Updated python-django packages fix a security vulnerability

An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate, QuerySet.alias, QuerySet.aggregate, and QuerySet.extra are subject to SQL injection in column aliases, when using a suitably crafted dictionary, with dictionary expansion, as the kwarg...

Exploit for Incorrect Comparison in Dynamic-Linq Linq

🐞 CVE-2023-32571 - System.Linq.Dynamic.Core Remote Code Execut...

Multimodal Safety Is Asymmetric: Cross-Modal Exploits Unlock Black-Box MLLMs Jailbreaks

Multimodal large language models MLLMs have demonstrated significant utility across diverse real-world applications. But MLLMs remain vulnerable to jailbreaks, where adversarial inputs can collapse their safety constraints and trigger unethical responses. In this work, we investigate jailbreaks i...

When Intelligence Fails: An Empirical Study on Why LLMs Struggle with Password Cracking

The remarkable capabilities of Large Language Models LLMs in natural language understanding and generation have sparked interest in their potential for cybersecurity applications, including password guessing. In this study, we conduct an empirical investigation into the efficacy of pre-trained LL...

CVE-2025-59278

Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally...

EUVD-2025-34458

Parse Javascript SDK vulnerable to prototype pollution in Parse.Object and internal APIs...

CVE-2025-62374

Parse Javascript SDK provides access to the powerful Parse Server backend from your JavaScript app. Prior to 7.0.0, injection of malicious payload allows attacker to remotely execute arbitrary code. ParseObject.fromJSON, ParseObject.pin, ParseObject.registerSubclass, ObjectStateMutations internal...

CVE-2025-62374

CVE-2025-62374 affects the Parse JavaScript SDK before 7.0.0. A malicious payload could be injected via several APIs, enabling remote code execution through components such as ParseObject.fromJSON, ParseObject.pin, ParseObject.registerSubclass, ObjectStateMutations (internal), and encode/decode (...

EUVD-2025-34271

Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally...

EUVD-2025-34369

Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally...

CVE-2025-59278

Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally...

CVE-2025-59278

Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally...

CVE-2025-59277

Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally...

CVE-2025-59275

Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally...

.NET 9.0 Update - October 14, 2025 (KB5068332)

.NET 9.0 Update - October 14, 2025 KB5068332 .NET 9.0 has been refreshed with the latest update as of October 14, 2025. This update contains security and non-security fixes. See the release notes for details about updated packages..NET 9.0 servicing updates are upgrades. The latest servicing upda...

EUVD-2025-34179

A security issue exists within the Studio 5000 Logix Designer add-on profile AOP for the ArmorStart Classic distributed motor controller, resulting in denial-of-service. This vulnerability is possible due to the input of invalid values into Component Object Model COM methods...

PT-2025-42140

Name of the Vulnerable Software and Affected Versions Windows Authentication Methods affected versions not specified Description An issue exists in Windows Authentication Methods where improper validation of input allows a local attacker to gain elevated privileges. Recommendations At the moment,...

(Dis)Proving Spectre Security with Speculation-Passing Style

Constant-time CT verification tools are commonly used for detecting potential side-channel vulnerabilities in cryptographic libraries. Recently, a new class of tools, called speculative constant-time SCT tools, has also been used for detecting potential Spectre vulnerabilities. In many cases, the...

Fedora 44 : rubygem-actioncable / rubygem-actionmailbox / rubygem-actionmailer / etc (2025-6e5c27d218)

The remote Fedora 44 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2025-6e5c27d218 advisory. Update to Ruby on Rails 8.0.3 Fix CVE-2025-24293: Active Storage allowed transformation methods potentially unsafe Fix CVE-2025-55193: ANSI escape...

CVE-2025-61786

CVE-2025-61786 affects the Deno runtime: prior to versions 2.5.3 and 2.2.15, Deno.FsFile.prototype.stat and Deno.FsFile.prototype.statSync bypass the permission check when --deny-read=./ is used, allowing retrieval of file stats from files the user does not have explicit read access to. The vulne...