CVE-2025-8734

GNU Bison up to 3.8.2 contains a vulnerability in function code_free (src/scan-code.c) that can cause a double free. Exploitation appears to be locally actionable; the exploit has been disclosed, but the actual existence of this issue is disputed as reproductions from a GNU Bison 3.8.2 tarball in...

BIT-MODSECURITY2-2025-54571 ModSecurity's Insufficient Return Value Handling can Lead to XSS and Source Code Disclosure

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.11 and below, an attacker can override the HTTP response’s Content-Type, which could lead to several issues depending on the HTTP scenario. For example, we have demonstrate...

BIT-MODSECURITY-2025-54571 ModSecurity's Insufficient Return Value Handling can Lead to XSS and Source Code Disclosure

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.11 and below, an attacker can override the HTTP response’s Content-Type, which could lead to several issues depending on the HTTP scenario. For example, we have demonstrate...

Linux Distros Unpatched Vulnerability : CVE-2024-40725

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. AddType a...

AuthPrint: Fingerprinting Generative Models against Malicious Model Providers

Generative models are increasingly adopted in high-stakes domains, yet current deployments offer no mechanisms to verify the origin of model outputs. We address this gap by extending model fingerprinting techniques beyond the traditional collaborative setting to one where the model provider may a...

CVE-2025-54571

CVE-2025-54571 affects ModSecurity (WAF engine for Apache/IIS/Nginx). In versions 2.9.11 and earlier, an attacker could override the HTTP response Content-Type, enabling issues such as XSS and arbitrary script-source disclosure. The vulnerability is fixed in ModSecurity 2.9.12. Remediation: upgra...

CVE-2025-54571 ModSecurity's Insufficient Return Value Handling can Lead to XSS and Source Code Disclosure

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.11 and below, an attacker can override the HTTP response’s Content-Type, which could lead to several issues depending on the HTTP scenario. For example, we have demonstrate...

Complete Evasion, Zero Modification: PDF Attacks on AI Text Detection

AI-generated text detectors have become essential tools for maintaining content authenticity, yet their robustness against evasion attacks remains questionable. We present PDFuzz, a novel attack that exploits the discrepancy between visual text layout and extraction order in PDF documents. Our...

CVE-2025-8454

It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts a collection of scripts to make the life of a Debian Package maintainer easier, skips OpenPGP verification if the upstream source is already downloaded from a previous run even...

macOS 14.x < 14.7.7 Multiple Vulnerabilities (124150)

The remote host is running a version of macOS / Mac OS X that is 14.x prior to 14.7.7. It is, therefore, affected by multiple vulnerabilities: - A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion durin...

Missing Origin Validation In WebSockets

Next.js is vulnerable to Missing Origin Validation in WebSockets . The vulnerability is due to limited source code exposure in local development mode when the App Router is enabled, which allows an attacker to trick a user into visiting a malicious webpage while npm run dev is active, potentially...

Zeek 7.0.9

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek ha...

Wireshark Analyzer 4.4.8

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. Thi...

Oracle HTTP Server (July 2025 CPU)

The versions of HTTP Server installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2025 CPU advisory. - In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap- based buffer under-read. To exploit this, a...

Qualcomm Trusted Application Emulation for Fuzzing Testing

In recent years, the increasing awareness of cybersecurity has led to a heightened focus on information security within hardware devices and products. Incorporating Trusted Execution Environments TEEs into product designs has become a standard practice for safeguarding sensitive user information...

CVE-2025-53630

CVE-2025-53630 affects llama.cpp (ggml/gguf.cpp) where an integer overflow in gguf_init_from_file_impl can cause a heap out-of-bounds read/write. The vulnerability impacts inference paths in llama.cpp and is fixed by commit 26a48ad699d50b6268900062661bd22f3e792579. Connected sources document the ...

EulerOS 2.0 SP10 : emacs (EulerOS-SA-2025-1771)

According to the versions of the emacs package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point for code completion on untrusted Emacs Lisp source...

SUSE SLES15 Security Update : apache2 (SUSE-SU-2025:02241-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02241-1 advisory. - CVE-2024-38477: Fixed null pointer dereference in modproxy bsc1227270. - CVE-2024-39573: Fixed source code disclosure with...

Vulnerabilities fixed in Microsoft Visual Studio

Microsoft has fixed vulnerabilities in Visual Studio. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges, or execute arbitrary code. Some of the vulnerabilities were previously fixed in the code of several open source projects related to GIT. Visual Studi...

📄 bludit 3.16.2 Persistent Cross Site Scripting

bludit version 3.16.2 suffers from a persistent cross site scripting vulnerability. Exploit Title: Stored XSS "Add New Content" Functionality - bluditv3.16.2 Date: 07/2025 Exploit Author: Andrey Stoykov Version: 3.16.2 Tested on: Debian 12 Blog: https://msecureltd.blogspot.com/ Stored XSS "Add Ne...