CVE-2020-26269

In TensorFlow release candidate versions 2.4.0rc, the general implementation for matching filesystem paths to globbing pattern is vulnerable to an access out of bounds of the array holding the directories. There are multiple invariants and preconditions that are assumed by the parallel...

CVE-2019-19507

In jpv aka Json Pattern Validator before 2.1.1, compareCommon can be bypassed because certain internal attributes can be overwritten via a conflicting name, as demonstrated by 'constructor': 'name':'Array'. This affects validate. Hence, a crafted payload can overwrite this builtin attribute to...

CVE-2019-9424

In the Screen Lock, there is a possible information disclosure due to an unusual root cause. In certain circumstances, the setting to hide the unlock pattern can be ignored. Product: AndroidVersions: Android-10Android ID: A-110941092...

CVE-2005-4757

BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier, and 7.0 SP5 and earlier, do not properly "constrain" a "/" slash servlet root URL pattern, which might allow remote attackers to bypass intended servlet protections...

SUSE CVE-2025-37969

In the Linux kernel, the following vulnerability has been resolved: iio: imu: stlsm6dsx: fix possible lockup in stlsm6dsxreadtaggedfifo Prevent stlsm6dsxreadtaggedfifo from falling in an infinite loop in case patternlen is equal to zero and the device FIFO is not empty...

DEBIAN-CVE-2025-37969

In the Linux kernel, the following vulnerability has been resolved: iio: imu: stlsm6dsx: fix possible lockup in stlsm6dsxreadtaggedfifo Prevent stlsm6dsxreadtaggedfifo from falling in an infinite loop in case patternlen is equal to zero and the device FIFO is not empty...

DEBIAN-CVE-2025-37970

In the Linux kernel, the following vulnerability has been resolved: iio: imu: stlsm6dsx: fix possible lockup in stlsm6dsxreadfifo Prevent stlsm6dsxreadfifo from falling in an infinite loop in case patternlen is equal to zero and the device FIFO is not empty...

UBUNTU-CVE-2025-37969

In the Linux kernel, the following vulnerability has been resolved: iio: imu: stlsm6dsx: fix possible lockup in stlsm6dsxreadtaggedfifo Prevent stlsm6dsxreadtaggedfifo from falling in an infinite loop in case patternlen is equal to zero and the device FIFO is not empty...

UBUNTU-CVE-2025-37970

In the Linux kernel, the following vulnerability has been resolved: iio: imu: stlsm6dsx: fix possible lockup in stlsm6dsxreadfifo Prevent stlsm6dsxreadfifo from falling in an infinite loop in case patternlen is equal to zero and the device FIFO is not empty...

ghostscript: Arbitrary Code Execution in Artifex Ghostscript Pattern Color Space

A flaw was found in Artifex Ghostscript's psi/zcolor.c component. This vulnerability allows arbitrary code execution via an unchecked implementation pointer in the Pattern color space...

ghostscript: Arbitrary Code Execution in Artifex Ghostscript Pattern Color Space

A flaw was found in Artifex Ghostscript's psi/zcolor.c component. This vulnerability allows arbitrary code execution via an unchecked implementation pointer in the Pattern color space...

Directory Traversal

Vite is vulnerable to Directory Traversal. The vulnerability is due to access control bypass due to insufficient enforcement of file access restrictions when using pattern-matching with dot-slash /. in network-exposed development servers...

Envoy 安全漏洞

Envoy is an Enphase open source gateway program for connecting smart home devices. A security vulnerability exists in Envoy versions prior to 1.34.1 that stems from a URI template matcher error excluding characters, which could lead to an RBAC rule bypass...

Regular expression Denial of Service - ReDoS

Description A regular expression denial of service ReDoS vulnerability has been identified in the Hugging Face Transformers library's weight conversion utility. The vulnerability exists in the converttfweightnametoptweightname function, which converts TensorFlow weight names to PyTorch format. Th...

Vite 安全漏洞

Vite is a new front-end build tool open-sourced by Vite. A security vulnerability exists in Vite versions prior to 6.3.4, which stems from a file matching pattern bypass that could lead to information disclosure...

ghostscript: Arbitrary Code Execution in Artifex Ghostscript Pattern Color Space

A flaw was found in Artifex Ghostscript's psi/zcolor.c component. This vulnerability allows arbitrary code execution via an unchecked implementation pointer in the Pattern color space...

The Automation Advantage in AI Red Teaming

This paper analyzes Large Language Model LLM security vulnerabilities based on data from Crucible, encompassing 214,271 attack attempts by 1,674 users across 30 LLM challenges. Our findings reveal automated approaches significantly outperform manual techniques 69.5% vs 47.6% success rate, despite...

USN-7431-2 haproxy vulnerability

USN-7431-1 fixed a vulnerability in HAProxy. This update provides the corresponding update for Ubuntu 25.04. Original advisory details: Aleandro Prudenzano and Edoardo Geraci discovered that HAProxy incorrectly handled certain uncommon configurations that replace multiple short patterns with a...

Intent-Aware Authorization for Zero Trust CI/CD

This paper introduces intent-aware authorization for Zero Trust CI/CD systems. Identity establishes who is making the request, but additional signals are required to decide whether access should be granted. We describe a control loop architecture where policy engines such as OPA and Cedar evaluat...

OESA-2025-1427 golang security update

. Security Fixes: Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied.CVE-2025-22870...