Svelte 跨站脚本漏洞

Svelte is an open-source approach to building web applications developed by Svelte. Versions of Svelte prior to 5.51.5 contained a cross-site scripting vulnerability. This vulnerability occurred when extended syntax was used during server-side rendering, and event handler properties were included...

Detecting PowerShell-Based Fileless Cryptojacking Attacks Using Machine Learning

With the emergence of remote code execution RCE vulnerabilities in ubiquitous libraries and advanced social engineering techniques, threat actors have started conducting widespread fileless cryptojacking attacks. These attacks have become effective with stealthy techniques based on PowerShell-bas...

Cross-site Scripting (XSS)

Overview org.webjars.npm:svelte is a package for building web applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the spread syntax when rendering attributes from untrusted data during server-side rendering. An attacker can execute arbitrary JavaScript i...

OpenSSL Stack buffer overflow in CMS AuthEnvelopedData parsing

Brocade Security has become aware of a stack buffer overflow that could lead to a crash, causing Denial of Service, or potentially remote code execution. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax CMS message with an...

Regular Expression Denial of Service (ReDoS)

Overview minimatch is a minimal matching utility. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the AST class, caused by catastrophic backtracking when an input string contains many characters in a row, followed by an unmatched character. Detail...

PT-2026-21300

Name of the Vulnerable Software and Affected Versions @langchain/langgraph-checkpoint-redis versions prior to 1.0.2 Description A query injection issue exists in the RedisSaver and ShallowRedisSaver classes of the @langchain/langgraph-checkpoint-redis package. These classes build RediSearch queri...

OpenSSL 3.x Realistic ASN.1 / PKCS#12 Denial of Service Tool

This proof of concept builds structurally correct ASN.1 DER / PKCS12 files designed to stress-test OpenSSL's parser and memory handling. It focuses on non-exploitative impacts such as denial of service, excessive memory consumption, deep recursion, malformed lengths, and duplicated/overlapping...

[SECURITY] Fedora 42 Update: rust-num-conv-0.2.0-1.fc42

numconv is a crate to convert between integer types without using as casts. This provides better certainty when refactoring, makes the exact behavior of code more explicit, and allows using turbofish syntax...

[SECURITY] Fedora 42 Update: rust-git-delta-0.18.2-13.fc42

A syntax-highlighting pager for git...

motionEye 0.43.1b4 Remote Code Execution

Client-side validation in motionEye's web UI can be bypassed via overriding the JS validation function. Arbitrary values including shell interpolation syntax can be saved into the motion config. When motion is restarted, the motion process interprets the config and can execute shell syntax embedd...

CVE-2025-69873

ajv Another JSON Schema Validator before 8.18.0 is vulnerable to Regular Expression Denial of Service ReDoS when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax $data reference, which is passed directly to the JavaScript RegExp constructor without...

[SECURITY] Fedora 43 Update: rust-git-delta-0.18.2-13.fc43

A syntax-highlighting pager for git...

OpenSSL 3.x Malicious AES‑GCM ASN.1 Parameter Injection

This C code is a security research proof of concept targeting OpenSSL's CMS Cryptographic Message Syntax handling. It programmatically creates a syntactically valid CMS AuthEnvelopedData object using AES-256-GCM, then injects a custom-crafted ASN.1 AESGCMPARAMETERS sequence with an abnormally lar...

CLSA-2026-1770668132 openssl: Fix of 2 CVEs

CVE-2025-69418: fix OCB AES-NI/HW stream path leaving trailing bytes unauthenticated/unencrypted by advancing pointers after stream processing - CVE-2025-69420: fix missing ASN1TYPE validation in TSRESPverifyresponse for signing certificate attributes...

CLSA-2026-1770667352 openssl: Fix of 3 CVEs

CVE-2025-69418: fix OCB AES-NI/HW stream path leaving trailing bytes unauthenticated/unencrypted by advancing pointers after stream processing - CVE-2025-69420: fix missing ASN1TYPE validation in TSRESPverifyresponse for signing certificate attributes - CVE-2025-15468: add a NULL guard before...

CVE-2026-25533

Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.10.1, the existing layers of security in enclave-vm are insufficient: The AST sanitization can be bypassed with dynamic property accesses, the hardening of the error objects does not cover the peculiar...

EUVD-2026-5565

Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.10.1, the existing layers of security in enclave-vm are insufficient: The AST sanitization can be bypassed with dynamic property accesses, the hardening of the error objects does not cover the peculiar...

OESA-2026-1311 openssl security update

OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. Security Fixes: Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact...

OESA-2026-1310 openssl security update

OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. Security Fixes: Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact...

llama.cpp 安全漏洞

Llama.cpp is a multimodal model developed by Georgi Gerganov. Versions of Llama.cpp with the version number 55abc39 and earlier contain security vulnerabilities, which stem from a stack buffer overflow in the GBNF syntax processor...