MaxKB 安全漏洞

MaxKB is an open-source question-answering system based on large language models and RAG, developed by 1Panel-dev. Versions of MaxKB prior to 2.7.1 contained a security vulnerability. This vulnerability stemmed from a storage-oriented cross-site scripting in the application introduction field,...

EUVD-2017-1510

Malware in sbrugna...

EUVD-2018-0128

Malware in sbrugna...

EUVD-2022-51390

Malicious code in bioql PyPI...

EUVD-2022-41502

Malicious code in bioql PyPI...

Microsegmentation in Zero Trust Part One: Introduction and Planning

The Journey to Zero Trust series covers cybersecurity capabilities and architecture supporting organization adoption of modern zero trust ZT principles. ZT’s core concept of never trust and always verify evolved from prior cybersecurity models. This current ZT series supports an organization’s ZT...

Meta Starts Showing Ads on WhatsApp After 6-Year Delay From 2018 Announcement

Meta Platforms on Monday announced that it's bringing advertising to WhatsApp, but emphasized that the ads are "built with privacy in mind." The ads are expected to be displayed on the Updates tab through its Stories-like Status feature, which allows ephemeral sharing of photos, videos, voice...

CVE-2023-33983

The Introduction Client in Briar through 1.5.3 does not implement out-of-band verification for the public keys of introducees. An introducer can launch man-in-the-middle attacks against later private communication between two introduced parties...

CVE-2020-18167

Cross Site Scripting XSS in LAOBANCMS v2.0 allows remote attackers to execute arbitrary code by injecting commands into the "Homepage Introduction" field of component "admin/info.php?shuyu"...

CVE-2019-17613

qibosoft 7 allows remote code execution because do/jf.php makes eval calls. The attacker can use the Point Introduction Management feature to supply PHP code to be evaluated. Alternatively, the attacker can access admin/index.php?lfj=jfadmin=addjf via CSRF, as demonstrated by a payload in the...

CVE-2005-2017

Symantec AntiVirus 9 Corporate Edition allows local users to gain privileges via the "Scan for viruses" option, which launches a help window with raised privileges, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2002-1540...

PT-2025-18482 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability has been resolved in the Linux kernel, specifically in the net/9p module. The issue involves inconsistent lock state in the p9 req put function, which can be caused by...

CVE-2025-31475

tarteaucitron.js is a compliant and accessible cookie banner. A vulnerability was identified in tarteaucitron.js prior to 1.20.1, where the addOrUpdate function, used for applying custom texts, did not properly validate input. This allowed an attacker with direct access to the site's source code ...

Arsen Introduces AI-Powered Phishing Tests to Improve Social Engineering Resilience

Paris, France, 24th March 2025, CyberNewsWire...

CVE-2025-21802

In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix oops when unload drivers paralleling When unload hclge driver, it tries to disable sriov first for each aedev node from hnae3aedevlist. If user unloads hns3 driver at the time, because it removes all the aedev node...

CVE-2025-21802

CVE-2025-21802 is a Linux kernel issue affecting the networking driver path for hns3. The vulnerability arises during driver unload when the hclge path attempts to disable SR-IOV for each ae_dev in hnae3_ae_dev_list while the ae_dev list is being modified, which can cause an oops. The root cause ...

CVE-2025-21802 net: hns3: fix oops when unload drivers paralleling

In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix oops when unload drivers paralleling When unload hclge driver, it tries to disable sriov first for each aedev node from hnae3aedevlist. If user unloads hns3 driver at the time, because it removes all the aedev node...

CVE-2020-5229

Opencast before 8.1 stores passwords using the rather outdated and cryptographically insecure MD5 hash algorithm. Furthermore, the hashes are salted using the username instead of a random salt, causing hashes for users with the same username and password to collide which is problematic especially...

CVE-2025-20128

A vulnerability in the Object Linking and Embedding 2 OLE2 decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to an integer underflow in a bounds check that allows for a heap buff...

CVE-2024-57893

CVE-2024-57893 : Linux kernel ALSA: seq: oss — race in SysEx message processing can cause out-of-bounds access. Connected docs confirm the issue and state a mutex-based serialization fix was introduced to protect SysEx packets in the OSS sequencer, effectively addressing the race between 6-byte S...