327 matches found
CVE-2025-6391
Brocade ASCG before 3.3.0 logs JSON Web Tokens JWT in log files. An attacker with access to the log files can withdraw the unencrypted tokens with security implications, such as unauthorized access, session hijacking, and information disclosure...
CVE-2025-50097
...
CVE-2025-50092
...
CVE-2025-30752
CVE-2025-30752 affects Oracle Java SE and Oracle GraalVM for JDK 24.0.1 (Compiler component). The vulnerability allows unauthenticated network access to cause a partial denial of service (Availability impact: LOW) in Java deployments that run untrusted code in sandboxed environments. Affects clie...
CVE-2025-30746
The CVE-2025-30746 entry concerns Oracle E-Business Suite’s Oracle iStore Shopping Cart (versions 12.2.3–12.2.14). The vulnerability allows an unauthenticated, network-accessible attacker over HTTP to compromise iStore, requiring user interaction. Impact includes unauthorized update/insert/delete...
CVE-2025-30739
...
CVE-2025-50130
creationtimestamp| type| source ---|---|--- 2025-07-08 14:05:13+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114817991499817295...
CVE-2025-34075
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Initially assigned to document an issues that allows guest VM to modify the host’s Vagrantfile via default synced folder, leading to host-side code execution. Rejected as CVE due to documented, intended...
CVE-2025-34075
...
CVE-2022-49998
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix locking in rxrpc's sendmsg Fix three bugs in the rxrpc's sendmsg implementation: 1 rxrpcnewclientcall should release the socket lock when returning an error from rxrpcgetcallslot. 2 rxrpcwaitfortxwindowintr will return...
CVE-2022-49986
In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Remove WQMEMRECLAIM from storvscerrorwq storvscerrorwq workqueue should not be marked as WQMEMRECLAIM as it doesn't need to make forward progress under memory pressure. Marking this workqueue as WQMEMRECLAIM may...
CVE-2022-50214
In the Linux kernel, the following vulnerability has been resolved: coresight: Clear the connection field properly coresight devices track their connections output connections and hold a reference to the fwnode. When a device goes away, we walk through the devices on the coresight bus and make su...
MINI-QJ29-FHJV-HW3G
Bulletin has no description...
CVE-2025-48057
Icinga 2 is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. Prior to versions 2.12.12, 2.13.12, and 2.14.6, the VerifyCertificate function can be tricked into incorrectly treating certificates as vali...
CVE-2025-4562
creationtimestamp| type| source ---|---|--- 2025-05-23 03:24:11+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lpsokuyztf2r...
CVE-2020-15476
In nDPI through 3.2, the Oracle protocol dissector has a heap-based buffer over-read in ndpisearchoracle in lib/protocols/oracle.c...
CVE-2025-37804
No description is available for this CVE...
CVE-2022-49766
In the Linux kernel, the following vulnerability has been resolved: netlink: Bounds-check struct nlmsgerr creation In preparation for FORTIFYSOURCE doing bounds-check on memcpy, switch from nlmsgput to nlmsgput, and explain the bounds check for dealing with the memcpy across a composite flexible...
CVE-2022-49771
In the Linux kernel, the following vulnerability has been resolved: dm ioctl: fix misbehavior if listversions races with module loading listversions will first estimate the required space using the "dmtargetiteratelistversiongetneeded, " call and then will fill the space using the...
Spill the Beans: Exploiting CPU Cache Side-Channels to Leak Tokens from Large Language Models
Side-channel attacks on shared hardware resources increasingly threaten confidentiality, especially with the rise of Large Language Models LLMs. In this work, we introduce Spill The Beans, a novel application of cache side-channels to leak tokens generated by an LLM. By co-locating an attack...