Zeek 7.0.9

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek ha...

Wireshark Analyzer 4.4.8

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. Thi...

Oracle HTTP Server (July 2025 CPU)

The versions of HTTP Server installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2025 CPU advisory. - In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap- based buffer under-read. To exploit this, a...

Qualcomm Trusted Application Emulation for Fuzzing Testing

In recent years, the increasing awareness of cybersecurity has led to a heightened focus on information security within hardware devices and products. Incorporating Trusted Execution Environments TEEs into product designs has become a standard practice for safeguarding sensitive user information...

CVE-2025-53630

CVE-2025-53630 affects llama.cpp (ggml/gguf.cpp) where an integer overflow in gguf_init_from_file_impl can cause a heap out-of-bounds read/write. The vulnerability impacts inference paths in llama.cpp and is fixed by commit 26a48ad699d50b6268900062661bd22f3e792579. Connected sources document the ...

EulerOS 2.0 SP10 : emacs (EulerOS-SA-2025-1771)

According to the versions of the emacs package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point for code completion on untrusted Emacs Lisp source...

SUSE SLES15 Security Update : apache2 (SUSE-SU-2025:02241-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02241-1 advisory. - CVE-2024-38477: Fixed null pointer dereference in modproxy bsc1227270. - CVE-2024-39573: Fixed source code disclosure with...

Vulnerabilities fixed in Microsoft Visual Studio

Microsoft has fixed vulnerabilities in Visual Studio. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges, or execute arbitrary code. Some of the vulnerabilities were previously fixed in the code of several open source projects related to GIT. Visual Studi...

📄 bludit 3.16.2 Persistent Cross Site Scripting

bludit version 3.16.2 suffers from a persistent cross site scripting vulnerability. Exploit Title: Stored XSS "Add New Content" Functionality - bluditv3.16.2 Date: 07/2025 Exploit Author: Andrey Stoykov Version: 3.16.2 Tested on: Debian 12 Blog: https://msecureltd.blogspot.com/ Stored XSS "Add Ne...

Security update for apache2

This update for apache2 fixes the following issues: CVE-2024-38477: Fixed null pointer dereference in modproxy bsc1227270. CVE-2024-39573: Fixed source code disclosure with handlers configured via AddType bsc1227271. CVE-2024-39884: Fixed source code disclosure of local content bsc1227353...

SUSE-SU-2025:02241-1 Security update for apache2

This update for apache2 fixes the following issues: - CVE-2024-38477: Fixed null pointer dereference in modproxy bsc1227270. - CVE-2024-39573: Fixed source code disclosure with handlers configured via AddType bsc1227271. - CVE-2024-39884: Fixed source code disclosure of local content bsc1227353. ...

TOR Virtual Network Tunneling Tool 0.4.8.17

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow...

PT-2025-34347 · 'Профископ' · Codescoring

Уязвимость платформы безопасной разработки программного обеспечения CodeScoring связана с утечкой информации в сообщениях об ошибках. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, раскрыть защищаемую информацию путём клонирования исходного кода...

The vulnerability of IBM Cognos Analytics, a web server for online business analytics services, allows attackers to compromise the confidentiality of protected information.

The vulnerability of the IBM Cognos Analytics online business analytics server relates to the disclosure of information through source code. Exploiting this vulnerability could allow a malicious actor, operating remotely, to compromise the confidentiality of the protected information...

HTACG HTML Tidy 安全漏洞

HTACG HTML Tidy is an open source HTML tool from HTML Tidy Advocacy Community Group. A security vulnerability exists in HTACG HTML Tidy version 5.8.0 due to a memory leak in the defaultAlloc function in the src/alloc.c file...

ETrace:Event-Driven Vulnerability Detection in Smart Contracts Via LLM-Based Trace Analysis

With the advance application of blockchain technology in various fields, ensuring the security and stability of smart contracts has emerged as a critical challenge. Current security analysis methodologies in vulnerability detection can be categorized into static analysis and dynamic analysis...

CVE-2025-49182

Files in the source code contain login credentials for the admin user and the property configuration password, allowing an attacker to get full access to the application...

CVE-2025-0923

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 stores source code on the web server that could aid in further attacks against the system...

CVE-2025-49182

Files in the source code contain login credentials for the admin user and the property configuration password, allowing an attacker to get full access to the application...

CVE-2025-49182

Files in the source code contain login credentials for the admin user and the property configuration password, allowing an attacker to get full access to the application...