10068 matches found
HTTP Desynchronisation Attack
Apache HTTP Server modssl is vulnerable to an HTTP desynchronisation Attack. The vulnerability is due to the use of SSLEngine optional for enabling TLS upgrades, which allows a man-in-the-middle attacker to exploit request desynchronisation and hijack an active HTTP session during the TLS upgrade...
openjdk: Enhance TLS protocol support (Oracle CPU 2025-07)
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0....
Safeguarding Federated Learning-Based Road Condition Classification
Federated Learning FL has emerged as a promising solution for privacy-preserving autonomous driving, specifically camera-based Road Condition Classification RCC systems, harnessing distributed sensing, computing, and communication resources on board vehicles without sharing sensitive image data...
The vulnerability of the SICAM TOOLBOX II engineering software, related to incorrect verification of certificates, allows a perpetrator to execute a “man-in-the-middle” type attack.
The vulnerability of the SICAM TOOLBOX II engineering software is related to improper verification of the TLS certificate. Exploiting this vulnerability could allow a remote attacker to execute a “man-in-the-middle” type attack...
Access Control Bypass
Overview Affected versions of this package are vulnerable to Access Control Bypass when processing TLS connections. An attacker can gain unauthorized read and write access to certain data by sending specially crafted network requests. This is only exploitable if untrusted code is loaded and run i...
Access Control Bypass
Overview org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages. Affected versions of this package are...
Multi-Trigger Poisoning Amplifies Backdoor Vulnerabilities in LLMs
Recent studies have shown that Large Language Models LLMs are vulnerable to data poisoning attacks, where malicious training examples embed hidden behaviours triggered by specific input patterns. However, most existing works assume a phrase and focus on the attack's effectiveness, offering limite...
Exploit for Cross-site Scripting in Maptiler Tileserver_Php
CVE-2025-44136 Unauthenticated XSS in MapTiler Tileserver-php...
LaSM: Layer-Wise Scaling Mechanism for Defending Pop-Up Attack on GUI Agents
Graphical user interface GUI agents built on multimodal large language models MLLMs have recently demonstrated strong decision-making abilities in screen-based interaction tasks. However, they remain highly vulnerable to pop-up-based environmental injection attacks, where malicious visual element...
OESA-2025-1776 python-cryptography security update
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Security Fixes: A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lea...
OESA-2025-1775 python-cryptography security update
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Security Fixes: A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lea...
net: tls: explicitly disallow disconnect
...
net: phy: leds: fix memory leak
...
CovertAuth: Joint Covert Communication and Authentication in MmWave Systems
Beam alignment BA is a crucial process in millimeter-wave mmWave communications, enabling precise directional transmission and efficient link establishment. However, due to characteristics like omnidirectional exposure and the broadcast nature of the BA phase, it is particularly vulnerable to...
SUSE CVE-2025-23048
In some modssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session resumption. Configurations are affected when modssl is configured for multiple virtual hosts, with each restricted to a different set of...
SUSE CVE-2025-38302
In the Linux kernel, the following vulnerability has been resolved: block: don't use submitbionoacctnocheck in blkzonewplugbiowork Bios queued up in the zone write plug have already gone through all all preparation in the submitbio path, including the freeze protection. Submitting them through...
ALPINE-CVE-2025-23048
In some modssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session resumption. Configurations are affected when modssl is configured for multiple virtual hosts, with each restricted to a different set of...
UBUNTU-CVE-2025-23048
In some modssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session resumption. Configurations are affected when modssl is configured for multiple virtual hosts, with each restricted to a different set of...
UBUNTU-CVE-2025-38302
In the Linux kernel, the following vulnerability has been resolved: block: don't use submitbionoacctnocheck in blkzonewplugbiowork Bios queued up in the zone write plug have already gone through all all preparation in the submitbio path, including the freeze protection. Submitting them through...
PT-2025-29046
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.15.0-rc7 Description: A flaw was discovered in the Linux kernel related to the MPLS Multiprotocol Label Switching implementation. Specifically, the mpls route input rcu function could be called from within an...