CVE-2025-48073

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, when reading a deep scanline image with a large sample count in reduceMemory mode, it is possible to crash a target application with a...

GHSA-QHPM-86V7-PHMM OpenEXR ScanLineProcess::run_fill NULL Pointer Write In "reduceMemory" Mode

Summary When reading a deep scanline image with a large sample count in reduceMemory mode, it is possible to crash a target application with a NULL pointer dereference in a write operation. Details In the ScanLineProcess::runfill function, implemented in...

OpenEXR ScanLineProcess::run_fill NULL Pointer Write In "reduceMemory" Mode

Summary When reading a deep scanline image with a large sample count in reduceMemory mode, it is possible to crash a target application with a NULL pointer dereference in a write operation. Details In the ScanLineProcess::runfill function, implemented in...

Important: pixman

Issue Overview: In libpixman in Pixman before 0.42.2, there is an out-of-bounds write aka heap-based buffer overflow in rasterizeedges8 due to an integer overflow in pixmansamplefloory. CVE-2022-44638 Affected Packages: pixman Note: This advisory is applicable to Amazon Linux 2 AL2 Core repositor...

Eclipse ThreadX FileX RAM disk driver buffer overflow vulnerability

Talos Vulnerability Report TALOS-2024-2088 Eclipse ThreadX FileX RAM disk driver buffer overflow vulnerability July 30, 2025 CVE Number CVE-2025-55089 SUMMARY A buffer overflow vulnerability exists in the FileX RAM disk driver functionality of Eclipse ThreadX FileX git commit 1b85eb2. A specially...

CVE-2020-36850

An information disclosure vulnerability exits in Sitecore JSS React Sample Application 11.0.0 - 14.0.1 that may cause page content intended for one user to be shown to another user...

UBUNTU-CVE-2025-38424

In the Linux kernel, the following vulnerability has been resolved: perf: Fix sample vs doexit Baisheng Gao reported an ARM64 crash, which Mark decoded as being a synchronous external abort -- most likely due to trying to access MMIO in bad ways. The crash further shows perf trying to do a user...

CVE-2025-38424 perf: Fix sample vs do_exit()

In the Linux kernel, the following vulnerability has been resolved: perf: Fix sample vs doexit Baisheng Gao reported an ARM64 crash, which Mark decoded as being a synchronous external abort -- most likely due to trying to access MMIO in bad ways. The crash further shows perf trying to do a user...

CVE-2025-38424

CVE-2025-38424 is a Linux kernel fix. The issue arose when perf sampling could access user-space state while the kernel was tearing down a process, risking a crash on ARM64 during do_exit(). The patch changes the teardown order to stop perf earlier in do_exit() and hardens PERF_SAMPLE_CALLCHAIN a...

Sitecore JSS React Sample Application 安全漏洞

Sitecore JSS React Sample Application is a sample program from Sitecore, Inc. A security vulnerability exists in Sitecore JSS React Sample Application versions 11.0.0 through 14.0.1, which stems from an information disclosure that could result in the cross-display of user data...

CVE-2025-7787

A vulnerability, which was classified as critical, was found in Xuxueli xxl-job up to 3.1.1. Affected is the function httpJobHandler of the file src\main\java\com\xxl\job\executor\service\jobhandler\SampleXxlJob.java. The manipulation leads to server-side request forgery. It is possible to launch...

MAL-2025-5997 Malicious code in dex-sample-app (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a5833f372bb58f2c3d63ada7d769c410b4464de4c9a0084d3e8f8ecbee863f4f Any computer that has this package installed or running should be considered...

Malicious code in dex-sample-app (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a5833f372bb58f2c3d63ada7d769c410b4464de4c9a0084d3e8f8ecbee863f4f Any computer that has this package installed or running should be considered...

Malicious code in openai-voice-agent-sdk-sample (npm)

The package communicates with a domain associated with malicious activity...

Malicious code in sample-nuxtjs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f0517b841d711c41128943f51ef66b39a1841448b03eb175aec218d141d8fcdc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-5793 Malicious code in sample-nuxtjs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f0517b841d711c41128943f51ef66b39a1841448b03eb175aec218d141d8fcdc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in aspnetcore-reacy-sample-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4e2b1e88eb171b5da54b5badc189d571ad6cfde7115103930a103f15f067c398 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

When Data-Free Knowledge Distillation Meets Non-Transferable Teacher: Escaping Out-Of-Distribution Trap Is All You Need

Data-free knowledge distillation DFKD transfers knowledge from a teacher to a student without access the real in-distribution ID data. Its common solution is to use a generator to synthesize fake data and use them as a substitute for real ID data. However, existing works typically assume teachers...

Rectifying Privacy and Efficacy Measurements in Machine Unlearning: a New Inference Attack Perspective

Machine unlearning focuses on efficiently removing specific data from trained models, addressing privacy and compliance concerns with reasonable costs. Although exact unlearning ensures complete data removal equivalent to retraining, it is impractical for large-scale models, leading to growing...

CVE-2025-38055

In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: Fix segfault with PEBS-via-PT with samplefreq Currently, using PEBS-via-PT with a sample frequency instead of a sample period, causes a segfault. For example: BUG: kernel NULL pointer dereference, address:...