Cross-site Request Forgery (CSRF)

Overview omni-cortex is a Give Claude Code a perfect memory - auto-logs everything, searches smartly, and gets smarter over time Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF. The CORS configuration allows wildcard HTTP methods and headers, leading to malicio...

From Detection to Prevention: Explaining Security-Critical Code to Avoid Vulnerabilities

Security vulnerabilities often arise unintentionally during development due to a lack of security expertise and code complexity. Traditional tools, such as static and dynamic analysis, detect vulnerabilities only after they are introduced in code, leading to costly remediation. This work explores...

EUVD-2025-29509

Active Storage allowed transformation methods potentially unsafe Active Storage attempts to prevent the use of potentially unsafe image transformation methods and parameters by default. The default allowed list contains three methods allow for the circumvention of the safe defaults which enables...

CVE-2025-71011

An input validation vulnerability in the flow.Tensor.newempty/flow.Tensor.newones/flow.Tensor.newzeros component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...

A High-Performance Fractal Encryption Framework and Modern Innovations for Secure Image Transmission

The current digital era, driven by growing threats to data security, requires a robust image encryption technique. Classical encryption algorithms suffer from a trade-off among security, image fidelity, and computational efficiency. This paper aims to enhance the performance and efficiency of ima...

Putting Privacy to the Test: Introducing Red Teaming for Research Data Anonymization

Recently, the data protection practices of researchers in human-computer interaction and elsewhere have gained attention. Initial results suggest that researchers struggle with anonymization, partly due to a lack of clear, actionable guidance. In this work, we propose simulating re-identification...

Burp Suite 2025.12.4 Extension Advanced ReDoS Detector

This Burp Suite Java extension integrates an advanced timing-based ReDoS detection engine into Burp's Active Scanner. It automatically tests HTTP parameters using crafted payloads to identify exponential regex backtracking vulnerabilities. The extension performs warm-up requests, collects baselin...

Explainability Methods for Hardware Trojan Detection: A Systematic Comparison

Hardware trojan detection requires accurate identification and interpretable explanations for security engineers to validate and act on results. This work compares three explainability categories for gate-level trojan detection on the Trust-Hub benchmark: 1 domain-aware property-based analysis of...

CAFE-GB: Scalable and Stable Feature Selection for Malware Detection Via Chunk-Wise Aggregated Gradient Boosting

High-dimensional malware datasets often exhibit feature redundancy, instability, and scalability limitations, which hinder the effectiveness and interpretability of machine learning-based malware detection systems. Although feature selection is commonly employed to mitigate these issues, many...

Konica Bizhub Multifunction Printers Use of Weak Credentials (CVE-2024-51978)

An unauthenticated attacker who knows the target device's serial number, can generate the default administrator password for the device. An unauthenticated attacker can first discover the target device's serial number via CVE-2024-51977 over HTTP/HTTPS/IPP, or via a PJL request, or via an SNMP...

MiracleLinux 7 : firefox-91.4.0-1.0.1.el7.AXS7 (AXSA:2021-2597:33)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2021-2597:33 advisory. Mozilla: Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4 Mozilla: URL leakage when navigating while executing asynchronous function...

MiracleLinux 8 : firefox-91.4.0-1.el8.ML.1 (AXSA:2022-2971:02)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2022-2971:02 advisory. Mozilla: Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4 Mozilla: URL leakage when navigating while executing asynchronous function...

Exploit for CVE-2025-60021

CVE-2025-60021 Roundup Vulnerability Summary CVE-2025-60...

Fedora: Security Advisory (FEDORA-2026-63f333201f)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Predicting Tail-Risk Escalation in IDS Alert Time Series

Network defenders face a steady stream of attacks, observed as raw Intrusion Detection System IDS alerts. The sheer volume of alerts demands prioritization, typically based on high-level risk classifications. This work expands the scope of risk measurement by examining alerts not only through the...

Fedora 42 : foomuuri (2026-63f333201f)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-63f333201f advisory. Upstream update to v0.31 with fixes to CVE-2025-67603 and CVE-2025-67858. CVE-2025-67603: Add PolicyKit authorization to D-Bus methods...

MiracleLinux 4 : curl-7.19.7-37.AXS4.3 (AXSA:2014-397:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2014-397:01 advisory. cURL is a tool for getting files from HTTP, FTP, FILE, LDAP, LDAPS, DICT, TELNET and TFTP servers, using any of the supported protocols. cURL is...

MiracleLinux 4 : postfix-2.6.6-2.2.AXS4 (AXSA:2011-720:02)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2011-720:02 advisory. Postfix is a Mail Transport Agent MTA, supporting LDAP, SMTP AUTH SASL, TLS Security issues fixed with this release: CVE-2011-1720 The SMTP server in Postfix...

GHSA-G5GC-H5HP-555F Mass Assignment in AdonisJS Lucid Allows Overwriting Internal ORM State

Summary Description A Mass Assignment CWE-915 vulnerability in AdonisJS Lucid may allow a remote attacker who can influence data that is passed into Lucid model assignments to overwrite the internal ORM state. This may lead to logic bypasses and unauthorized record modification within a table or...

Description of the security update for Office Online Server: January 13, 2026 (KB5002824)

Description of the security update for Office Online Server: January 13, 2026 KB5002824 Summary This security update resolves Microsoft Excel Remote Code Execution vulnerability. To learn more about the vulnerability, see the following security advisories: Microsoft Common Vulnerabilities and...