraud Detectors on Private Graph Data

We introduce the novel problem of benchmarking fraud detectors on private graph-structured data. Currently, many types of fraud are managed in part by automated detection algorithms that operate over graphs. We consider the scenario where a data holder wishes to outsource development of fraud...

Practical Bayes-Optimal Membership Inference Attacks

We develop practical and theoretically grounded membership inference attacks MIAs against both independent and identically distributed i.i.d. data and graph-structured data. Building on the Bayesian decision-theoretic framework of Sablayrolles et al., we derive the Bayes-optimal membership...

CVE-2024-52520

Nextcloud Server is a self hosted personal cloud system. Due to a pre-flighted HEAD request, the link reference provider could be tricked into downloading bigger websites than intended, to find open-graph data. It is recommended that the Nextcloud Server is upgraded to 28.0.10 or 29.0.7 and...

PT-2025-34624 · Libbiosig +1 · Libbiosig +1

Name of the Vulnerable Software and Affected Versions: libbiosig versions 3.9.0 and Master Branch 35a819fa Description: An integer overflow vulnerability exists in the GDF parsing functionality. A specially crafted GDF file can lead to arbitrary code execution. An attacker can provide a malicious...

Nextcloud Resource Management Error Vulnerability

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. Nextcloud suffers from a resource management error vulnerability that stems from the fact that due to a pre-sent HEAD request, the link reference provider...

Nextcloud 资源管理错误漏洞

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. Nextcloud suffers from a resource management error vulnerability that stems from the fact that due to a pre-sent HEAD request, the link reference provider...

PT-2024-9154 · Nextcloud +1 · Nextcloud Enterprise Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 28.0.10 Nextcloud Server versions prior to 29.0.7 Nextcloud Enterprise Server versions prior to 27.1.11.8 Nextcloud Enterprise Server versions prior to 28.0.10 Nextcloud Enterprise Server versions prior to...

CVE-2024-0253

ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in home Graph-Data...

CVE-2024-0253

ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in home Graph-Data...

CVE-2024-0253

CVE-2024-0253 affects ManageEngine ADAudit Plus versions 7270 and below, due to an Authenticated SQL injection in the home Graph-Data component. The issue is addressed by upgrading to a version above 7270 (e.g., 7271+ as referenced by multiple sources). No exploit details are provided in the supp...

CVE-2024-0253 SQL Injection

ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in home Graph-Data...

PT-2024-15413 · Manageengine · Zoho Manageengine Adaudit Plus

Name of the Vulnerable Software and Affected Versions: ManageEngine ADAudit Plus versions 7270 and below Description: The issue is related to an Authenticated SQL injection in the home Graph-Data of ManageEngine ADAudit Plus. Recommendations: For ManageEngine ADAudit Plus versions 7270 and below,...

[SECURITY] Fedora 39 Update: cacti-1.2.25-1.fc39

Cacti is a complete frontend to RRDTool. It stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven...