Efficient Software Vulnerability Detection Using Transformer-Based Models

Detecting software vulnerabilities is critical to ensuring the security and reliability of modern computer systems. Deep neural networks have shown promising results on vulnerability detection, but they lack the capability to capture global contextual information on vulnerable code. To address th...

CVE-2024-58293

Akaunting 3.1.8 contains a server-side template injection vulnerability that allows authenticated administrators to execute template expressions in multiple form input fields. Attackers can inject template payloads in items, taxes, transactions, and vendor name fields to perform arithmetic...

EUVD-2017-4356

Malware in sbrugna...

EUVD-2022-30283

Malicious code in bioql PyPI...

Architectural Backdoors in Deep Learning: a Survey of Vulnerabilities, Detection, and Defense

Architectural backdoors pose an under-examined but critical threat to deep neural networks, embedding malicious logic directly into a model's computational graph. Unlike traditional data poisoning or parameter manipulation, architectural backdoors evade standard mitigation techniques and persist...

PT-2025-23431 · Unknown · Chaitak-Gorai Blogbook

Name of the Vulnerable Software and Affected Versions: chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513 Description: A vulnerability was found in chaitak-gorai Blogbook, affecting unknown code of the file /search.php of the component GET Parameter Handler. The manipulation of...

CVE-2021-24001

A compromised content process could have performed session history manipulations it should not have been able to due to testing infrastructure that was not restricted to testing-only configurations. This vulnerability affects Firefox 88...

CVE-2024-21879 URL parameter manipulations allows an authenticated attacker to execute arbitrary OS commands in Enphase IQ Gateway v4.x to v8.x and < v8.2.4225

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability through an url parameter of an authenticated enpoint in Enphase IQ Gateway formerly known as Envoy allows OS Command Injection.This issue affects Envoy: from 4.x to 8.x and 8.2.4225...

CVE-2024-21880

The CVE-2024-21880 issue affects Enphase IQ Gateway (4.x–7.x). It is an OS command injection via the url parameter of an authenticated endpoint, caused by improper neutralization of special elements. The connected PT security entry (PT-2024-19111) provides remediation guidance: update Enphase IQ ...

CVE-2024-42077 ocfs2: fix DIO failure due to insufficient transaction credits

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix DIO failure due to insufficient transaction credits The code in ocfs2dioendiowrite estimates number of necessary transaction credits using ocfs2calcextendcredits. This however does not take into account that the IO cou...

CVE-2024-42077 ocfs2: fix DIO failure due to insufficient transaction credits

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix DIO failure due to insufficient transaction credits The code in ocfs2dioendiowrite estimates number of necessary transaction credits using ocfs2calcextendcredits. This however does not take into account that the IO cou...

CVE-2024-37386

An issue was discovered in Stormshield Network Security SNS 4.0.0 through 4.3.25, 4.4.0 through 4.7.5, and 4.8.0. Certain manipulations allow restarting in single-user mode despite the activation of secure boot. The following versions fix this: 4.3.27, 4.7.6, and 4.8.2...

CVE-2024-37386

An issue was discovered in Stormshield Network Security SNS 4.0.0 through 4.3.25, 4.4.0 through 4.7.5, and 4.8.0. Certain manipulations allow restarting in single-user mode despite the activation of secure boot. The following versions fix this: 4.3.27, 4.7.6, and 4.8.2...

Satacom delivers browser extension that steals cryptocurrency

Satacom downloader, also known as LegionLoader, is a renowned malware family that emerged in 2019. It is known to use the technique of querying DNS servers to obtain the base64-encoded URL in order to receive the next stage of another malware family currently distributed by Satacom. The Satacom...

On the Poisoning of LLMs

Interesting essay on the poisoning of LLMs--ChatGPT in particular: Given that weve known about model poisoning for years, and given the strong incentives the black-hat SEO crowd has to manipulate results, its entirely possible that bad actors have been poisoning ChatGPT for months. We dont know...

zeek -- potential DoS vulnerabilities

Tim Wojtulewicz of Corelight reports: A specially-crafted series of FTP packets with a CMD command with a large path followed by a very large number of replies could cause Zeek to spend a long time processing the data. A specially-crafted with a truncated header can cause Zeek to overflow memory...

SUSE CVE-2017-3081

Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability during internal computation caused by multiple display object mask manipulations. Successful exploitation could lead to arbitrary code execution...

Out-of-bounds Write

vim is vulnerable to out-of-bounds write. The vulnerability exists due to invalid memory access after diff buffer manipulations in 1diffmarkadjusttp function in diff.c...

CVE-2022-25623

The Symantec Management Agent is susceptible to a privilege escalation vulnerability. A low privilege local account can be elevated to the SYSTEM level through registry manipulations...

Privilege escalation

The Symantec Management Agent is susceptible to a privilege escalation vulnerability. A low privilege local account can be elevated to the SYSTEM level through registry manipulations...