Astra Linux - уязвимость в firefox

The developer’s page for about:memory includes a Measure function for exploring which object types the browser has allocated and their sizes. When this function was invoked, we incorrectly called the sizeof function instead of using the API method that checks for invalid pointers. This...

CVE-2026-43476 iio: chemical: sps30_i2c: fix buffer size in sps30_i2c_read_meas()

In the Linux kernel, the following vulnerability has been resolved: iio: chemical: sps30i2c: fix buffer size in sps30i2creadmeas sizeofnum evaluates to sizeofsizet 8 bytes on 64-bit instead of the intended be32 element size 4 bytes. Use sizeofmeas to correctly match the buffer element type...

Malicious code in sketch-measure (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c54126529b9da791496e58ec744f6b7fe4fe769258480802eb5a3dcbc017d0d8 The package sketch-measure was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-1096 Malicious code in sketch-measure (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c54126529b9da791496e58ec744f6b7fe4fe769258480802eb5a3dcbc017d0d8 The package sketch-measure was found to contain malicious code. Source: ossf-package-analysis...

An Empirical Study of the Imbalance Issue in Software Vulnerability Detection

Vulnerability detection is crucial to protect software security. Nowadays, deep learning DL is the most promising technique to automate this detection task, leveraging its superior ability to extract patterns and representations within extensive code volumes. Despite its promise, DL-based...

CVE-2025-15535

A security flaw has been discovered in nicbarker clay up to 0.14. This affects the function ClayMeasureTextCached in the library clay.h. The manipulation results in null pointer dereference. The attack is only possible with local access. The exploit has been released to the public and may be used...

CVE-2025-15535

A security flaw has been discovered in nicbarker clay up to 0.14. This affects the function ClayMeasureTextCached in the library clay.h. The manipulation results in null pointer dereference. The attack is only possible with local access. The exploit has been released to the public and may be used...

CVE-2025-15535

CVE-2025-15535 affects nicbarker clay up to 0.14, specifically the Clay__MeasureTextCached function in clay.h. The vulnerability is a null pointer dereference that can be triggered locally, with exploitation details published publicly. Various sources (NVD, Red Hat, CIRCL, CVE lists) concur on th...

CVE-2025-15535 nicbarker clay clay.h Clay__MeasureTextCached null pointer dereference

A security flaw has been discovered in nicbarker clay up to 0.14. This affects the function ClayMeasureTextCached in the library clay.h. The manipulation results in null pointer dereference. The attack is only possible with local access. The exploit has been released to the public and may be used...

CVE-2025-15535

A security flaw has been discovered in nicbarker clay up to 0.14. This affects the function ClayMeasureTextCached in the library clay.h. The manipulation results in null pointer dereference. The attack is only possible with local access. The exploit has been released to the public and may be used...

PT-2026-3383

A security flaw has been discovered in nicbarker clay up to 0.14. This affects the function Clay MeasureTextCached in the library clay.h. The manipulation results in null pointer dereference. The attack is only possible with local access. The exploit has been released to the public and may be use...

Predicting Tail-Risk Escalation in IDS Alert Time Series

Network defenders face a steady stream of attacks, observed as raw Intrusion Detection System IDS alerts. The sheer volume of alerts demands prioritization, typically based on high-level risk classifications. This work expands the scope of risk measurement by examining alerts not only through the...

CVE-2020-12707

An XSS vulnerability exists in modules/wysiwyg/save.php of LeptonCMS 4.5.0. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT elements. A malicious actor can use HTML event handlers to run JavaScript instead of using SCRIPT elements...

CVE-2020-12438

An XSS vulnerability exists in the banners.php page of PHP-Fusion 9.03.50. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT tags. A malicious actor can use HTML event handlers to run JavaScript instead of using SCRIPT tags...

CLSA-2025-1763122640 edk2: Fix of 3 CVEs

CVE-2022-36763: fix heap buffer overflow in TPM2 measure boot library when processing GPT partition tables - CVE-2022-36764: fix heap buffer overflow in TPM measure boot library when calculating PE image event size - CVE-2022-36765: fix integer overflow in CreateHob function that could lead to...

AAGATE: A NIST AI RMF-Aligned Governance Platform for Agentic AI

This paper introduces the Agentic AI Governance Assurance & Trust Engine AAGATE, a Kubernetes-native control plane designed to address the unique security and governance challenges posed by autonomous, language-model-driven agents in production. Recognizing the limitations of traditional...

Intermittent File Encryption in Ransomware: Measurement, Modeling, and Detection

File encrypting ransomware increasingly employs intermittent encryption techniques, encrypting only parts of files to evade classical detection methods. These strategies, exemplified by ransomware families like BlackCat, complicate file structure based detection techniques due to diverse file...

ai.catboost:catboost-spark_3.5_2.13 (>=1.2.3 <=1.2.10), ch.cern.sparkmeasure:spark-measure_2.13 (=0.24) +133 more potentially affected by CVE-2025-55039 via org.apache.spark:spark-network-common_2.13 (>=3.5.0 <=3.5.1)

org.apache.spark:spark-network-common2.13 MAVEN version =3.5.0, =1.2.3, =4.43.0, =3.5.0, =3.5.00.20.1, =3.5.0, =2.0.4, =2.1.6-spark-3.5.1, =2.1.6-spark-3.5.1, =1.1.1, =1.1.3 and more Source cves: CVE-2025-55039 Source advisory: OSV:GHSA-6P6V-M64V-JX8Q...

ai.catboost:catboost-spark_3.5_2.13 (>=1.2.3 <=1.2.10), ch.cern.sparkmeasure:spark-measure_2.13 (=0.24) +133 more potentially affected by CVE-2025-55039 via org.apache.spark:spark-network-common_2.13 (>=3.5.0 <=3.5.1)

org.apache.spark:spark-network-common2.13 MAVEN version =3.5.0, =1.2.3, =4.43.0, =3.5.0, =3.5.00.20.1, =3.5.0, =2.0.4, =2.1.6-spark-3.5.1, =2.1.6-spark-3.5.1, =1.1.1, =1.1.3 and more Source cves: CVE-2025-55039 Source advisory: SNYK:JAVA-ORGAPACHESPARK-13553869...

EUVD-1999-0531

Malware in sbrugna...