EUVD-2025-175979

Malicious code in testcafe-jsonp-lyra-antd npm...

EUVD-2025-179104

Malicious code in epigenetics-dynamo-jsonp-odin npm...

Siemens SIMATIC S7-1500 Observable Discrepancy (CVE-2023-5981)

A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS1 v1.5 padding. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

Siemens SIMATIC S7-1500 Out-of-bounds Read (CVE-2019-3861)

An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. This plugin on...

HP Integrated Lights-Out Cryptographic Issues (CVE-2016-4379)

The TLS implementation in HPE Integrated Lights-Out 3 aka iLO3 firmware before 1.88 does not properly use a MAC protection mechanism in conjunction with CBC padding, which allows remote attackers to obtain sensitive information via a padding-oracle attack, aka a Vaudenay attack. This plugin only...

EUVD-2025-111561

Malicious code in loopback-jest-oberon-jsonp npm...

MAL-2025-110128 Malicious code in uninterested_chipmunk_dumbs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 56d4e3536eca49dadfea6366a6cfa3489118635ffad21659d23e48ece2c9f880 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Exploit for User Interface (UI) Misrepresentation of Critical Information in Microsoft

CVE-2025-9491 LNK Obfuscation PoC A proof-of-concept tool for...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990526)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990526 advisory. In the Linux kernel, the following vulnerability has been resolved: dm integrity: fix memory corruption when tagsize is less than digest size It is possible to set u...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990248)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990248 advisory. In the Linux kernel, the following vulnerability has been resolved: arm64: asm-bug: Add .align 2 to the end of BUGENTRY When CONFIGDEBUGBUGVERBOSE=n, we fail to add...

Whisper Leak: A Side-Channel Attack on Large Language Models

Large Language Models LLMs are increasingly deployed in sensitive domains including healthcare, legal services, and confidential communications, where privacy is paramount. This paper introduces Whisper Leak, a side-channel attack that infers user prompt topics from encrypted LLM traffic by...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989849)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989849 advisory. In the Linux kernel, the following vulnerability has been resolved: arm64: asm-bug: Add .align 2 to the end of BUGENTRY When CONFIGDEBUGBUGVERBOSE=n, we fail to add...

CVE-2025-12464

A stack-based buffer overflow was found in the QEMU e1000 network device. The code for padding short frames was dropped from individual network devices and moved to the net core code. The issue stems from the device's receive code still being able to process a short frame in loopback mode. This...

AZL-69631 CVE-2025-12464 affecting package qemu for versions less than 8.2.0-25

A stack-based buffer overflow was found in the QEMU e1000 network device. The code for padding short frames was dropped from individual network devices and moved to the net core code. The issue stems from the device's receive code still being able to process a short frame in loopback mode. This...

SUSE CVE-2025-40078

In the Linux kernel, the following vulnerability has been resolved: bpf: Explicitly check accesses to bpfsockaddr Syzkaller found a kernel warning on the following sockaddr program: 0: r0 = 0 1: r2 = u32 r1 +60 2: exit which triggers: verifier bug: error during ctx access conversion 0 This is...

Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Sensitive Information in Resource Not Removed Before Reuse (CVE-2024-49997)

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: lantiqetop: fix memory disclosure When applying padding, the buffer is not zeroed, which results in memory disclosure. The mentioned data is observed on the wire. This patch uses skbputpadto to pad Ethernet frames...

CVE-2025-40035

An information disclosure flaw was found in the Linux kernel's uinput driver in the force feedback upload handling for 32-bit compatibility mode. A local user can trigger this issue by performing force feedback upload operations through the uinput device, where uninitialized padding bytes in the...

CVE-2025-40078

In the Linux kernel, the following vulnerability has been resolved: bpf: Explicitly check accesses to bpfsockaddr Syzkaller found a kernel warning on the following sockaddr program: 0: r0 = 0 1: r2 = u32 r1 +60 2: exit which triggers: verifier bug: error during ctx access conversion 0 This is...

AZL-68840 CVE-2025-40078 affecting package kernel for versions less than 6.6.112.1-2

In the Linux kernel, the following vulnerability has been resolved: bpf: Explicitly check accesses to bpfsockaddr Syzkaller found a kernel warning on the following sockaddr program: 0: r0 = 0 1: r2 = u32 r1 +60 2: exit which triggers: verifier bug: error during ctx access conversion 0 This is...

CVE-2025-40035

In the Linux kernel, the following vulnerability has been resolved: Input: uinput - zero-initialize uinputffuploadcompat to avoid info leak Struct ffeffectcompat is embedded twice inside uinputffuploadcompat, contains internal padding. In particular, there is a hole after struct ffreplay to satis...