CVE-2025-12058

The CVE describes a vulnerability in Keras Model.load_model where the StringLookup layer can load a local file or fetch remote content during model loading, enabling arbitrary local file reads and SSRF even when safe_mode=True. IBM bulletins link affected packages (keras-3.11.3 wheel; keras-2.14....

Google Go 安全漏洞

Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google, Inc USA. A security vulnerability exists in Google Go, which stems from the ParseAddress function constructing a domain literal address component by repeating string concatenation...

Google Go 安全漏洞

Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google, Inc. A security vulnerability exists in Google Go, which stems from the Reader.ReadResponse function constructing a response string by concatenating repetitive strings, which may...

PT-2025-44268

Name of the Vulnerable Software and Affected Versions Keras affected versions not specified Description The Keras Model.load model method is susceptible to arbitrary local file loading and Server-Side Request Forgery SSRF, even when safe mode=True is enabled. This issue arises from the handling o...

Wazuh 代码问题漏洞

Wazuh is a Wazuh open source application. It is used to collect, aggregate, index and analyze security data to help organizations detect intrusions, threats and behavioral anomalies. A code issue vulnerability exists in Wazuh versions prior to 4.11.0 that stems from not checking if timestring is...

EUVD-2025-36498

In the Linux kernel, the following vulnerability has been resolved: pinctrl: check the return value of pinmuxops::getfunctionname While the API contract in docs doesn't specify it explicitly, the generic implementation of the getfunctionname callback from struct pinmuxops -...

[SECURITY] Fedora 41 Update: qt5-qtbase-5.15.17-2.fc41

Qt is a software toolkit for developing applications. This package contains base tools, like string, xml, and network handling...

CVE-2025-12217

SNMP Default Community String public.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

Linux Distros Unpatched Vulnerability : CVE-2023-53729

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: soc: qcom: qmiencdec: Restrict string length in decode The QMI TLV value for strings in a lo...

[SECURITY] [DSA 6039-1] openjdk-25 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6039-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 26, 2025 https://www.debian.org/security/faq -...

Debian dsa-6039 : openjdk-25-dbg - security update

The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6039 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6039-1 [email protected] https://www.debian.org/securit...

CVE-2025-12217

SNMP Default Community String public.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

CVE-2025-12217

SNMP Default Community String public.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

CVE-2025-12217 SNMP Default Community String (public)

SNMP Default Community String public.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

CVE-2025-12217

The CVE-2025-12217 issue concerns the use of a default SNMP community string (public) on Azure Access Technology BLU-IC2 and BLU-IC4. Affected devices are BLU-IC2 and BLU-IC4 with firmware versions up to 1.19.5. The root cause is the default community string, enabling network access without crede...

CVE-2025-12217 SNMP Default Community String (public)

SNMP Default Community String public.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

PT-2025-43732

Name of the Vulnerable Software and Affected Versions BLU-IC2 versions through 1.19.5 BLU-IC4 versions through 1.19.5 Description The firmware uses a default SNMP community string, specifically 'public'. This allows unauthorized access to device information and potential modification of settings...

Fedora 43 : gi-docgen (2025-86cf4f2eed)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-86cf4f2eed advisory. gi-docgen 2025.5 - 2025-10-11 This is a security fix for CVE-2025-11687. The severity of this issue depends on what else is hosted on the same domain as the...

CVE-2025-62254

The ComboServlet in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not limit the number or size of the files i...

GHSA-Q95H-87J6-273X Liferay Portal ComboServlet denial of service via large file combination

The ComboServlet in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not limit the number or size of the files i...