17053 matches found
Breaking the Code: Security Assessment of AI Code Agents through Systematic Jailbreaking Attacks
Code-capable large language model LLM agents are increasingly embedded into software engineering workflows where they can read, write, and execute code, raising the stakes of safety-bypass "jailbreak" attacks beyond text-only settings. Prior evaluations emphasize refusal or harmful-text detection...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a PM runtime leak that could lead to resource exhaustion...
OpenPLC_V3
RISK EVALUATION Successful exploitation of this vulnerability could cause a denial of service, making the PLC runtime process crash. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network...
CVE-2025-10954
Versions of the package github.com/nyaruka/phonenumbers before 1.2.2 are vulnerable to Improper Validation of Syntactic Correctness of Input in the phonenumbers.Parse function. An attacker can cause a panic by providing crafted input causing a "runtime error: slice bounds out of range". Mitigatio...
Security Bulletin: Buffer overflow, uncontrolled recursion, and other vulnerabilities might affect IBM Storage Defender - Resiliency Service
Summary IBM Storage Defender - Resiliency Service is vulnerable to buffer overflow, uncontrolled recursion, and other. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-7969 DESCRIPTION: Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site...
Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to IBM Semeru Runtime ( CVE-2025-50059, CVE-2025-30761 & CVE-2025-30754 )
Summary IBM App Connect Enterprise is vulnerable to Improper Access Control and Deserialization of Untrusted Data due to IBM Semeru Runtime. Vulnerability Details CVEID:CVE-2025-50059 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition produ...
Improper Access Control
com.liferay, com.liferay.portal.workflow.kaleo.runtime.impl is vulnerable to Improper Access Control. The vulnerability is due to improper access through the expandoTableLocalService, which allows an attacker to gain unauthorized access to sensitive resources...
GHSA-FMJH-F678-CV3X github.com/nyaruka/phonenumbers Vulnerable to Improper Validation of Syntactic Correctness of Input
Versions of the package github.com/nyaruka/phonenumbers before 1.2.2 are vulnerable to Improper Validation of Syntactic Correctness of Input in the phonenumbers.Parse function. An attacker can cause a panic by providing crafted input causing a "runtime error: slice bounds out of range"...
github.com/nyaruka/phonenumbers Vulnerable to Improper Validation of Syntactic Correctness of Input
Versions of the package github.com/nyaruka/phonenumbers before 1.2.2 are vulnerable to Improper Validation of Syntactic Correctness of Input in the phonenumbers.Parse function. An attacker can cause a panic by providing crafted input causing a "runtime error: slice bounds out of range"...
AutoML in Cybersecurity: An Empirical Study
Automated machine learning AutoML has emerged as a promising paradigm for automating machine learning ML pipeline design, broadening AI adoption. Yet its reliability in complex domains such as cybersecurity remains underexplored. This paper systematically evaluates eight open-source AutoML...
Malicious code in com.unity.dots.runtime (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-47627 Malicious code in com.unity.dots.runtime (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious Rust Crates Steal Solana and Ethereum Keys — 8,424 Downloads Confirmed
Cybersecurity researchers have discovered two malicious Rust crates impersonating a legitimate library called fastlog to steal Solana and Ethereum wallet keys from source code. The crates, named fasterlog and asyncprintln, were published by the threat actor under the alias rustguruman and...
Linux Distros Unpatched Vulnerability : CVE-2025-39868
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: erofs: fix runtime warning on truncatefoliobatchexceptionals Commit 0e2f80afcfa6fs/dax: ensu...
[R1] Tenable Patch Management Fixes One Vulnerability
R1 Tenable Patch Management Fixes One Vulnerability Jason Schavel Wed, 09/24/2025 - 14:46 Tenable Patch Management leverages third-party software to help provide underlying functionality. One of the third-party components JRE was found to contain a vulnerability, and an updated version has been...
icu-to-json (>=0.0.1 <=0.0.20) potentially affected by CVE-2025-57353 via @messageformat/runtime (=3.0.1)
@messageformat/runtime NPM version =3.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on @messageformat/runtime and may be impacted: - icu-to-json =0.0.1, =0.0.20 Source cves: CVE-2025-57353 Source advisory: OSV:GHSA-6XV4-9CQP-92RH...
Security Bulletin: IBM Maximo Application Suite - Manage Component uses org.eclipse.core.runtime 3.10.0.v20140318-2214 which is vulnerable to CVE-2023-4218
Summary IBM Maximo Application Suite - Manage Component uses org.eclipse.core.runtime 3.10.0.v20140318-2214 which is vulnerable to CVE-2023-4218.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-4218 DESCRIPTION: In Eclipse IDE...
Security Bulletin: Multiple vulnerabilities in IBM Semeru Runtime may affect IBM Decision Optimization for IBM Cloud Pak for Data (CVE-2025-30749, CVE-2025-30754, CVE-2025-30761, CVE-2025-50059 and CVE-2025-50106)
Summary There are multiple vulnerabilities in IBM® Semeru Runtime Version 17 used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-50059 DESCRIPTION: Vulnerability ...
Security update for the Linux Kernel RT (Live Patch 2 for SLE 15 SP7)
This update for the Linux Kernel 6.4.0-15070078 fixes several issues. The following security issues were fixed: CVE-2025-38498: dochangetype: refuse to operate on unmounted/not ours mounts bsc1247499. CVE-2025-38555: usb: gadget : fix use-after-free in compositedevcleanup bsc1248298. Patch...
CVE-2025-57353
The Runtime components of messageformat package for Node.js before 3.0.2 contain a prototype pollution vulnerability. Due to insufficient validation of nested message keys during the processing of message data, an attacker can manipulate the prototype chain of JavaScript objects by providing...