Exploit for CVE-2024-28397

CVE-2024-28397 js2py Sandbox Escape Exploit A collection of e...

Denial of Service (DoS)

Overview com.liferay:com.liferay.portal.vulcan.impl is a Liferay Portal Vulcan Implementation Affected versions of this package are vulnerable to Denial of Service DoS in the GraphQL process. An attacker can exhaust system resources by executing queries that return a large number of objects...

CVE-2025-59058 httpsig-rs's HMAC verification is vulnerable to timing attack

httpsig-rs is a Rust implementation of IETF RFC 9421 http message signatures. Prior to version 0.0.19, the HMAC signature comparison is not timing-safe. This makes anyone who uses HS256 signature verification vulnerable to a timing attack that allows the attacker to forge a signature. Version...

[SECURITY] Fedora 41 Update: rust-busd-0.3.1-4.fc41

A D-Bus bus broker implementation...

CVE-2025-10201

Inappropriate implementation in Mojo in Google Chrome on Android, Linux, ChromeOS prior to 140.0.7339.127 allowed a remote attacker to bypass site isolation via a crafted HTML page. Chromium security severity: High...

CVE-2025-10201

Inappropriate implementation in Mojo in Google Chrome on Android, Linux, ChromeOS prior to 140.0.7339.127 allowed a remote attacker to bypass site isolation via a crafted HTML page. Chromium security severity: High...

Timing Attack

Overview com.liferay:com.liferay.portal.vulcan.impl is a Liferay Portal Vulcan Implementation Affected versions of this package are vulnerable to Timing Attack via the WorkflowException error messages. An attacker can infer the existence of ERC by measuring differences in response times...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 2 security fixes: 440454442 Critical CVE-2025-10200: Use after free in Serviceworker. Reported by Looben Yang on 2025-08-22 439305148 High CVE-2025-10201: Inappropriate implementation in Mojo. Reported by Sahan Fernando & Anon on 2025-08-18...

Google Android Protocol Implementation Incorrect Vulnerability

Google Android is a free and open source mobile operating system based on the Linux kernel, developed by Google Inc. and the Open Handset Alliance, and is mainly used for smartphones, tablets and other devices. Google Android suffers from an incorrect protocol implementation vulnerability that ca...

CVE-2025-55238

Dynamics 365 FastTrack Implementation Assets Information Disclosure Vulnerability...

CVE-2025-26452

In loadDrawableForCookie of ResourcesImpl.java, there is a possible way to access task snapshots of other apps due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

Chromium: CVE-2025-9867 Inappropriate implementation in Downloads

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2025-9866 Inappropriate implementation in Extensions

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Behind the Mask: Benchmarking Camouflaged Jailbreaks in Large Language Models

Large Language Models LLMs are increasingly vulnerable to a sophisticated form of adversarial prompting known as camouflaged jailbreaking. This method embeds malicious intent within seemingly benign language to evade existing safety mechanisms. Unlike overt attacks, these subtle prompts exploit...

CVE-2025-58359 frost-core: refresh shares with smaller min_signers will reduce group security

ZF FROST is a Rust implementation of FROST Flexible Round-Optimised Schnorr Threshold signatures. In versions 2.0.0 through 2.1.0, refresh shares with smaller minsigners will reduce security of group. The inability to change minsigners i.e. the threshold with the refresh share functionality...

CVE-2025-55238 Dynamics 365 FastTrack Implementation Assets Information Disclosure Vulnerability

...

CVE-2025-55238 Dynamics 365 FastTrack Implementation Assets Information Disclosure Vulnerability

...

CVE-2025-55238

CVE-2025-55238 affects Microsoft Dynamics 365 FastTrack Implementation Assets. The connected sources describe an information disclosure vulnerability arising from an access control error, enabling leakage of asset information. No concrete exploit details, affected version ranges, or remediation/f...

CVE-2025-26452

In loadDrawableForCookie of ResourcesImpl.java, there is a possible way to access task snapshots of other apps due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-26438

In smpprocesssecureconnectionoobdata of smpact.cc, there is a possible way to bypass SMP authentication due to Incorrect implementation of a protocol. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...