Lucene search
K

10068 matches found

BDU FSTEC
BDU FSTEC
added 2025/07/28 12:0 a.m.9 views

The vulnerability of the TLS protocol implementation in the Crowdstrike Falcon endpoint protection software allows a attacker to execute a “man-in-the-middle” attack.

The vulnerability of the TLS protocol implementation in the Crowdstrike Falcon endpoint protection software is related to the lack of trust chain tracking during certificate verification. Exploiting this vulnerability allows a remote attacker to execute a “man-in-the-middle” attack...

8.1CVSS5.7AI score0.00269EPSS
Exploits0References4Affected Software3
CNNVD
CNNVD
added 2025/07/28 12:0 a.m.11 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure to refresh the queue when reading sockets by TLS, which could lead to the use of a freed skb...

7.8CVSS6.9AI score0.00152EPSS
Exploits0References7
OSV
OSV
added 2025/07/24 4:25 p.m.7 views

CLSA-2025-1753374348 java-1.8.0-openjdk: Fix of 4 CVEs

Upgrade to shenandoah-jdk8u462-b08 GA fixing the following CVEs: - CVE-2025-30749: better Glyph drawing - CVE-2025-30754: enhance TLS protocol support - CVE-2025-30761: improve scripting supports - CVE-2025-50106: glyph out-of-memory access and crash...

8.1CVSS6.7AI score0.01058EPSS
Exploits1References1
OSV
OSV
added 2025/07/24 4:18 p.m.12 views

CLSA-2025-1753373900 java-1.8.0-openjdk: Fix of 4 CVEs

Upgrade to shenandoah-jdk8u462-b08 GA fixing the following CVEs: - CVE-2025-30749: better Glyph drawing - CVE-2025-30754: enhance TLS protocol support - CVE-2025-30761: improve scripting supports - CVE-2025-50106: glyph out-of-memory access and crash...

8.1CVSS6.7AI score0.01058EPSS
Exploits1References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/07/24 4:0 p.m.5 views

Malicious code in ui-data-layer (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 8a48f1cd7920a46266b710e80c45543e765af5de9e2944c114bf249efe69ce17 The OpenSSF Package Analysis project identified 'ui-data-layer' @...

7.1AI score
Exploits0
OSV
OSV
added 2025/07/24 4:0 p.m.1 views

MAL-2025-6321 Malicious code in ui-data-layer (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 8a48f1cd7920a46266b710e80c45543e765af5de9e2944c114bf249efe69ce17 The OpenSSF Package Analysis project identified 'ui-data-layer' @...

7.3AI score
Exploits0
OSV
OSV
added 2025/07/24 3:49 p.m.9 views

USN-7651-6 linux-raspi vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - PowerPC architecture; - S390 architecture; - Block layer subsystem; - Serial ATA and Parallel ATA drivers; - Driver...

7.8CVSS6.6AI score0.00259EPSS
Exploits0References118
OSV
OSV
added 2025/07/24 8:1 a.m.10 views

USN-7651-5 linux-raspi-realtime vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - PowerPC architecture; - S390 architecture; - Block layer subsystem; - Serial ATA and Parallel ATA drivers; - Driver...

7.8CVSS6.6AI score0.00259EPSS
Exploits0References118
Packet Storm News
Packet Storm News
added 2025/07/24 12:0 a.m.12 views

LoRA-Leak: Membership Inference Attacks against LoRA Fine-Tuned Language Models

Language Models LMs typically adhere to a "pre-training and fine-tuning" paradigm, where a universal pre-trained model can be fine-tuned to cater to various specialized domains. Low-Rank Adaptation LoRA has gained the most widespread use in LM fine-tuning due to its lightweight computational cost...

6.6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/07/22 5:4 p.m.12 views

CVE-2025-7903

A vulnerability classified as problematic was found in yangzongzhuan RuoYi up to 4.8.1. Affected by this vulnerability is an unknown functionality of the component Image Source Handler. The manipulation leads to improper restriction of rendered ui layers. The attack can be launched remotely. The...

