Researchers Find Serious AI Bugs Exposing Meta, Nvidia, and Microsoft Inference Frameworks

Cybersecurity researchers have uncovered critical remote code execution vulnerabilities impacting major artificial intelligence AI inference engines, including those from Meta, Nvidia, Microsoft, and open-source PyTorch projects such as vLLM and SGLang. "These vulnerabilities all traced back to t...

CVE-2025-56558

The Dyson MQTT server 2022 and possibly later allows publications and subscriptions by a client that has the correct values of AWSACCESSKEYID, AWSSECRETACCESSKEY, AWSSESSIONTOKEN, and device serial number, even if a device such as a Pure Hot+Cool device has been removed and is not visible in the...

PT-2025-44327

Name of the Vulnerable Software and Affected Versions Dyson App versions 6.1.23041-23595 Description An issue allows unauthenticated attackers to remotely control other users' Dyson IoT devices via MQTT. Recommendations At the moment, there is no information about a newer version that contains a...

Security Bulletin: IBM MQ Appliance is affected by open source vulnerabilities (CVE-2025-8058 and CVE-2025-7425)

Summary IBM MQ Appliance has addressed open source vulnerabilities. Vulnerability Details CVEID:CVE-2025-8058 DESCRIPTION: The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc...

CVE-2025-12105

A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed twice due to missin...

CVE-2025-12105 Libsoup: heap use-after-free in libsoup message queue handling during http/2 read completion

A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed twice due to missin...

CVE-2025-12105

CVE-2025-12105 affects libsoup3 and is caused by a heap use-after-free in the asynchronous message queue handling during HTTP/2 read completion. When network operations are aborted at specific timing, a message queue item may be freed twice, enabling a remote attacker to trigger a denial-of-servi...

libsoup 资源管理错误漏洞

libsoup is a GNOME HTTP client/server library from the GNOME Project. A resource management error vulnerability exists in libsoup that stems from a lack of state synchronization in asynchronous message queue processing, which could lead to post-release reuse and denial of service attacks...

CVE-2025-11757 Improper Neutralization of Wildcards or Matching Symbols in CloudEdge Online Cameras and App

The CloudEdge Cloud does not sanitize the MQTT topic input, which could allow an attacker to leverage the MQTT wildcard to receive all the messages that should be delivered to other users by subscribing to the a MQTT topic. In these messages, the attacker can obtain the credentials and key...

IBM MQ Denial of Service Vulnerability (CNVD-2026-19183)

IBM MQ is a leading enterprise-class messaging middleware designed for cross-platform asynchronous communication. It uses a queuing mechanism to ensure reliable and secure data transfer between applications and supports integration in heterogeneous environments. A denial of service vulnerability...

EUVD-2025-34796

IBM MQ 9.1, 9.2, 9.3, 9.4 LTS and 9.3, 9.4 CD is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. By conducting slowloris-type attacks, a remote attacker could exploit this vulnerability to cause a denial of service...

CVE-2025-36128

IBM MQ 9.1, 9.2, 9.3, 9.4 LTS and 9.3, 9.4 CD is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. By conducting slowloris-type attacks, a remote attacker could exploit this vulnerability to cause a denial of service...

CVE-2025-36128 IBM MQ denial of service

IBM MQ 9.1, 9.2, 9.3, 9.4 LTS and 9.3, 9.4 CD is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. By conducting slowloris-type attacks, a remote attacker could exploit this vulnerability to cause a denial of service...

CVE-2025-36128

IBM MQ (versions 9.1, 9.2, 9.3, 9.4 LTS and 9.3/9.4 CD) is vulnerable to a denial of service caused by improper timeout enforcement on individual read operations, enabling slowloris-type attacks. A remote attacker could exhaust server resources to disrupt service. The vulnerability affects the RE...

Security Bulletin: IBM MQ is vulnerable to Slowloris attack which is a type of denial-of-service (DoS) (CVE-2025-36128)

Summary IBM MQ is vulnerable to Slowloris attack which is a type of denial-of-service DoS. Vulnerability Details CVEID:CVE-2025-36128 DESCRIPTION: IBM MQ is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. By conducting slowloris-type...

IBM MQ 安全漏洞

IBM MQ is a messaging middleware product from International Business Machines IBM. The product focuses on providing a reliable and proven messaging backbone for Service Oriented Architecture SOA. A security vulnerability exists in IBM MQ versions 9.1, 9.2, 9.3, 9.4 LTS, 9.3, and 9.4 CD, which ste...

PT-2025-41731

Name of the Vulnerable Software and Affected Versions Tomofun Furbo 360 versions prior to FB0035 FW 036 Tomofun Furbo Mini versions prior to MC0020 FW 074 Description A security flaw exists in Tomofun Furbo 360 and Furbo Mini devices. The issue involves manipulation of the file /squashfs-root/fur...

Linux Distros Unpatched Vulnerability : CVE-2025-61765

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - python-socketio is a Python implementation of the Socket.IO realtime client and server. A remote code execution vulnerability in python-socketio versions prior ...

SUSE CVE-2025-61765

python-socketio is a Python implementation of the Socket.IO realtime client and server. A remote code execution vulnerability in python-socketio versions prior to 5.14.0 allows attackers to execute arbitrary Python code through malicious pickle deserialization in multi-server deployments on which...

EUVD-2025-32549

python-socketio vulnerable to arbitrary Python code execution RCE through malicious pickle deserialization in certain multi-server deployments...