CVE-2025-30131

An issue was discovered on IROAD Dashcam FX2 devices. An unauthenticated file upload endpoint can be leveraged to execute arbitrary commands by uploading a CGI-based webshell. Once a file is uploaded, the attacker can execute commands with root privileges, gaining full control over the dashcam...

Unveiling RIFT: Enhancing Rust malware analysis through pattern matching

Today, Microsoft Threat Intelligence Center is excited to announce the release of RIFT , a tool designed to assist malware analysts automate the identification of attacker-written code within Rust binaries. Known for its efficiency, type safety, and robust memory safety, Rust has increasingly...

One Video to Steal Them All: 3D-Printing IP Theft through Optical Side-Channels

The 3D printing industry is rapidly growing and increasingly adopted across various sectors including manufacturing, healthcare, and defense. However, the operational setup often involves hazardous environments, necessitating remote monitoring through cameras and other sensors, which opens the do...

📄 Mouselink 5.0.1 Remote Code Execution

Mouselink version 5.0.1 allows unauthenticated remote attackers to execute arbitrary commands by abusing an exposed login endpoint and insecure WebSocket-based keyboard simulation. With no password per default, an attacker can obtain a JWT token, open a WebSocket session, and simulate keystrokes ...

📄 VLC Mobile Remote for Windows 1.3.9.3 Remote Code Execution

VLC Mobile Remote for Windows version 1.3.9.3 allows remote code execution via unauthenticated keystroke injection over TCP, enabling command execution and reverse shell delivery. This is a second version of the original exploit by the same author. Exploit Title: VLC Mobile Remote VMR for Windows...

Exploit for Command Injection in Tp-Link Tl-Wr940N_Firmware

Python Exploit for TP-Link TL-WR940N/TL-WR841N Command Injecti...

IDOL: Improved Different Optimization Levels Testing for Solidity Compilers

As blockchain technology continues to evolve and mature, smart contracts have become a key driving force behind the digitization and automation of transactions. Smart contracts greatly simplify and refine the traditional business transaction processes, and thus have had a profound impact on vario...

Don't Throw the Baby out with the Bathwater: How and Why Deep Learning for ARC

The Abstraction and Reasoning Corpus ARC-AGI presents a formidable challenge for AI systems. Despite the typically low performance on ARC, the deep learning paradigm remains the most effective known strategy for generating skillful state-of-the-art neural networks NN across varied modalities and...

Security update for python39

This update for python39 fixes the following issues: python39 was updated from version 3.9.21 to version 3.9.23: Security issues fixed: CVE-2025-4516: Fixed blocking DecodeError handling vulnerability, which could lead to DoS bsc1243273 CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4517:...

SUSE CVE-2025-38015

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix memory leak in error handling path of idxdalloc Memory allocated for idxd is not freed if an error occurs during idxdalloc. To fix it, free the allocated memory in the reverse order of allocation before exiti...

Moderate: Red Hat Security Advisory: golang-github-openprinting-ipp-usb security update

An update for golang-github-openprinting-ipp-usb is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

RHEL 10 : golang-github-openprinting-ipp-usb (RHSA-2025:9156)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:9156 advisory. HTTP reverse proxy, backed by IPP-over-USB connection to device. It enables driverless support for USB devices capable of using IPP-over-USB protoco...

ALSA-2025:9156 Moderate: golang-github-openprinting-ipp-usb security update

HTTP reverse proxy, backed by IPP-over-USB connection to device. It enables driverless support for USB devices capable of using IPP-over-USB protocol. Security Fixes: net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 For more details about the securi...

Astra Linux - уязвимость в python-h11

h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in chunked-coding message bodies can lead to request smuggling vulnerabilities under certain conditions. This issue has been patched in version 0.16.0. Since exploitation requires...

TencentOS Server 3: mod_auth_mellon (TSSA-2022:0100)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0100 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Fedora 42 : python-pydantic-core / rust-adblock / rust-cookie_store / etc (2025-04847cb65d)

The remote Fedora 42 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-04847cb65d advisory. Update uv to 0.6.14, with various bugfixes and new features. Update rust-idna to 1.0.3 fixing RUSTSEC-2024-0421, rust-url to 2.5.4, rust- adblock to 0.9.6, a...

A New Representation of Binary Sequences by Means of Boolean Functions

Boolean functions and binary sequences are main tools used in cryptography. In this work, we introduce a new bijection between the set of Boolean functions and the set of binary sequences with period a power of two. We establish a connection between them which allows us to study some properties o...

IBM Application Gateway Incorrect Privilege Assignment Vulnerability

IBM Application Gateway is an application gateway from International Business Machines IBM, Inc. provides a containerized, secure Web reverse proxy that is designed to sit in front of your application and seamlessly add authentication and authorization protection to your application. An incorrect...

OS Command Exec, Unix Command Shell, Reverse TCP (via Ksh)

Execute an OS command from PHP. Connect back and create a command shell via Ksh. Note: Although Ksh is often available, please be aware it isn't usually installed by default. Module Options msf use payload/php/unix/cmd/reverseksh msf payloadreverseksh show actions ...actions... msf...

OS Command Exec, Unix Command Shell, Reverse TCP (via netcat -e)

Execute an OS command from PHP. Creates an interactive shell via netcat Module Options msf use payload/php/unix/cmd/reversenetcatgaping msf payloadreversenetcatgaping show actions ...actions... msf payloadreversenetcatgaping set ACTION msf payloadreversenetcatgaping show options ...show and set...