OESA-2025-1948 transfig security update

The transfig utility creates a makefile which translates FIG created by xfig or PIC figures into a specified LaTeX graphics language for example, PostScriptTM. Transfig is used to create TeX documents which are portable i.e., they can be printed in a wide variety of environments. Security Fixes: ...

OESA-2025-1947 transfig security update

The transfig utility creates a makefile which translates FIG created by xfig or PIC figures into a specified LaTeX graphics language for example, PostScriptTM. Transfig is used to create TeX documents which are portable i.e., they can be printed in a wide variety of environments. Security Fixes: ...

@nyariv/sandboxjs has Prototype Pollution vulnerability that may lead to RCE

A prototype pollution vulnerability exists in @nyariv/sandboxjs versions = 0.8.23, allowing attackers to inject arbitrary properties into Object.prototype via crafted JavaScript code. This can result in a denial-of-service DoS condition or, under certain conditions, escape the sandboxed environme...

CVE-2025-34146

A prototype pollution vulnerability exists in @nyariv/sandboxjs versions = 0.8.23, allowing attackers to inject arbitrary properties into Object.prototype via crafted JavaScript code. This can result in a denial-of-service DoS condition or, under certain conditions, escape the sandboxed environme...

RLSA-2025:8060 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: Out-of-bounds access when resolving Promise objects CVE-2025-4918 firefox: Out-of-bounds access when optimizing linear sums CVE-2025-4919 For more details about...

Repairing Vulnerabilities without Invisible Hands. a Differentiated Replication Study on LLMs

Background: Automated Vulnerability Repair AVR is a fast-growing branch of program repair. Recent studies show that large language models LLMs outperform traditional techniques, extending their success beyond code generation and fault detection. Hypothesis: These gains may be driven by hidden...

PT-2025-37196

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains a flaw in the mm/kmemleak component where the kmemleak do cleanup function could lead to a soft lockup. This issue was observed on x86-64 systems with 16 GB o...

Freescout Helper::decrypt() function deserialization vulnerability

FreeScout is an open source helpdesk system built on the PHP Laravel framework, designed to provide users with functionality similar to Zendesk or Help Scout, but without sacrificing privacy or freedom. Freescout suffers from a deserialization vulnerability that stems from an application that...

PT-2025-97: Deserialization of untrusted data in FreeScout

The vulnerability was identified in FreeScout, version 1.8.182. The discovered vulnerability allows an attacker to deserialize altered data, create arbitrary objects and disrupt normal system operation. Vulnerability status: Confirmed by vendor Date of vulnerability remediation: 19.07.2025...

SUSE-SU-2025:01835-2 Security update for transfig

This update for transfig fixes the following issues: Update to fig2dev version 3.2.9a - CVE-2025-31162: Fixed a floating point exception in fig2dev in getslope function bsc1240380. - CVE-2025-31163: Fixed a segmentation fault in fig2dev in putpatternarc function bsc1240381. - CVE-2025-31164: Fixe...

AdvGrasp: Adversarial Attacks on Robotic Grasping from a Physical Perspective

Adversarial attacks on robotic grasping provide valuable insights into evaluating and improving the robustness of these systems. Unlike studies that focus solely on neural network predictions while overlooking the physical principles of grasping, this paper introduces AdvGrasp, a framework for...

module: ensure that kobject_put() is safe for module type kobjects

...

CVE-2025-53864

CVE-2025-53864 is described as a denial of service vulnerability in Nimbus JOSE + JWT where a deeply nested JSON object in a JWT claim set can trigger uncontrolled recursion. IBM security notices cite affected product lines and versions, for example IBM API Connect (OnPrem) v12.1.0.0 and Jazz Fou...

CVE-2025-27367

IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to improper input validation due to bypassing of client-side validation for the data types and requiredness of fields for GRC Objects when an authenticated user sends a specially crafted payload to the server allowing for data to be saved withou...

CVE-2025-27367

IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to improper input validation due to bypassing of client-side validation for the data types and requiredness of fields for GRC Objects when an authenticated user sends a specially crafted payload to the server allowing for data to be saved withou...

CVE-2025-27367

IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to improper input validation due to bypassing of client-side validation for the data types and requiredness of fields for GRC Objects when an authenticated user sends a specially crafted payload to the server allowing for data to be saved withou...

CVE-2025-27367 IBM OpenPages with Watson improper input validation

IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to improper input validation due to bypassing of client-side validation for the data types and requiredness of fields for GRC Objects when an authenticated user sends a specially crafted payload to the server allowing for data to be saved withou...

CVE-2025-27367 IBM OpenPages with Watson improper input validation

IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to improper input validation due to bypassing of client-side validation for the data types and requiredness of fields for GRC Objects when an authenticated user sends a specially crafted payload to the server allowing for data to be saved withou...

CVE-2025-27367

CVE-2025-27367 affects IBM OpenPages with Watson versions 8.3 through 9.0. The issue is described as improper input validation where an authenticated user can bypass client-side validation for GRC Object fields and craft a payload that allows data to be saved without required fields being stored....

SAP BusinessObjects Business Intelligence Platform 安全漏洞

SAP BusinessObjects Business Intelligence Platform is a complete business analytics platform from SAP. The platform combines market-leading SAP data integration products, data management products, and business intelligence BI products to eliminate system integration challenges and quickly and...