536 matches found
CVE-2025-50101
...
CVE-2025-50097
...
CVE-2025-50092
...
CVE-2025-50086
...
CVE-2025-30756
The CVE-2025-30756 entry concerns Oracle REST Data Services (ORDS) version 24.2.0. Aware from the PT-2025-29607 entry, an easily exploitable issue allows an unauthenticated attacker with network access via HTTP to compromise ORDS; exploitation requires human interaction from a user other than the...
CVE-2025-30752
CVE-2025-30752 affects Oracle Java SE and Oracle GraalVM for JDK 24.0.1 (Compiler component). The vulnerability allows unauthenticated network access to cause a partial denial of service (Availability impact: LOW) in Java deployments that run untrusted code in sandboxed environments. Affects clie...
CVE-2025-30746
The CVE-2025-30746 entry concerns Oracle E-Business Suite’s Oracle iStore Shopping Cart (versions 12.2.3–12.2.14). The vulnerability allows an unauthenticated, network-accessible attacker over HTTP to compromise iStore, requiring user interaction. Impact includes unauthorized update/insert/delete...
CVE-2025-30739
...
CVE-2025-50130
creationtimestamp| type| source ---|---|--- 2025-07-08 14:05:13+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114817991499817295...
CVE-2025-38215
In the Linux kernel, the following vulnerability has been resolved: fbdev: Fix doregisterframebuffer to prevent null-ptr-deref in fbvideomodetovar If fbaddvideomode in doregisterframebuffer fails to allocate memory for fbvideomode, it will later lead to a null-ptr dereference in fbvideomodetovar,...
CVE-2025-34075
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Initially assigned to document an issues that allows guest VM to modify the host’s Vagrantfile via default synced folder, leading to host-side code execution. Rejected as CVE due to documented, intended...
CVE-2025-34075
...
CGA-JWM7-VRFQ-MHFF
Bulletin has no description...
A Common Pool of Privacy Problems: Legal and Technical Lessons from a Large-Scale Web-Scraped Machine Learning Dataset
We investigate the contents of web-scraped data for training AI systems, at sizes where human dataset curators and compilers no longer manually annotate every sample. Building off of prior privacy concerns in machine learning models, we ask: What are the legal privacy implications of web-scraped...
CVE-2022-49998
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix locking in rxrpc's sendmsg Fix three bugs in the rxrpc's sendmsg implementation: 1 rxrpcnewclientcall should release the socket lock when returning an error from rxrpcgetcallslot. 2 rxrpcwaitfortxwindowintr will return...
CVE-2022-49986
In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Remove WQMEMRECLAIM from storvscerrorwq storvscerrorwq workqueue should not be marked as WQMEMRECLAIM as it doesn't need to make forward progress under memory pressure. Marking this workqueue as WQMEMRECLAIM may...
CVE-2022-50214
In the Linux kernel, the following vulnerability has been resolved: coresight: Clear the connection field properly coresight devices track their connections output connections and hold a reference to the fwnode. When a device goes away, we walk through the devices on the coresight bus and make su...
LLMail-Inject: a Dataset from a Realistic Adaptive Prompt Injection Challenge
Indirect Prompt Injection attacks exploit the inherent limitation of Large Language Models LLMs to distinguish between instructions and data in their inputs. Despite numerous defense proposals, the systematic evaluation against adaptive adversaries remains limited, even when successful attacks ca...
5 Things Security Leaders Need to Know About Agentic AI
From writing assistance to intelligent summarization, generative AI has already transformed the way businesses work. But we’re now entering a new phase where AI doesn’t just generate content, but takes independent action on our behalf. This next evolution is called ‘agentic AI’, and it’s moving...
MINI-QJ29-FHJV-HW3G
Bulletin has no description...