RUSTSEC-2026-0128 Double-free and use-after-free in `Keys::next()`

Keys::next uses ptr::read to move out the Option by value, which drops the contained V when V is non-Copy e.g. String. This leaves a dangling value in the map's storage slot. Subsequent get operations on that key return a dangling reference to already-freed memory. This can be triggered through...

Null-pointer dereference and double-free via safe APIs

Two soundness violations exist in the Rust bindings for MetaCall: Null-pointer dereference: MetaCallFuture::newraw accepts a raw pointer without validation. The Debug impl calls Box::fromrawself.data on it. Passing a null pointer causes the Debug impl to construct a NonNull from null, producing...

GHSA-F5V8-V6Q3-Q4H6 Meridian: Multiple defense-in-depth gaps (collection/depth caps, telemetry, retry, fan-out)

Summary Meridian v2.1.0 Meridian.Mapping and Meridian.Mediator shipped with nine defense-in-depth gaps reachable through its public APIs. Two are HIGH severity — the advertised DefaultMaxCollectionItems and DefaultMaxDepth safety caps are silently bypassed on the IMapper.Mapsource, destination...

CVE-2025-52022

A vulnerability in the PHP backend of gemsloyalty.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and stack traces. This occurs when specially crafted HTTP GET/POST requests are sent to publ...

CVE-2025-52023

A vulnerability in the PHP backend of gemscms.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and stack traces. This occurs when specially crafted HTTP GET/POST requests are sent to public A...

CVE-2025-34442

AVideo versions prior to 20.1 disclose absolute filesystem paths via multiple public API endpoints. Returned metadata includes full server paths to media files, revealing underlying filesystem structure and facilitating more effective attack chains...

EUVD-2025-20928

Malicious code in bioql PyPI...

EUVD-2023-45239

Malicious code in bioql PyPI...

gnutls: Vulnerability in GnuTLS otherName SAN export

A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name SAN entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1deletestructure on an ASN.1 node it do...

Automated Testing of Broken Authentication Vulnerabilities in Web APIs with AuthREST

We present AuthREST, an open-source security testing tool targeting broken authentication, one of the most prevalent API security risks in the wild. AuthREST automatically tests web APIs for credential stuffing, password brute forcing, and unchecked token authenticity. Empirical results show that...

CVE-2025-32988

A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name SAN entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1deletestructure on an ASN.1 node it do...

swaggerHole - A Python3 Script Searching For Secret On Swaggerhub

Introduction This tool is made to automate the process of retrieving secrets in the public APIs on swaggerHub. This tool is multithreaded and pipe mode is available : Requirements - python3 sudo apt install python3 - pip3 sudo apt install python3-pip Installation pip3 install swaggerhole or...

CVE-2023-40683

IBM OpenPages with Watson 8.3 and 9.0 could allow remote attacker to bypass security restrictions, caused by insufficient authorization checks. By authenticating as an OpenPages user and using non-public APIs, an attacker could exploit this vulnerability to bypass security and gain unauthorized...

CVE-2023-40683

IBM OpenPages with Watson 8.3 and 9.0 could allow remote attacker to bypass security restrictions, caused by insufficient authorization checks. By authenticating as an OpenPages user and using non-public APIs, an attacker could exploit this vulnerability to bypass security and gain unauthorized...

CVE-2023-40683 IBM OpenPages with Watson privilege escalation

IBM OpenPages with Watson 8.3 and 9.0 could allow remote attacker to bypass security restrictions, caused by insufficient authorization checks. By authenticating as an OpenPages user and using non-public APIs, an attacker could exploit this vulnerability to bypass security and gain unauthorized...

PT-2024-12905 · Ibm · Ibm Openpages With Watson

Name of the Vulnerable Software and Affected Versions: IBM OpenPages with Watson versions 8.3 through 9.0 Description: The issue is caused by insufficient authorization checks, allowing a remote attacker to bypass security restrictions. By authenticating as an OpenPages user and using non-public...

Everything You Need To Know About The Latest Imperva Online Fraud Prevention Feature Release

It’s a new year and we have lots of fresh features for Imperva Online Fraud Prevention solution, which encompasses Advanced Bot Protection, Account Takeover Protection, and Client-Side Protection. We have been busy adding a host of new advanced fraud detection and prevention capabilities as well ...

Generated code can read and write out of bounds in safe code

Code generated by flatbuffers' compiler is unsafe but not marked as such. See https://github.com/google/flatbuffers/issues/6627 for details. All users that use generated code by flatbuffers compiler are recommended to: 1. not expose flatbuffer generated code as part of their public APIs 2. audit...

GHSA-3JCH-9QGP-4844 Generated code can read and write out of bounds in safe code

Code generated by flatbuffers' compiler is unsafe but not marked as such. See https://github.com/google/flatbuffers/issues/6627 for details. All users that use generated code by flatbuffers compiler are recommended to: 1. not expose flatbuffer generated code as part of their public APIs 2. audit...

KaliIntelligenceSuite - Shall Aid In The Fast, Autonomous, Central, And Comprehensive Collection Of Intelligence By Executing Standard Penetration Testing Tools

Kali Intelligence Suite KIS shall aid in the fast, autonomous, central, and comprehensive collection of intelligence by automatically: executing Kali Linux tools e.g., dnsrecon, gobuster, hydra, nmap, etc. querying publicly available APIs e.g., Censys.io, Haveibeenpwned.com, Hunter.io,...