CVE-2025-38650

In the Linux kernel, the following vulnerability has been resolved: hfsplus: remove mutexlock check in hfsplusfreeextents Syzbot reported an issue in hfsplus filesystem: ------------ cut here ------------ WARNING: CPU: 0 PID: 4400 at fs/hfsplus/extents.c:346 hfsplusfreeextents+0x700/0xad0 Call...

CVE-2024-42209

HCL Connections is vulnerable to an information disclosure vulnerability that could allow a user to obtain sensitive information they are not entitled to, which is caused by improper handling of request data...

HCL Connections 安全漏洞

HCL Connections is a suite of enterprise collaboration platforms from HCL India. A security vulnerability exists in HCL Connections that stems from improper handling of request data, which could lead to access to unauthorized sensitive information...

OpenBlow Missing Headers

Multiple public deployments of the OpenBlow whistleblowing software lack critical HTTP security headers. These configurations expose users to client-side vulnerabilities including cross site scripting, clickjacking, API misuse, and referer leakage. Given the extreme sensitivity of users...

python-werkzeug: high resource usage when parsing multipart form data with many fields

A flaw was found in python-werkzeug. Werkzeug is multipart form data parser, that will parse an unlimited number of parts, including file parts. These parts can be a small amount of bytes, but each requires CPU time to parse, and may use more memory as Python data. If a request can be made to an...

Security update for perl

This update for perl fixes the following issues: CVE-2025-40909: Do not change the current directory when cloning an open directory handle bsc1244079. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

Technical Options for Flexible Hardware-Enabled Guarantees

Frontier AI models pose increasing risks to public safety and international security, creating a pressing need for AI developers to provide credible guarantees about their development activities without compromising proprietary information. We propose Flexible Hardware-Enabled Guarantees flexHEG,...

Disclosure Audits for LLM Agents

Large Language Model agents have begun to appear as personal assistants, customer service bots, and clinical aides. While these applications deliver substantial operational benefits, they also require continuous access to sensitive data, which increases the likelihood of unauthorized disclosures...

CVE-2015-1313

JetBrains TeamCity 8 and 9 before 9.0.2 allows bypass of account-creation restrictions via a crafted request because the required request data can be deduced by reading HTML and JavaScript files that are returned to the web browser after an initial unauthenticated request...

DEBIAN-CVE-2024-13009

In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request body. This can result in corrupted and/or inadvertent sharing of data between requests...

Configure the SELinux Policy Correctly

SELinux policies are classified into basic policies and user-defined policies. Basic policies: policies defined in the basic policy package, including selinux-policy, selinux-policy-targeted, and selinux-policy-mls. User-defined policies: policies modified or added by users. SELinux can implement...

Publicly Verifiable Secret Sharing: Generic Constructions and Lattice-Based Instantiations in the Standard Model

Publicly verifiable secret sharing PVSS allows a dealer to share a secret among a set of shareholders so that the secret can be reconstructed later from any set of qualified participants. In addition, any public verifier should be able to check the correctness of the sharing and reconstruction...

Exploit for Deserialization of Untrusted Data in Apache Tomcat

CVE-2025-24813 Proof-of-Concept Standalone This repository...

CVE-2024-42208

HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data...

HCL Connections 安全漏洞

HCL Connections is a suite of enterprise collaboration platforms from HCL India. HCL Connections has a security vulnerability that stems from mishandling of request data, which could lead to information leakage...

CVE-2024-23563

CVE-2024-23563 affects HCL Connections Docs. The issue is a sensitive information disclosure caused by improper handling of request data, allowing an attacker to access information they should not be entitled to. Connected sources corroborate the vulnerability and describe the root cause as misha...

Apache Tomcat - information disclosure (CVE-2023-42795 )

When recycling various internal objects, including the request and the response, prior to re-use by the next request/response, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next...

CVE-2024-30106

HCL Connections is vulnerable to an information disclosure vulnerability, due to an IBM WebSphere Application Server error, which could allow a user to obtain sensitive information they are not entitled to due to the improper handling of request data...

CVE-2024-30106 HCL Connections is vulnerable to an information disclosure vulnerability

HCL Connections is vulnerable to an information disclosure vulnerability, due to an IBM WebSphere Application Server error, which could allow a user to obtain sensitive information they are not entitled to due to the improper handling of request data...

CVE-2024-30106 HCL Connections is vulnerable to an information disclosure vulnerability

HCL Connections is vulnerable to an information disclosure vulnerability, due to an IBM WebSphere Application Server error, which could allow a user to obtain sensitive information they are not entitled to due to the improper handling of request data...