Keras 安全漏洞

Keras is a multi-backend deep learning framework open-sourced by Keras. A security vulnerability exists in Keras that stems from the StringLookup layer not properly restricting external path loading functionality when processing specially crafted .keras archives, which could lead to arbitrary loc...

Linux Distros Unpatched Vulnerability : CVE-2025-12058

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Keras.Model.loadmodel method, including when executed with the intended security mitigation safemode=True, is vulnerable to arbitrary local file loading and...

Malicious code in paysera-loading-spinner (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d860e39a767111b60ddcd5e511c83f876e44a4ddcfe9d499c215834d9fe4fbaf Any computer that has this package installed or running should be considered...

MAL-2025-48751 Malicious code in paysera-loading-spinner (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d860e39a767111b60ddcd5e511c83f876e44a4ddcfe9d499c215834d9fe4fbaf Any computer that has this package installed or running should be considered...

OESA-2025-2494 qt5-qtimageformats security update

The core Qt Gui library by default supports reading and writing image files of the most common file formats: PNG, JPEG, BMP, GIF and a few more, ref. Reading and Writing Image Files. The Qt Image Formats add-on module provides optional support for other image file formats. Security Fixes: When...

NewStart CGSL MAIN 7.02 : pytorch Vulnerability (NS-SA-2025-0250)

The remote NewStart CGSL host, running version MAIN 7.02, has pytorch packages installed that are affected by a vulnerability: - PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5...

SUSE CVE-2025-54470

This vulnerability affects NeuVector deployments only when the Report anonymous cluster data option is enabled. When this option is enabled, NeuVector sends anonymous telemetry data to the telemetry server. In affected versions, NeuVector does not enforce TLS certificate verification when...

EUVD-2025-35596

Scapy Session Loading Vulnerable to Arbitrary Code Execution via Untrusted Pickle Deserialization...

Improper Input Validation

picklescan is vulnerable to Improper Input Validation. The vulnerability is due to inadequate validation in the scanning logic that fails to properly inspect pickle files with PyTorch-related extensions, which allows an attacker to bypass security checks and execute malicious code when the file i...

Hackers Used Snappybee Malware and Citrix Flaw to Breach European Telecom Network

A European telecommunications organization is said to have been targeted by a threat actor that aligns with a China-nexus cyber espionage group known as Salt Typhoon. The organization, per Darktrace, was targeted in the first week of July 2025, with the attackers exploiting a Citrix NetScaler...

Post-exploitation framework now also delivered via npm

Incident description The first version of the AdaptixC2 post-exploitation framework, which can be considered an alternative to the well-known Cobalt Strike, was made publicly available in early 2025. In spring of 2025, the framework was first observed being used for malicious means. In October...

Improper Configuration Management

TinyEnv is vulnerable to Improper Configuration Management. The vulnerability is due to the application not requiring the .env file to exist when loading environment variables, which allows an attacker or misconfiguration to cause the application to run with insecure defaults or missing...

EUVD-2025-34085

loading template...

CVE-2025-23309

NVIDIA Display Driver contains a vulnerability where an uncontrolled DLL loading path might lead to arbitrary denial of service, escalation of privileges, code execution, and data tampering...

CVE-2025-23309

NVIDIA Display Driver contains a vulnerability where an uncontrolled DLL loading path might lead to arbitrary denial of service, escalation of privileges, code execution, and data tampering...

CVE-2025-23309

The CVE-2025-23309 entry concerns the NVIDIA Display Driver. Affected component: NVIDIA Display Driver (and Linux variant per connected records). Root cause: an uncontrolled DLL loading path could be exploited to load malicious code. Impact stated in sources includes denial of service, privilege ...

CVE-2025-23309

NVIDIA Display Driver contains a vulnerability where an uncontrolled DLL loading path might lead to arbitrary denial of service, escalation of privileges, code execution, and data tampering...

CVE-2025-61864

A use after free vulnerability exists in VS6ComFile!loadlinkinf of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end ABEND, and arbitrary code execution...

Metasploit Wrap Up 10/09/2025

Meterpreter: Kickstarting Windows ARM64 and Reducing Memory Footprint This Metasploit-Framework release includes two important milestones for our payloads capability. The first, spearheaded by community contributor Alexander "xaitax" Hagenah, is an enhancement of our ReflectiveLoader, a crucial...

From HealthKick to GOVERSHELL: The Evolution of UTA0388's Espionage Malware

A China-aligned threat actor codenamed UTA0388 has been attributed to a series of spear-phishing campaigns targeting North America, Asia, and Europe that are designed to deliver a Go-based implant known as GOVERSHELL. "The initially observed campaigns were tailored to the targets, and the message...