96 matches found
Malicious code in tailwind-variables (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 50a9b7a9c02e83e0b4145dc9caaa9d04b407a199ae5d54b9f544f91397980966 The package tailwind-variables was found to contain malicious code. Source: ghsa-malware...
CVE-2025-12058 Vulnerability in Keras Model.load_model Leading to Arbitrary Local File Loading and SSRF
The Keras.Model.loadmodel method, including when executed with the intended security mitigation safemode=True, is vulnerable to arbitrary local file loading and Server-Side Request Forgery SSRF. This vulnerability stems from the way the StringLookup layer is handled during model loading from a...
PT-2025-44268
Name of the Vulnerable Software and Affected Versions Keras affected versions not specified Description The Keras Model.load model method is susceptible to arbitrary local file loading and Server-Side Request Forgery SSRF, even when safe mode=True is enabled. This issue arises from the handling o...
EUVD-2025-21893
Malicious code in bioql PyPI...
EUVD-2023-50456
Malicious code in bioql PyPI...
CVE-2025-9983
GALAYOU G2 cameras stream video output via RTSP streams. By default these streams are protected by randomly generated credentials. However these credentials are not required to access the stream. Changing these values does not change camera's behavior. The vendor did not respond in any way. Only...
CVE-2025-9983
The CVE-2025-9983 affects GALAYOU G2 IP cameras, where RTSP streams can be accessed without valid credentials. The issue arises because default credentials are not required to access streams, and changing them does not affect behavior, indicating an authentication bypass in the RTSP service. Affe...
PT-2025-38711
Name of the Vulnerable Software and Affected Versions GALAYOU G2 cameras version 11.100001.01.28 Description GALAYOU G2 cameras stream video output via RTSP streams. By default, these streams are protected by randomly generated credentials, but these credentials are not required to access the...
MAL-2025-47169 Malicious code in @nstudio/xplat (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 428f67f5c50b5dde563748444f509f1f52d4c606edea886a1906b387cf40198a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Linux Distros Unpatched Vulnerability : CVE-2021-3409
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously...
Exploring Cross-Stage Adversarial Transferability in Class-Incremental Continual Learning
Class-incremental continual learning addresses catastrophic forgetting by enabling classification models to preserve knowledge of previously learned classes while acquiring new ones. However, the vulnerability of the models against adversarial attacks during this process has not been investigated...
CVE-2025-53888 RIOT-OS has an ineffective size check that can lead to buffer overflow in link layer address filter /sys/net/link_layer/l2filter/l2filter.c
RIOT-OS, an operating system that supports Internet of Things devices, has an ineffective size check implemented with assert can lead to buffer overflow in versions up to and including 2025.04. Assertions are usually compiled out in production builds. If assertions are the only defense against...
Why Take9 Won’t Improve Cybersecurity
There's a new cybersecurity awareness campaign: Take9. The idea is that people--you, me, everyone--should just pause for nine seconds and think more about the link they are planning to click on, the file they are planning to download, or whatever it is they are planning to share. There's a...
CVE-2024-5208
An uncontrolled resource consumption vulnerability exists in the upload-link endpoint of mintplex-labs/anything-llm. This vulnerability allows attackers to cause a denial of service DOS by shutting down the server through sending invalid upload requests. Specifically, the server can be made to sh...
CVE-2022-41961
BigBlueButton is an open source web conferencing system. Versions prior to 2.4-rc-6 are subject to Ineffective user bans. The attacker could register multiple users, and join the meeting with one of them. When that user is banned, they could still join the meeting with the remaining registered...
Backdoor Attacks against Patch-Based Mixture of Experts
As Deep Neural Networks DNNs continue to require larger amounts of data and computational power, Mixture of Experts MoE models have become a popular choice to reduce computational complexity. This popularity increases the importance of considering the security of MoE architectures. Unfortunately,...
Astra Linux – Vulnerability in bind9
A malicious client can send numerous DNS messages via TCP, potentially causing the server to become unstable during the attack. The server may recover after the attack stops. The use of ACLs will not mitigate this attack. This issue affects BIND 9 versions 9.18.1 through 9.18.27, 9.19.0 through...
Malicious code in nuclei-action (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ff11d1d83d49d09048c99bb1832b42e2e1c9b2eaab16b52b0da3868e73949051 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Spring Security Missing Authorization vulnerability
Missing Authorization When Using @AuthorizeReturnObject in Spring Security 6.3.0 and 6.3.1 allows attacker to render security annotations inaffective...
People-Search Site Removal Services Largely Ineffective
Consumer Reports has a new study of people-search site removal services, concluding that they dont really work: As a whole, people-search removal services are largely ineffective. Private information about each participant on the people-search sites decreased after using the people-search removal...