73 matches found
jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication
A flaw was found in pgjdbc, an open-source PostgreSQL JDBC Driver. A malicious server can exploit this vulnerability by instructing the driver to perform SCRAM-SHA-256 Salted Challenge Response Authentication Mechanism Secure Hash Algorithm 256 authentication with an excessively large iteration...
EUVD-2026-23954
A local attacker who can execute privileged CSR operations or can induce firmware to do so performs carefully crafted reads/writes to menvcfg e.g., csrrs in M-mode. On affected XiangShan versions commit aecf601e803bfd2371667a3fb60bfcd83c333027, 2024-11-19, these menvcfg accesses can unexpectedly...
CVE-2026-34761
Ella Core is a 5G core designed for private networks. Prior to version 1.8.0, Ella Core panics when processing a NGAP handover failure message. An attacker able to cause a gNodeB to send NGAP handover failure messages to Ella Core can crash the process, causing service disruption for all connecte...
Covert Timing Channel
Overview Affected versions of this package are vulnerable to Covert Timing Channel via timing differences in RSA and CBC/ECB decryption operations when the LLVM compiler's select-optimize feature is enabled. An attacker can infer sensitive information, such as cryptographic keys, by analyzing the...
IBM DataPower Gateway 跨站请求伪造漏洞
IBM DataPower Gateway is an enterprise-grade application security gateway that provides API management and traffic control capabilities. A cross-site request forgery vulnerability exists in IBM DataPower Gateway. The vulnerability arises because the system fails to effectively validate the source...
CVE-2025-0029
CVE-2025-0029 describes an AMD SEV-SNP-related vulnerability where improper handling of an error condition during host-induced faults can allow a local, high-privileged attacker to selectively drop guest DMA writes, potentially compromising SEV-SNP guest memory integrity. The issue is rooted in t...
CVE-2025-0029
Improper handling of error condition during host-induced faults can allow a local high-privileged attack to selectively drop guest DMA writes, potentially resulting in a loss of SEV-SNP guest memory integrity...
Exploit for Cross-site Scripting in Exponentcms Exponent_Cms
Synthetic Test Case: CVE-2017-8085 CWE: CWE-79 Origin...
AI Code in the Wild: Measuring Security Risks and Ecosystem Shifts of AI-Generated Code in Modern Software
Large language models LLMs for code generation are becoming integral to modern software development, but their real-world prevalence and security impact remain poorly understood. We present the first large-scale empirical study of AI-generated code AIGCode in the wild. We build a high-precision...
MAL-2025-160142 Malicious code in masako-be-lisa (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 398fe1098bde6f56dc07c7540c143ec5e544478a184bd8e068c6cbabf1eb461b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Linux Distros Unpatched Vulnerability : CVE-2023-53517
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tipc: do not update mtu if msgmax is too small in mtu negotiation When doing link mtu negotiation, a malicious peer may send Activate msg with a very small mtu,...
EUVD-2024-42704
Malicious code in bioql PyPI...
EUVD-2025-29160
Malicious code in bioql PyPI...
Unspecified vulnerability in curl (CNVD-2025-21413)
curl is cURL open source a tool for transferring data from or to the server . There is a security vulnerability in curl that can be exploited by attackers that may cause malicious server-induced traffic to be mistaken for real HTTP traffic by proxy servers, thereby polluting their caches...
CVE-2025-41713
During a short time frame while the device is booting an unauthenticated remote attacker can send traffic to unauthorized networks due to the switch operating in an undefined state until a CPU-induced reset allows proper configuration...
CVE-2025-41713 WAGO: Vulnerability in hardware switch circuit
During a short time frame while the device is booting an unauthenticated remote attacker can send traffic to unauthorized networks due to the switch operating in an undefined state until a CPU-induced reset allows proper configuration...
CVE-2025-41713 WAGO: Vulnerability in hardware switch circuit
During a short time frame while the device is booting an unauthenticated remote attacker can send traffic to unauthorized networks due to the switch operating in an undefined state until a CPU-induced reset allows proper configuration...
CVE-2025-41713
CVE-2025-41713 refers to a vulnerability in WAGO hardware switches where, during boot, the switch may operate in an undefined state. This can allow an unauthenticated remote attacker to forward traffic to networks that should be unauthorized until a CPU-induced reset reconfigures the device. Affe...
curl 安全漏洞
curl is cURL open source a tool for transferring data from or to the server . There is a security vulnerability in curl that can be exploited by attackers that may cause malicious server-induced traffic to be mistaken for real HTTP traffic by proxy servers, thereby polluting their caches...
CVE-2025-3892
CVE-2025-3892 concerns Axis devices running ACAP; the issue allows elevated privileges when an Axis device is configured to allow unsigned ACAP applications and a malicious ACAP app is installed after user trickery. The CVSS details indicate LOCAL exploitation with HIGH privileges required, high ...