EUVD-2018-10347

Malware in sbrugna...

EUVD-2023-0277

Malicious code in bioql PyPI...

EUVD-2023-44068

Malicious code in bioql PyPI...

EUVD-2022-52770

Malicious code in bioql PyPI...

All You Need Is a Fuzzing Brain: an LLM-Powered System for Automated Vulnerability Detection and Patching

Our team, All You Need Is A Fuzzing Brain, was one of seven finalists in DARPA's Artificial Intelligence Cyber Challenge AIxCC, placing fourth in the final round. During the competition, we developed a Cyber Reasoning System CRS that autonomously discovered 28 security vulnerabilities - including...

Linux Distros Unpatched Vulnerability : CVE-2025-37951

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/v3d: Add job to pending list if the reset was skipped When a CL/CSD job times out, we check if the GPU has made any progress since the last timeout. If so,...

Qualcomm WLAN Software Vulnerability - Lenovo Support US

No description provided...

PT-2025-27906 · Liquidthemes · Logisticshub

Name of the Vulnerable Software and Affected Versions: LiquidThemes LogisticsHub versions 1.1.6 and earlier Description: The issue allows for the unrestricted upload of files with dangerous types, enabling an attacker to upload a web shell to a web server. This can lead to significant security...

CVE-2025-48381 CVAT has information disclosure via browsable API

Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. In versions starting from 2.4.0 to before 2.38.0, an authenticated CVAT user may be able to retrieve the IDs and names of all tasks, projects, labels, and the IDs of all jobs and quality...

CVE-2025-48475 FreeScout Vulnerable to Insufficient Authorization

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the System does not provide a check on which "clients" of the System an authorized user can view and edit, and which ones they cannot. As a result, an authorized user who does not have access to any of the...

CVE-2023-3295

The Unlimited Elements For Elementor Free Widgets, Addons, Templates for WordPress is vulnerable to arbitrary file uploads due to missing file type validation of files in the file manager functionality in versions up to, and including, 1.5.66 . This makes it possible for authenticated attackers,...

CVE-2021-37684

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementations of pooling in TFLite are vulnerable to division by 0 errors as there are no checks for divisors not being 0. We have patched the issue in GitHub commit...

CVE-2025-47782 motionEye vulnerable to RCE in add_camera Function Due to unsafe command execution

motionEye is an online interface for the software motion, a video surveillance program with motion detection. In versions 0.43.1b1 through 0.43.1b3, using a constructed camera device path with the add/addcamera motionEye web API allows an attacker with motionEye admin user credentials to execute...

PT-2025-18252 · Ctrlx Os · Ctrlx Os

Name of the Vulnerable Software and Affected Versions: ctrlX OS affected versions not specified Description: A vulnerability in the users configuration file of ctrlX OS may allow a remote authenticated low-privileged attacker to recover the plaintext passwords of other users. Recommendations: At...

CVE-2025-32951 io.jmix.rest:jmix-rest allows XSS in the /files Endpoint of the Generic REST API

Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends...

CVE-2025-32780 BleachBit for Windows Has DLL Untrusted Path Vulnerability

BleachBit cleans files to free disk space and to maintain privacy. BleachBit for Windows up to version 4.6.2 is vulnerable to a DLL Hijacking vulnerability. By placing a malicious DLL with the name uuid.dll in the folder C:\Users\AppData\Local\Microsoft\WindowsApps, an attacker can execute...

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Envoy denial of service vulnerabilitiy( CVE-2024-45810).

Summary Potential Envoy denial of service vulnerabilitiy CVE-2024-45810 has been identified that affects IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-45810 DESCRIPTION: Envoy is vulnerable to ...

PT-2025-25406 · Blink · Bl-Lte300 +7

Name of the Vulnerable Software and Affected Versions: Blink routers BL-WR9000 version 2.4.9 Blink routers BL-AC2100 AZ3 version 1.0.4 Blink routers BL-X10 AC8 version 1.0.5 Blink routers BL-LTE300 version 1.2.3 Blink routers BL-F1200 AT1 version 1.0.0 Blink routers BL-X26 AC8 version 1.2.8 Blink...

npm Malware Targets Atomic and Exodus Wallets to Hijack Crypto Transfers

ReversingLabs reveals a malicious npm package targeting Atomic and Exodus wallets, silently hijacking crypto transfers via software patching...

CVE-2025-29927 Authorization Bypass in Next.js Middleware

Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to ...