536 matches found
EUVD-2023-40747
Malicious code in bioql PyPI...
EUVD-2025-12677
Malicious code in bioql PyPI...
EUVD-2021-8877
Malicious code in bioql PyPI...
EUVD-2023-39301
Malicious code in bioql PyPI...
EUVD-2025-19756
Malicious code in bioql PyPI...
From Protest to Power Plant: Interpreting the Role of Escalatory Hacktivism in Cyber Conflict
Since 2022, hacktivist groups have escalated their tactics, expanding from distributed denial-of-service attacks and document leaks to include targeting operational technology OT. By 2024, attacks on the OT of critical national infrastructure CNI had been linked to partisan hacktivist efforts in...
GHSA-378X-6P4F-8JGM SKOPS Card.get_model happily allows arbitrary code execution
Summary The Card class of skops, used for model documentation and sharing, allows arbitrary code execution. When a file other than .zip is provided to the Card class during instantiation, the internally invoked Card.getmodel method silently falls back to joblib without warning. Unlike the .skops...
CVE-2025-8576
Use after free in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. Chromium security severity: Medium...
CVE-2025-53786
On April 18th 2025, Microsoft announced Exchange Server Security Changes for Hybrid Deployments and accompanying non-security Hot Fix. Microsoft made these changes in the general interest of improving the security of hybrid Exchange deployments. Following further investigation, Microsoft identifi...
Smart Car Privacy: Survey of Attacks and Privacy Issues
Automobiles are becoming increasingly important in our day to day life. Modern automobiles are highly computerized and hence potentially vulnerable to attack. Providing many wireless connectivity for vehicles enables a bridge between vehicles and their external environments. Such a connected...
MINI-7FR6-F5Q4-49WR
Bulletin has no description...
PT-2025-31512 · Apache · Apache Http Server
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The Apache HTTP Server is susceptible to a Cross-Site Request Forgery issue. Recommendations: At the moment, there is no information about a newer version that contains a fix for...
Wiz Research Uncovers Critical Vulnerability in AI Vibe Coding platform Base44 Allowing Unauthorized Access to Private Applications
New discovery underscores security implications of AI-powered development and the rise of Vibe Coding Platforms...
CVE-2025-38401
In the Linux kernel, the following vulnerability has been resolved: mtk-sd: Prevent memory corruption from DMA map failure If msdcpreparedata fails to map the DMA region, the request is not prepared for data receiving, but msdcstartdata proceeds the DMA with previous setting. Since this will lead...
CVE-2025-38368
In the Linux kernel, the following vulnerability has been resolved: misc: tps6594-pfsm: Add NULL pointer check in tps6594pfsmprobe The returned value, pfsm-miscdev.name, from devmkasprintf could be NULL. A pointer check is added to prevent potential NULL pointer dereference. This is similar to th...
CVE-2025-38366
In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Check validity of "numcpu" from user space The maximum supported cpu number is EIOINTCROUTEMAXVCPUS about irqchip EIOINTC, here add validation about cpu number to avoid array pointer overflow...
Subliminal Learning in AIs
Today's freaky LLM behavior: We study subliminal learning, a surprising phenomenon where language models learn traits from model-generated data that is semantically unrelated to those traits. For example, a "student" model learns to prefer owls when trained on sequences of numbers generated by a...
curl: on the implications of permitting procedural culling
Good day. My name is Lorentso Youriévitch Bogdanov. It has come to my attention that you are in need of higher-quality code review. Rest assured that you are not alone in noticing a certain degree of brain-drain in this field. As you can perhaps imagine, the recent shortage of qualified hackers a...
CVE-2025-6391
Brocade ASCG before 3.3.0 logs JSON Web Tokens JWT in log files. An attacker with access to the log files can withdraw the unencrypted tokens with security implications, such as unauthorized access, session hijacking, and information disclosure...
NVIDIAScape - Critical NVIDIA AI Vulnerability: A Three-Line Container Escape in NVIDIA Container Toolkit (CVE-2025-23266)
New critical vulnerability with 9.0 CVSS presents systemic risk to the AI ecosystem, carries widespread implications for AI infrastructure...