Linux Distros Unpatched Vulnerability : CVE-2014-7192

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Eval injection vulnerability in index.js in the syntax-error package before 1.1.1 for Node.js 0.10.x, as used in IBM Rational Application Developer and other...

CVE-2025-55730 XWiki Remote Macros vulnerable to remote code execution using the confluence paste code macro

XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5, missing escaping of the title in the confluence paste code macro allows remote code execution for any user who can edit any page. The...

CVE-2025-55727 XWiki Remote Macros vulnerable to remote code execution from width parameter in the column macro

XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5, missing escaping of the width parameter in the column macro allows remote code execution for any user who can edit any page or who can...

XGrammar 安全漏洞

XGrammar is a fast, flexible and portable structured generation tool from mlc-ai open source. A security vulnerability exists in xgrammar version 0.1.23, which stems from the syntax optimizer being inefficient when processing large grammars, and could lead to a denial of service attack...

XGrammar 安全漏洞

XGrammar is a fast, flexible and portable structured generation tool from mlc-ai open source. A security vulnerability exists in XGrammar versions prior to 0.1.21, which stems from an infinite recursion problem in the syntax...

CVE-2025-55398

CVE-2025-55398 affects the mouse07410 asn1c fork (through 0.9.29). In UPER decoding, asn1c-generated decoders fail to enforce INTEGER constraints when the bound is positive and exceeds 32 bits, potentially processing malformed input. Affected: decoders in this asn1c fork; impact is high (per CVSS...

PT-2025-34448 · Mouse07410 · Asn1C

Name of the Vulnerable Software and Affected Versions: mouse07410 asn1c versions through 0.9.29 Description: An issue was discovered in decoders generated by asn1c. When using UPER Unaligned Packed Encoding Rules, the decoders fail to enforce constraints on INTEGER values if the positive bound...

Linux Distros Unpatched Vulnerability : CVE-2019-20444

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax...

VerilogLAVD: LLM-Aided Rule Generation for Vulnerability Detection in Verilog

Timely detection of hardware vulnerabilities during the early design stage is critical for reducing remediation costs. Existing early detection techniques often require specialized security expertise, limiting their usability. Recent efforts have explored the use of large language models LLMs for...

CVE-2025-25007

Improper validation of syntactic correctness of input in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network...

Allocation of Resources Without Limits or Throttling

Overview org.bouncycastle:bcprov-ext-jdk15to18 is a Java implementation of cryptographic algorithms. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to improper processing of large name constraint structures in PKIXCertPathReviewer. An...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to improper processing of large name constraint structures in PKIXCertPathReviewer. An attacker can cause excessive resource allocation by submitting specially crafted ASN.1...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the ASN1ObjectIdentifier. An attacker can cause excessive resource consumption by submitting specially crafted ASN.1 Object Identifiers, potentially leading to service disruption...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the ASN1ObjectIdentifier. An attacker can cause excessive resource consumption by submitting specially crafted ASN.1 Object Identifiers, potentially leading to service disruption...

Linux Distros Unpatched Vulnerability : CVE-2023-4578

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When calling JS::CheckRegExpSyntax a Syntax Error could have been set which would end in calling convertToRuntimeErrorAndClear. A path in the function could...

BIT-LIBPHP-2024-1874 Command injection via array-ish $command parameter of proc_open()

In PHP versions 8.1. before 8.1.28, 8.2. before 8.2.18, 8.3. before 8.3.5, when using procopen command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands ...

Linux Distros Unpatched Vulnerability : CVE-2023-36674

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. It is possible to bypa...

From Legacy to Standard: LLM-Assisted Transformation of Cybersecurity Playbooks into CACAO Format

Existing cybersecurity playbooks are often written in heterogeneous, non-machine-readable formats, which limits their automation and interoperability across Security Orchestration, Automation, and Response platforms. This paper explores the suitability of Large Language Models, combined with Prom...

CVE-2025-8217

The Amazon Q Developer Visual Studio Code VS Code extension v1.84.0 contains inert, injected code designed to call the Q Developer CLI. The code executes when the extension is launched within the VS Code environment; however the injected code contains a syntax error which prevents it from making ...

CVE-2025-8217

The Amazon Q Developer Visual Studio Code VS Code extension v1.84.0 contains inert, injected code designed to call the Q Developer CLI. The code executes when the extension is launched within the VS Code environment; however the injected code contains a syntax error which prevents it from making ...