CVE-2025-53066

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 and 21.0.8; Oracle...

Protection Mechanism Failure

picklescan is vulnerable to Protection Mechanism Failure. The vulnerability is due to improper error handling in the ZIP archive scanning component when processing files with a bad Cyclic Redundancy Check CRC, which allows an attacker to craft a malicious ZIP archive that halts the scan and...

CVE-2025-53066

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 and 21.0.8; Oracle...

IBM Standards Processing Engine Deserialization Vulnerability

IBM Standards Processing Engine Ibm Transformation Extender Advanced is a document conversion software from International Business Machines IBM. Used to automatically convert and validate large amounts of data. IBM Standards Processing Engine suffers from a deserialization vulnerability that stem...

Amazon Corretto Java 17.x < 17.0.17.10.1 Multiple Vulnerabilities

The version of Amazon Corretto installed on the remote host is 17 prior to 17.0.17.10.1. It is, therefore, affected by multiple vulnerabilities as referenced in the corretto-17-2025-Oct-21 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition...

CLASP: Cost-Optimized LLM-Based Agentic System for Phishing Detection

Phishing websites remain a significant cybersecurity threat, necessitating accurate and cost-effective detection mechanisms. In this paper, we present CLASP, a novel system that effectively identifies phishing websites by leveraging multiple intelligent agents, built using large language models...

sharp 安全漏洞

sharp is a lovell personal developer for converting large images in common formats to smaller, web-friendly JPEG, PNG, WebP, GIF, and AVIF images of different sizes. A security vulnerability exists in sharp v9.6.6, which originates in src/Form/Fields/SharpFormUploadField.php and is susceptible to...

Amazon Corretto Java 11.x < 11.0.29.7.1 Multiple Vulnerabilities

The version of Amazon Corretto installed on the remote host is 11 prior to 11.0.29.7.1. It is, therefore, affected by multiple vulnerabilities as referenced in the corretto-11-2025-Oct-21 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987530)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987530 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Fix refcount issue when LOGO is received during TMF Hung task call trace was seen...

CVE-2025-11849

Versions of the package mammoth from 0.3.25 and before 1.11.0; versions of the package mammoth from 0.3.25 and before 1.11.0; versions of the package mammoth before 1.11.0; versions of the package org.zwobble.mammoth:mammoth before 1.11.0 are vulnerable to Directory Traversal due to the lack of...

Agentic AI’s OODA Loop Problem

The OODA loop --for observe, orient, decide, act--is a framework to understand decision-making in adversarial situations. We apply the same framework to artificial intelligence agents, who have to make their decisions with untrustworthy observations and orientation. To solve this problem, we need...

PT-2025-46530

Name of the Vulnerable Software and Affected Versions libvirt affected versions not specified Description A flaw exists in libvirt related to XML file processing. Specifically, user-provided XML files are parsed before Access Control List ACL checks. A malicious user with limited permissions coul...

VulnCheck KEV: CVE-2022-48503

The issue was addressed with improved bounds checks. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing web content may lead to arbitrary code execution...

JLSEC-2025-150 A vulnerability was found in FFmpeg up to 7.1

A vulnerability was found in FFmpeg up to 7.1. It has been rated as problematic. Affected by this issue is the function movreadtrak of the file libavformat/mov.c of the component MOV Parser. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The...

JLSEC-2025-133 A vulnerability was found in FFmpeg up to 7.0.1

A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnmdecodeframe in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed t...

CVE-2025-55092

In Eclipse Foundation NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in nxipv4optionprocess when processing an IPv4 packet with the timestamp option...

Structuring Security: A Survey of Cybersecurity Ontologies, Semantic Log Processing, and LLMs Application

This survey investigates how ontologies, semantic log processing, and Large Language Models LLMs enhance cybersecurity. Ontologies structure domain knowledge, enabling interoperability, data integration, and advanced threat analysis. Security logs, though critical, are often unstructured and...

JLSEC-2025-74 valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.

valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via the processing of malicious JSON payloads in the request handling process. An attacker can exhaust system memory and CPU resources by sending specially crafted JSON objects that, when deserialized, consume...

Vulnerabilities fixed in SAP Products

SAP has fixed vulnerabilities in several SAP products. The vulnerabilities include a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary OS commands, and a CSRF vulnerability that allows authenticated attackers to bypass critical authorization controls. In...