webvulnscanner

Web Vulnerability Scanner A Python-based tool designed for ethic...

PT-2025-37954

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to the handling of ACPI DSD methods within the QuickI2C driver. Specifically, the ICRS and ISUB data returned by these methods include a trailin...

Spring Framework 安全漏洞

Spring Framework is a Spring open source application development framework. A security vulnerability exists in Spring Framework that stems from an annotation detection mechanism that fails to properly parse method annotations in generic superclasses, which could lead to an incorrect authorization...

Spring Security 安全漏洞

Spring Security is a Spring open source security framework with authentication and authorization capabilities. A security vulnerability exists in Spring Security that stems from the annotation detection mechanism not being able to correctly resolve annotations for methods in generic superclasses,...

Exploiting Timing Side-Channels in Quantum Circuits Simulation Via ML-Based Methods

As quantum computing advances, quantum circuit simulators serve as critical tools to bridge the current gap caused by limited quantum hardware availability. These simulators are typically deployed on cloud platforms, where users submit proprietary circuit designs for simulation. In this work, we...

Feature-Centric Approaches to Android Malware Analysis: a Survey

Sophisticated malware families exploit the openness of the Android platform to infiltrate IoT networks, enabling large-scale disruption, data exfiltration, and denial-of-service attacks. This systematic literature review SLR examines cutting-edge approaches to Android malware analysis with direct...

CVE-2025-58065

CVE-2025-58065 (Flask-AppBuilder) : Prior to v4.8.1, when using non-database authentication (OAuth/LDAP, etc.), the password reset endpoint remains registered and accessible even if not shown in the UI. This can let an enabled user reset their password and obtain JWTs, potentially bypassing deact...

GHSA-765J-9R45-W2Q2 Flask App Builder has an Authentication Bypass vulnerability when using non AUTH_DB methods

Impact When Flask-AppBuilder is configured to use OAuth, LDAP, or other non-database authentication methods, the password reset endpoint remains registered and accessible, despite not being displayed in the user interface. This allows an enabled user to reset their password and be able to create...

CVE-2025-58060

A flaw was found in CUPS, a widely used printing service on Linux and UNIX-like systems. The issue arises when authentication is configured to use a method other than Basic, but the attacker sends an HTTP request with a Basic authentication header. Due to improper validation in the cupsdAuthorize...

[Webinar] Shadow AI Agents Multiply Fast — Learn How to Detect and Control Them

⚠️ One click is all it takes. An engineer spins up an "experimental" AI Agent to test a workflow. A business unit connects to automate reporting. A cloud platform quietly enables a new agent behind the scenes. Individually, they look harmless. But together, they form an invisible swarm of Shadow A...

Description of the security update for PowerPoint 2016: September 09, 2025 (KB5002779)

Description of the security update for PowerPoint 2016: September 09, 2025 KB5002779 Summary This security update resolves a Microsoft PowerPoint remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2025-54908.​​​​​​​...

Core Spring Resilience Features: @ConcurrencyLimit, @Retryable, and RetryTemplate

This is the first blog post in the Road to GA series, highlighting major features within the Spring portfolio for the next major versions to be released in November of this year. Today we are proud to announce the new resilience features coming in Spring Framework 7.0: concurrency throttling and...

What Is Cybersecurity in Space?

Satellites, drones, and 5G space links now support critical services such as air traffic, finance, and weather. Yet most were not built to resist modern cyber threats. Ground stations can be breached, GPS jammed, and supply chains compromised, while no shared list of vulnerabilities or safe testi...

Security update for python-Django (important)

openSUSE Security Update: Security update for python-Django Announcement ID: openSUSE-SU-2025:0335-1 Rating: important References: 1248810 Cross-References: CVE-2025-57833 CVSS scores: CVE-2025-57833 SUSE: 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports...

Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in net/netip

...

False Sense of Security: Why Probing-Based Malicious Input Detection Fails to Generalize

Large Language Models LLMs can comply with harmful instructions, raising serious safety concerns despite their impressive capabilities. Recent work has leveraged probing-based approaches to study the separability of malicious and benign inputs in LLMs' internal representations, and researchers ha...

Between a Rock and a Hard Place: Exploiting Ethical Reasoning to Jailbreak LLMs

Large language models LLMs have undergone safety alignment efforts to mitigate harmful outputs. However, as LLMs become more sophisticated in reasoning, their intelligence may introduce new security risks. While traditional jailbreak attacks relied on singlestep attacks, multi-turn jailbreak...

Quantum AI Algorithm Development for Enhanced Cybersecurity: a Hybrid Approach to Malware Detection

This study explores the application of quantum machine learning QML algorithms to enhance cybersecurity threat detection, particularly in the classification of malware and intrusion detection within high-dimensional datasets. Classical machine learning approaches encounter limitations when dealin...

E-PhishGen: Unlocking Novel Research in Phishing Email Detection

Every day, our inboxes are flooded with unsolicited emails, ranging between annoying spam to more subtle phishing scams. Unfortunately, despite abundant prior efforts proposing solutions achieving near-perfect accuracy, the reality is that countering malicious emails still remains an unsolved...

Linux Distros Unpatched Vulnerability : CVE-2021-3405

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in libebml before 1.4.2. A heap overflow bug exists in the implementation of EbmlString::ReadData and EbmlUnicodeString::ReadData in libebml...