Vulnerability Identification by Harnessing Inter-Connected Multi-Source Information

The utilization of third-party open-source libraries is widespread in modern software development. Due to the dependency relationships, vulnerabilities within open-source libraries pose significant security threats to downstream software. However, the library vulnerabilities are usually implicitl...

OpenSCAP Libraries 1.3.14

The openscap project is a set of open source libraries that support the SCAP Security Content Automation Protocol set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF...

Claude Opus 4.6 Finds 500+ High-Severity Flaws Across Major Open-Source Libraries

Artificial intelligence AI company Anthropic revealed that its latest large language model LLM, Claude Opus 4.6, has found more than 500 previously unknown high-severity security flaws in open-source libraries, including Ghostscript, OpenSC, and CGIF. Claude Opus 4.6, which was launched Thursday,...

Security Bulletin: IBM Automation Decision Services for October 2025 - Multiple CVEs addressed

Summary IBM Automation Decision Services is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed Vulnerability Details CVEID:CVE-2025-46653...

Facebook Proxygen 安全漏洞

Facebook Proxygen is a set of open source C++ HTTP class libraries from Facebook Inc. in the United States. A security vulnerability exists in Facebook Proxygen that stems from an infinite loop triggered when processing large requests, which could lead to memory exhaustion...

Security Bulletin: Multiple vulnerabilities that affects IBM Db2 Data Management Console( CVE-2022-1471,CVE-2024-22259,CVE-2020-8565, CVE-2019-11250,CVE-2023-44487,CVE-2022-46175, CVE-2024-22243)

Summary SnakeYaml Constructor Deserialization Remote Code Execution. Spring-web-6.0.11, k8s.io-client-go, k8s.io-Apimachinery-v0.25.1, json5-1.0.1, spring-web-6.0.11 open source libraries are used by IBM Db2 Data Management Console . This bulletin describes the upgrades necessary to address the...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via the DDL component. An attacker can disrupt the availability of the service by sending crafted requests over the network with high privileges. Details Denial of Service DoS describes a family of attacks, all aim...

CVE-2024-7720

HP Security Manager is potentially vulnerable to Remote Code Execution as a result of code vulnerability within the product's solution open-source libraries...

CVE-2019-13538

3S-Smart Software Solutions GmbH CODESYS V3 Library Manager, all versions prior to 3.5.16.0, allows the system to display active library content without checking its validity, which may allow the contents of manipulated libraries to be displayed or executed. The issue also exists for source...

Attestable Builds: Compiling Verifiable Binaries on Untrusted Systems Using Trusted Execution Environments

In this paper we present attestable builds, a new paradigm to provide strong source-to-binary correspondence in software artifacts. We tackle the challenge of opaque build pipelines that disconnect the trust between source code, which can be understood and audited, and the final binary artifact,...

Security Bulletin: IBM Concert Software is vulnerable to multiple issues

Summary IBM Concert Software uses multiple open source libraries which are susceptible to various security vulnerabilities. Vulnerability Details CVEID:CVE-2018-25031 DESCRIPTION: swagger-ui could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a...

[SECURITY] Fedora 40 Update: SimGear-2020.3.19-7.fc40

SimGear is a set of open-source libraries designed to be used as building blocks for quickly assembling 3d simulations, games, and visualization applications...

CVE-2024-7720

HP Security Manager is potentially vulnerable to Remote Code Execution as a result of code vulnerability within the product's solution open-source libraries...

CVE-2024-7720

HP Security Manager is potentially vulnerable to Remote Code Execution as a result of code vulnerability within the product's solution open-source libraries...

CVE-2024-7720 HP Security Manager - Potential Remote Code Execution

HP Security Manager is potentially vulnerable to Remote Code Execution as a result of code vulnerability within the product's solution open-source libraries...

CVE-2024-7720

HP Security Manager is potentially vulnerable to Remote Code Execution due to a code vulnerability in the product’s open-source libraries. The CVE is CVE-2024-7720; sources describe a high-severity, network-exposed issue with no authentication and no user interaction required. HP has issued a sof...

PT-2024-38533 · Hewlett Packard · Hp Security Manager

Name of the Vulnerable Software and Affected Versions: HP Security Manager affected versions not specified Description: The issue is related to a code vulnerability within the product's solution open-source libraries, potentially allowing Remote Code Execution. Recommendations: At the moment, the...

编号撤回

ROS2 Humble Hawksbill is an open source set of software libraries and tools for ROS2. It can help build robotics applications. This CVE number has been withdrawn...

编号撤回

ROS2 Humble Hawksbill is an open source set of software libraries and tools for ROS2. It can help build robotics applications. This CVE number has been withdrawn...

编号撤回

ROS2 Humble Hawksbill is an open source set of software libraries and tools for ROS2. It can help build robotics applications. This CVE number has been withdrawn...