211 matches found
EUVD-2023-0383
Malicious code in bioql PyPI...
Security Bulletin: Multiple vulnerabilities in IBM Aspera HTTP Gateway
Summary Multiple vulnerabilities were addressed in IBM Aspera HTTP Gateway version 2.3.2. Vulnerability Details CVEID:CVE-2025-36274 DESCRIPTION: IBM Aspera HTTP Gateway stores sensitive information in clear text in easily obtainable files which can be read by an unauthenticated user. CWE:CWE-312...
K000156606: libxml2 vulnerability CVE-2025-27113
Security Advisory Description libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c. CVE-2025-27113 Impact This vulnerability allows an attacker to cause a denial-of-service DoS on the system. Security Advisory Status F5 Product Development has...
PCRE2 安全漏洞
PCRE2 is a set of C functions open-sourced by PCRE2Project. Uses the same syntax and semantics as Perl5 for regular expression pattern matching. A security vulnerability exists in PCRE2 version 10.45, which stems from the processing of scs:... and ACCEPT with a heap buffer overflow read, which...
Linux Distros Unpatched Vulnerability : CVE-2019-20454
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode...
ETrace:Event-Driven Vulnerability Detection in Smart Contracts Via LLM-Based Trace Analysis
With the advance application of blockchain technology in various fields, ensuring the security and stability of smart contracts has emerged as a critical challenge. Current security analysis methodologies in vulnerability detection can be categorized into static analysis and dynamic analysis...
CVE-2021-21626
Jenkins Warnings Next Generation Plugin 8.4.4 and earlier does not perform a permission check in methods implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match...
Directory Traversal
Vite is vulnerable to Directory Traversal. The vulnerability is due to access control bypass due to insufficient enforcement of file access restrictions when using pattern-matching with dot-slash /. in network-exposed development servers...
The Automation Advantage in AI Red Teaming
This paper analyzes Large Language Model LLM security vulnerabilities based on data from Crucible, encompassing 214,271 attack attempts by 1,674 users across 30 LLM challenges. Our findings reveal automated approaches significantly outperform manual techniques 69.5% vs 47.6% success rate, despite...
OESA-2025-1427 golang security update
. Security Fixes: Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied.CVE-2025-22870...
CVE-2025-22870
Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...
UBUNTU-CVE-2025-22870
Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...
CLSA-2025-1741215702 libxml2: Fix of CVE-2025-27113
CVE-2025-27113: fix NULL pointer dereference in xmlPatMatch in pattern.c...
Security update for libxml2
This update for libxml2 fixes the following issues: CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c bsc1237363. CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c bsc1237370. CVE-2025-27113: NULL pointer...
OESA-2025-1225 libxml2 security update
This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...
redis: Denial-of-service due to unbounded pattern matching in Redis
A flaw was found in Redis. This flaw allows authenticated users to trigger a denial of service by using specially crafted, long string match patterns on supported commands such as KEYS, SCAN, PSUBSCRIBE, FUNCTION LIST, COMMAND LIST, and ACL definitions. Matching of extremely long patterns may...
AlmaLinux 8 : redis:6 (ALSA-2025:0595)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:0595 advisory. redis: Integer overflow in the Redis HRANDFIELD and ZRANDMEMBER commands may lead to denial-of-service CVE-2023-22458 redis: Integer overflow in the Redis...
redis: Denial-of-service due to unbounded pattern matching in Redis
A flaw was found in Redis. This flaw allows authenticated users to trigger a denial of service by using specially crafted, long string match patterns on supported commands such as KEYS, SCAN, PSUBSCRIBE, FUNCTION LIST, COMMAND LIST, and ACL definitions. Matching of extremely long patterns may...
redis: Denial-of-service due to unbounded pattern matching in Redis
A flaw was found in Redis. This flaw allows authenticated users to trigger a denial of service by using specially crafted, long string match patterns on supported commands such as KEYS, SCAN, PSUBSCRIBE, FUNCTION LIST, COMMAND LIST, and ACL definitions. Matching of extremely long patterns may...
Fedora 41 : valkey (2024-e717420659)
The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-e717420659 advisory. update to 8.0.1 fixes CVE-2024-31449 Lua library commands may lead to stack overflow and potential RCE. CVE-2024-31227 Potential Denial-of-service d...