BIT-LIBPYTHON-2025-8194 Tarfile infinite loop during parsing with negative member offset

There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives...

BIT-LIBPYTHON-2024-12718 Bypass extraction filter to modify file metadata outside extraction directory

Allows modifying some file metadata e.g. last modified with filter="data" or file permissions chmod with filter="tar" of files outside the extraction directory. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...

CVE-2025-46414 EG4 Electronics EG4 Inverters Improper Restriction of Excessive Authentication Attempts

The affected product does not limit the number of attempts for inputting the correct PIN for a registered product, which may allow an attacker to gain unauthorized access using brute-force methods if they possess a valid device serial number. The API provides clear feedback when the correct PIN i...

The vulnerability of the user blocking mechanism of the Vault Enterprise and Vault Community Edition corporate information archiving platforms allows attackers to circumvent existing security restrictions.

The vulnerability of the user blocking mechanism in the Vault Enterprise and Vault Community Edition corporate information archiving platforms is related to insufficient restrictions on authentication attempts. Exploiting this vulnerability allows a malicious actor to circumvent existing security...

Flexibits Fantastical 安全漏洞

Flexibits Fantastical is a cross-platform calendar and task manager from Flexibits, Inc. A security vulnerability exists in Flexibits Fantastical that stems from the XPC service not implementing proper client-side authorization checks, which could result in a local, unprivileged process accessing...

Linux Distros Unpatched Vulnerability : CVE-2025-50078

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and...

VulnCheck KEV: CVE-2024-51978

An unauthenticated attacker who knows the target device's serial number, can generate the default administrator password for the device. An unauthenticated attacker can first discover the target device's serial number via CVE-2024-51977 over HTTP/HTTPS/IPP, or via a PJL request, or via an SNMP...

CVE-2025-6004 Vault Userpass and LDAP User Lockout Bypass

Vault and Vault Enterprise’s “Vault” user lockout feature could be bypassed for Userpass and LDAP authentication methods. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...

PT-2025-31678

Name of the Vulnerable Software and Affected Versions Vault versions prior to 1.20.1 Vault Enterprise versions prior to 1.20.1, 1.19.7, 1.18.12, and 1.16.23 Description The user lockout feature in Vault and Vault Enterprise could be bypassed for Userpass and LDAP authentication methods...

VPN use rises following Online Safety Act’s age verification controls

As the UK's Online Safety Act came into effect on Friday—along with its age verification controls—the use of virtual private network VPN services has skyrocketed by up to 20-fold across the region. Top10VPN, which monitors VPN traffic around the world, spotted UK VPN traffic spiking 1,327% on Jul...

DoS Attacks and Defense Technologies in Blockchain Systems: a Hierarchical Analysis

Blockchain technology is widely used in various fields due to its ability to provide decentralization and trustless security. This is a fundamental understanding held by many advocates, but it is misunderstood, leading participants to fail to recognize the limitations of the security that...

CVE-2025-54412

A flaw was found in skops. An inconsistency in OperatorFuncNode can hide the execution of untrusted operator methods when a specially crafted model file is loaded. This issue allows arbitrary code execution at load time...

Enhancing Jailbreak Attacks on LLMs Via Persona Prompts

Jailbreak attacks aim to exploit large language models LLMs by inducing them to generate harmful content, thereby revealing their vulnerabilities. Understanding and addressing these attacks is crucial for advancing the field of LLM safety. Previous jailbreak approaches have mainly focused on dire...

Exploit for CVE-2017-3143

Awesome Vulnerability Research 🦄 A curated list of the awesome resources about the Vulnerability Research First things first: There are no exploits in this project. Vulnerabilities != Exploits A Vulnerability resides in the software itself, doing nothing on its own. If you are really curious abou...

Cryptographic Data Exchange for Nuclear Warheads

Nuclear arms control treaties have historically focused on strategic nuclear delivery systems, leaving nuclear warheads outside formal verification frameworks. This paper presents a cryptographic protocol for secure and verifiable warhead tracking, addressing challenges in nuclear warhead...

Skops has Inconsistent Trusted Type Validation that Enables Hidden `operator` Methods Execution

Summary An inconsistency in OperatorFuncNode can be exploited to hide the execution of untrusted operator.xxx methods. This can then be used in a code reuse attack to invoke seemingly safe functions and escalate to arbitrary code execution with minimal and misleading trusted types. Note: This...

Exploit for CVE-2025-1302

CVE-2025-1302 JSONPath-Plus RCE PoC PoC Script Name: po...

Exploit for Path Traversal in Jenkins

Jenkins CVE-2024-23897 Lab Уязвимость чтения произвольных фай...

Development of a Standardized Testing Environment for QRNGs Based on Semiconductor Laser Phase Noise

Quantum random number generators QRNGs based on semiconductor laser phase noise are an inexpensive and efficient resource for true random numbers. Commercially available technology allows for designing QRNG setups tailored to specific use cases. However, it is important to constantly monitor...

Back to Business: Lumma Stealer Returns with Stealthier Methods

Lumma Stealer has re-emerged shortly after its takedown. This time, the cybergroup behind this malware appears to be intent on employing more covert tactics while steadily expanding its reach. This article shares the latest methods used to propagate this threat...