Lucene search
K

96 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2025/12/16 7:27 a.m.5 views

Malicious code in tailwind-variables (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 50a9b7a9c02e83e0b4145dc9caaa9d04b407a199ae5d54b9f544f91397980966 The package tailwind-variables was found to contain malicious code. Source: ghsa-malware...

6.9AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/29 8:48 a.m.3 views

CVE-2025-12058 Vulnerability in Keras Model.load_model Leading to Arbitrary Local File Loading and SSRF

The Keras.Model.loadmodel method, including when executed with the intended security mitigation safemode=True, is vulnerable to arbitrary local file loading and Server-Side Request Forgery SSRF. This vulnerability stems from the way the StringLookup layer is handled during model loading from a...

5.9CVSS6.2AI score0.00239EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/29 12:0 a.m.4 views

PT-2025-44268

Name of the Vulnerable Software and Affected Versions Keras affected versions not specified Description The Keras Model.load model method is susceptible to arbitrary local file loading and Server-Side Request Forgery SSRF, even when safe mode=True is enabled. This issue arises from the handling o...

5.9CVSS7.5AI score0.00239EPSS
Exploits0References29
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-21893

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00714EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-50456

Malicious code in bioql PyPI...

4.8CVSS5.4AI score0.00475EPSS
Exploits0References2
NVD
NVD
added 2025/09/22 11:15 a.m.13 views

CVE-2025-9983

GALAYOU G2 cameras stream video output via RTSP streams. By default these streams are protected by randomly generated credentials. However these credentials are not required to access the stream. Changing these values does not change camera's behavior. The vendor did not respond in any way. Only...

7.1CVSS0.00636EPSS
Exploits2References2
CVE
CVE
added 2025/09/22 11:6 a.m.27 views

CVE-2025-9983

The CVE-2025-9983 affects GALAYOU G2 IP cameras, where RTSP streams can be accessed without valid credentials. The issue arises because default credentials are not required to access streams, and changing them does not affect behavior, indicating an authentication bypass in the RTSP service. Affe...

7.1CVSS6.6AI score0.00636EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2025/09/22 12:0 a.m.7 views

PT-2025-38711

Name of the Vulnerable Software and Affected Versions GALAYOU G2 cameras version 11.100001.01.28 Description GALAYOU G2 cameras stream video output via RTSP streams. By default, these streams are protected by randomly generated credentials, but these credentials are not required to access the...

7.1CVSS6.5AI score0.00636EPSS
Exploits2References5
OSV
OSV
added 2025/09/15 10:28 p.m.5 views

MAL-2025-47169 Malicious code in @nstudio/xplat (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 428f67f5c50b5dde563748444f509f1f52d4c606edea886a1906b387cf40198a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/08/15 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2021-3409

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously...

6.3CVSS6.5AI score0.00638EPSS
Exploits1References2
Packet Storm News
Packet Storm News
added 2025/08/12 12:0 a.m.5 views

Exploring Cross-Stage Adversarial Transferability in Class-Incremental Continual Learning

Class-incremental continual learning addresses catastrophic forgetting by enabling classification models to preserve knowledge of previously learned classes while acquiring new ones. However, the vulnerability of the models against adversarial attacks during this process has not been investigated...

6.9AI score
Exploits0
Cvelist
Cvelist
added 2025/07/18 3:32 p.m.10 views

CVE-2025-53888 RIOT-OS has an ineffective size check that can lead to buffer overflow in link layer address filter /sys/net/link_layer/l2filter/l2filter.c

RIOT-OS, an operating system that supports Internet of Things devices, has an ineffective size check implemented with assert can lead to buffer overflow in versions up to and including 2025.04. Assertions are usually compiled out in production builds. If assertions are the only defense against...

8.7CVSS0.00714EPSS
Exploits1References3
Schneier on Security
Schneier on Security
added 2025/05/30 11:5 a.m.7 views

Why Take9 Won’t Improve Cybersecurity

There's a new cybersecurity awareness campaign: Take9. The idea is that people--you, me, everyone--should just pause for nine seconds and think more about the link they are planning to click on, the file they are planning to download, or whatever it is they are planning to share. There's a...

7.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 9:22 a.m.13 views

CVE-2024-5208

An uncontrolled resource consumption vulnerability exists in the upload-link endpoint of mintplex-labs/anything-llm. This vulnerability allows attackers to cause a denial of service DOS by shutting down the server through sending invalid upload requests. Specifically, the server can be made to sh...

6.5CVSS6.9AI score0.00618EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:40 a.m.9 views

CVE-2022-41961

BigBlueButton is an open source web conferencing system. Versions prior to 2.4-rc-6 are subject to Ineffective user bans. The attacker could register multiple users, and join the meeting with one of them. When that user is banned, they could still join the meeting with the remaining registered...

4.3CVSS6.6AI score0.0028EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2025/05/03 12:0 a.m.7 views

Backdoor Attacks against Patch-Based Mixture of Experts

As Deep Neural Networks DNNs continue to require larger amounts of data and computational power, Mixture of Experts MoE models have become a popular choice to reduce computational complexity. This popularity increases the importance of considering the security of MoE architectures. Unfortunately,...

7.2AI score
Exploits0
AstraLinux
AstraLinux
added 2025/02/11 7:35 a.m.2 views

Astra Linux – Vulnerability in bind9

A malicious client can send numerous DNS messages via TCP, potentially causing the server to become unstable during the attack. The server may recover after the attack stops. The use of ACLs will not mitigate this attack. This issue affects BIND 9 versions 9.18.1 through 9.18.27, 9.19.0 through...

7.5CVSS7.3AI score0.0468EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/11/04 6:43 p.m.3 views

Malicious code in nuclei-action (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ff11d1d83d49d09048c99bb1832b42e2e1c9b2eaab16b52b0da3868e73949051 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2024/08/20 6:31 a.m.18 views

Spring Security Missing Authorization vulnerability

Missing Authorization When Using @AuthorizeReturnObject in Spring Security 6.3.0 and 6.3.1 allows attacker to render security annotations inaffective...

7.5CVSS6.8AI score0.00432EPSS
Exploits0References3Affected Software1
Schneier on Security
Schneier on Security
added 2024/08/09 1:24 p.m.9 views

People-Search Site Removal Services Largely Ineffective

Consumer Reports has a new study of people-search site removal services, concluding that they dont really work: As a whole, people-search removal services are largely ineffective. Private information about each participant on the people-search sites decreased after using the people-search removal...

7AI score
Exploits0
Rows per page
Query Builder