CVE-2025-54850

A denial of service vulnerability exists in the Modbus TCP and Modbus RTU over TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted series of network requests can lead to a denial of service. An attacker can send a sequence of unauthenticated packets to trigger this...

openSUSE 16 Security Update : tomcat11 (openSUSE-SU-2025-20106-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2025-20106-1 advisory. Update to Tomcat 11.0.13: - CVE-2025-55752: Fixed directory traversal via rewrite with possible RCE if PUT is enabled bsc1252753. -...

CVE-2025-54850

A denial of service vulnerability exists in the Modbus TCP and Modbus RTU over TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted series of network requests can lead to a denial of service. An attacker can send a sequence of unauthenticated packets to trigger this...

EUVD-2025-200032

A denial of service vulnerability exists in the Modbus TCP and Modbus RTU over TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted series of network requests can lead to a denial of service. An attacker can send a sequence of unauthenticated packets to trigger this...

CVE-2025-54848

CVE-2025-54848 affects Socomec DIRIS Digiware M-70 1.6.9, where Modbus TCP/Modbus RTU over TCP can be abused by unauthenticated Modbus TCP messages to trigger a denial-of-service. TALOS details a specific sequence of Write Single Register (code 6) messages on port 502 that changes the gateway Mod...

OPENSUSE-SU-2025:20106-1 Security update for tomcat11

This update for tomcat11 fixes the following issues: Update to Tomcat 11.0.13: - CVE-2025-55752: Fixed directory traversal via rewrite with possible RCE if PUT is enabled bsc1252753. - CVE-2025-55754: Fixed Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomc...

USN-7894-1: EDK II vulnerabilities

It was discovered that EDK II was susceptible to a predictable TCP Initial Sequence Number. An attacker could possibly use this issue to gain unauthorized access. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS. CVE-2023-45236, CVE-2023-45237 It was discovered that EDK II...

JackFix Uses Fake Windows Update Pop-Ups on Adult Sites to Deliver Multiple Stealers

Cybersecurity researchers are calling attention to a new campaign that's leveraging a combination of ClickFix lures and fake adult websites to deceive users into running malicious commands under the guise of a "critical" Windows security update. "Campaign leverages fake adult websites xHamster,...

CLSA-2025-1764062286 edk2: Fix of 2 CVEs

CVE-2023-45236: fix TCP Initial Sequence Number generation in NetworkPkg to prevent predictable sequence numbers - CVE-2023-45237: fix weak pseudo-random number generator in NetworkPkg to prevent predictable TCP sequence numbers...

Updated ruby-rack packages fix security vulnerabilities

Possible Log Injection in Rack::CommonLogger. CVE-2025-25184 Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection. CVE-2025-27111 Local File Inclusion in Rack::Static. CVE-2025-27610...

MGASA-2025-0311 Updated ruby-rack packages fix security vulnerabilities

Possible Log Injection in Rack::CommonLogger. CVE-2025-25184 Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection. CVE-2025-27111 Local File Inclusion in Rack::Static. CVE-2025-27610...

Malicious code in @posthog/event-sequence-timer-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector db26ed26bc40e436602c36fa1c507d324e650f5aeba5a15875e59daadc8a5a14 The package @posthog/event-sequence-timer-plugin was found to contain malicious code. Source: google-open-source-security...

EUVD-2025-198948

Malicious code in @posthog/event-sequence-timer-plugin npm...

Security update for tomcat

This update for tomcat fixes the following issues: CVE-2025-55752: Fixed directory traversal via rewrite with possible RCE if PUT is enabled bsc1252753 CVE-2025-55754: Fixed improper neutralization of escape, meta, or control sequences vulnerability bsc1252905 CVE-2025-61795: Fixed denial of...

SUSE-SU-2025:4184-1 Security update for tomcat

This update for tomcat fixes the following issues: - CVE-2025-55752: Fixed directory traversal via rewrite with possible RCE if PUT is enabled bsc1252753 - CVE-2025-55754: Fixed improper neutralization of escape, meta, or control sequences vulnerability bsc1252905 - CVE-2025-61795: Fixed denial o...

Security update for tomcat

This update for tomcat fixes the following issues: Update to Tomcat 9.0.111: CVE-2025-55752: Fixed directory traversal via rewrite with possible RCE if PUT is enabled bsc1252753 CVE-2025-55754: Fixed improper neutralization of escape, meta, or control sequences vulnerability bsc1252905...

SUSE-SU-2025:4159-1 Security update for tomcat

This update for tomcat fixes the following issues: Update to Tomcat 9.0.111: - CVE-2025-55752: Fixed directory traversal via rewrite with possible RCE if PUT is enabled bsc1252753 - CVE-2025-55754: Fixed improper neutralization of escape, meta, or control sequences vulnerability bsc1252905 -...

Steering in the Shadows: Causal Amplification for Activation Space Attacks in Large Language Models

Modern large language models LLMs are typically secured by auditing data, prompts, and refusal policies, while treating the forward pass as an implementation detail. We show that intermediate activations in decoder-only LLMs form a vulnerable attack surface for behavioral control. Building on...

EUVD-2025-198081

A vulnerability has been identified in the GRUB Grand Unified Bootloader component. This flaw occurs because the bootloader mishandles string conversion when reading information from a USB device, allowing an attacker to exploit inconsistent length values. A local attacker can connect a malicious...

CVE-2025-61661

CVE-2025-61661 affects the GRUB2 bootloader. The vulnerability stems from the USB string conversion handling, allowing a local attacker with a malicious USB device connected during boot to trigger inconsistent length values, potentially crashing GRUB (DoS) and possibly causing data corruption (im...