CVE-2025-44033

CVE-2025-44033 affects oa_system oasys v1.1. A SQL injection flaw in AddressMapper.java (allDirector() method) allows a remote attacker to execute arbitrary code. Severity CVSS 3.1: 9.8 (CRITICAL). No publicly documented fix version is provided in the connected sources; exploit details or in‑the‑...

Hybrid Cryptographic Monitoring System for Side-Channel Attack Detection on PYNQ SoCs

AES-128 encryption is theoretically secure but vulnerable in practical deployments due to timing and fault injection attacks on embedded systems. This work presents a lightweight dual-detection framework combining statistical thresholding and machine learning ML for real-time anomaly detection. B...

CVE-2025-44033

SQL injection vulnerability in oasystem oasys v.1.1 allows a remote attacker to execute arbitrary code via the allDirector method declaration in src/main/java/cn/gson/oasys/mappers/AddressMapper.java...

MAL-2025-41501 Malicious code in @twork-data-services/procedure-v2-execute-as-method-request (npm)

--- -= Per source details. Do not edit below this line.=-...

Linux Distros Unpatched Vulnerability : CVE-2021-33623

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service ReDoS for the .end method...

Linux Distros Unpatched Vulnerability : CVE-2019-0187

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unauthenticated RCE is possible when JMeter is used in distributed mode -r or -R command line options. Attacker can establish a RMI connection to a jmeter-serve...

TencentOS Server 4: golang (TSSA-2025:0679)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0679 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Linux Distros Unpatched Vulnerability : CVE-2020-35239

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability exists in CakePHP versions 4.0.x through 4.1.3. The CsrfProtectionMiddleware component allows method override parameters to bypass CSRF checks b...

Linux Distros Unpatched Vulnerability : CVE-2024-31211

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WordPress is an open publishing platform for the Web. Unserialization of instances of the WPHTMLToken class allows for code execution via its destruct magic...

Linux Distros Unpatched Vulnerability : CVE-2020-5258

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In affected versions of dojo NPM package, the deepCopy method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properti...

Linux Distros Unpatched Vulnerability : CVE-2023-23913

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the...

CVE-2025-0086

Technical details such as affected products, versions, root cause, or remediation for CVE-2025-0086 are not publicly provided in the connected documents. Monitor for updates.

CVE-2025-0086

In onResult of AccountManagerService.java, there is a possible way to overwrite auth token due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

Picklescan is missing detection when calling built-in python doctest.debug_script

Summary Using doctest.debugscript function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to doctest.debugscript function in reduce method Then when the victim...

Allocation of Resources Without Limits or Throttling

Overview org.webjars.bowergithub.parallax:jspdf is a PDF Document creation from JavaScript Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the addImage or html methods. An attacker can cause excessive CPU utilization and application...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the addImage or html methods. An attacker can cause excessive CPU utilization and application unresponsiveness by supplying malicious PNG image data or URLs. Details Denial of...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the addImage or html methods. An attacker can cause excessive CPU utilization and application unresponsiveness by supplying malicious PNG image data or URLs. Details Denial of...

GHSA-8MVJ-3J78-4QMW jsPDF Denial of Service (DoS)

Impact User control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful PNG file that results in high CPU utilization and denial of...

Allocation of Resources Without Limits or Throttling

Overview jspdf is a PDF Document creation from JavaScript Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the addImage or html methods. An attacker can cause excessive CPU utilization and application unresponsiveness by supplying...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the addImage or html methods. An attacker can cause excessive CPU utilization and application unresponsiveness by supplying malicious PNG image data or URLs. Details Denial of...