5.4CVSS4.6AI score0.0024EPSS
Exploits1References1
OSV
OSV
added 2025/07/22 1:27 p.m.9 views

USN-7651-4 linux-gcp, linux-gcp-6.8 vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - PowerPC architecture; - S390 architecture; - Block layer subsystem; - Serial ATA and Parallel ATA drivers; - Driver...

7.8CVSS6.6AI score0.00259EPSS
Exploits0References118
OSV
OSV
added 2025/07/22 7:44 a.m.11 views

USN-7654-4 linux-kvm vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - PA-RISC architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; - Cryptographic API; -...

9.8CVSS6.4AI score0.01483EPSS
Exploits0References140
OSV
OSV
added 2025/07/22 7:35 a.m.7 views

USN-7651-3 linux-aws-6.8, linux-gke, linux-gkeop, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-oracle, linux-oracle-6.8 vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - PowerPC architecture; - S390 architecture; - Block layer subsystem; - Serial ATA and Parallel ATA drivers; - Driver...

7.8CVSS6.7AI score0.00259EPSS
Exploits0References118
Packet Storm News
Packet Storm News
added 2025/07/22 12:0 a.m.3 views

Analysis of Post-Quantum Cryptography in User Equipment in 5G and Beyond

The advent of quantum computing threatens the security of classical public-key cryptographic systems, prompting the transition to post-quantum cryptography PQC. While PQC has been analyzed in theory, its performance in practical wireless communication environments remains underexplored. This pape...

6.9AI score
Exploits0
SUSE Linux
SUSE Linux
added 2025/07/21 3:33 p.m.3 views

Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506002322 fixes several issues. The following security issues were fixed: CVE-2024-53146: NFSD: Prevent a potential integer overflow bsc1234854. CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended capability bsc1235005. CVE-2024-53173:...

8.5CVSS8.1AI score0.00262EPSS
Exploits0References46
RedHat Linux
RedHat Linux
added 2025/07/21 9:9 a.m.3 views

openjdk: Enhance TLS protocol support (Oracle CPU 2025-07)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0....

4.8CVSS7.2AI score0.00381EPSS
Exploits0References5
Packet Storm News
Packet Storm News
added 2025/07/21 12:0 a.m.3 views

Scaling Decentralized Learning with FLock

Fine-tuning the large language models LLMs are prevented by the deficiency of centralized control and the massive computing and communication overhead on the decentralized schemes. While the typical standard federated learning FL supports data privacy, the central server requirement creates a...

6.9AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2025/07/21 12:0 a.m.6 views

The vulnerability of the mod_ssl function in the Apache HTTP Server’s web server allows a hacker to cause a service failure.

The vulnerability of the modssl function in the Apache HTTP Server is related to deficiencies in the authentication process when processing the SSLEngine option. Exploiting this vulnerability allows a malicious actor to cause service failures using the TLS protocol...

7.8CVSS7.2AI score0.00516EPSS
Exploits0References16Affected Software13
OSV
OSV
added 2025/07/20 7:15 p.m.1 views

ALPINE-CVE-2025-47917

Mbed TLS before 3.6.4 allows a use-after-free in certain situations of applications that are developed in accordance with the documentation. The function mbedtlsx509stringtonames takes a head argument that is documented as an output argument. The documentation does not suggest that the function...

9.8CVSS7.1AI score0.0199EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2025/07/20 4:32 p.m.4 views

CVE-2025-7903 yangzongzhuan RuoYi Image Source ui layer

A vulnerability classified as problematic was found in yangzongzhuan RuoYi up to 4.8.1. Affected by this vulnerability is an unknown functionality of the component Image Source Handler. The manipulation leads to improper restriction of rendered ui layers. The attack can be launched remotely. The...

5.3CVSS4.7AI score0.0024EPSS
Exploits1References4
Rows per page
Query Builder