Lucene search
+L

263 matches found

OSV
OSV
added 2025/10/01 5:15 p.m.6 views

UBUNTU-CVE-2025-11233

Starting from Rust 1.87.0 and before Rust 1.89.0, the tier 3 Cygwin target x8664-pc-cygwin didn't correctly handle path separators, causing the standard library's Path API to ignore path components separated by backslashes. Due to this, programs compiled for Cygwin that validate paths could...

6.3CVSS5.8AI score0.00482EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/10/01 4:49 p.m.6 views

CVE-2025-11233 Rust standard library didn't detect all path separators on Cygwin

Starting from Rust 1.87.0 and before Rust 1.89.0, the tier 3 Cygwin target x8664-pc-cygwin didn't correctly handle path separators, causing the standard library's Path API to ignore path components separated by backslashes. Due to this, programs compiled for Cygwin that validate paths could...

6.3CVSS6.5AI score0.00482EPSS
Exploits0References2
CVE
CVE
added 2025/10/01 4:49 p.m.37 views

CVE-2025-11233

CVE-2025-11233 affects Rust when using the tier 3 Cygwin target (x86_64-pc-cygwin) with Rust 1.87.0 up to 1.88.x. The standard library Path API failed to handle backslash-separated components on Cygwin, potentially enabling path traversal or unsafe filesystem operations. Rust 1.89.0 fixes the iss...

6.3CVSS6.5AI score0.00482EPSS
Exploits0References2
NVD
NVD
added 2025/09/22 8:15 p.m.7 views

CVE-2025-59434

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to August 2025 Cloud-Hosted Flowise, an authenticated vulnerability in Flowise Cloud allows any user on the free tier to access sensitive environment variables from other tenants via the Custom JavaScri...

9.6CVSS0.03146EPSS
Exploits0References1
OSV
OSV
added 2025/08/28 7:15 a.m.3 views

MAL-2025-41468 Malicious code in @twork-data-services/cashout-tier-settings-v2 (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSV
OSV
added 2025/08/28 7:15 a.m.2 views

MAL-2025-41467 Malicious code in @twork-data-services/cashout-tier-settings (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/18 12:0 a.m.5 views

Prescriptive Zero Trust- Assessing the Impact of Zero Trust on Cyber Attack Prevention

Increasingly sophisticated and varied cyber threats necessitate ever improving enterprise security postures. For many organizations today, those postures have a foundation in the Zero Trust Architecture. This strategy sees trust as something an enterprise must not give lightly or assume too...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/11 12:0 a.m.5 views

Selective KV-Cache Sharing to Mitigate Timing Side-Channels in LLM Inference

Global KV-cache sharing has emerged as a key optimization for accelerating large language model LLM inference. However, it exposes a new class of timing side-channel attacks, enabling adversaries to infer sensitive user inputs via shared cache entries. Existing defenses, such as per-user isolatio...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/06 12:0 a.m.6 views

Leveraging Large Language Models for SQL Behavior-Based Database Intrusion Detection

Database systems are extensively used to store critical data across various domains. However, the frequency of abnormal database access behaviors, such as database intrusion by internal and external attacks, continues to rise. Internal masqueraders often have greater organizational knowledge,...

7.5AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/07/20 12:51 a.m.9 views

CVE-2025-45156

Splashin iOS v2.0 fails to enforce server-side interval restrictions for location updates for free-tier users...

5.3CVSS6.2AI score0.00342EPSS
Exploits1References1
OSV
OSV
added 2025/07/18 5:15 p.m.3 views

CVE-2025-45156

Splashin iOS v2.0 fails to enforce server-side interval restrictions for location updates for free-tier users...

5.3CVSS5.8AI score0.00342EPSS
Exploits1References2
NVD
NVD
added 2025/07/18 5:15 p.m.7 views

CVE-2025-45156

Splashin iOS v2.0 fails to enforce server-side interval restrictions for location updates for free-tier users...

5.3CVSS0.00342EPSS
Exploits1References1
CVE
CVE
added 2025/07/18 12:0 a.m.21 views

CVE-2025-45156

Splashin iOS v2.0 is affected by a vulnerability where the application does not enforce server-side interval restrictions for location updates for free-tier users. The root cause is the lack of enforcement of update intervals on the server side, as described in PT-2025-30063. The impact is the po...

5.3CVSS6.9AI score0.00342EPSS
Exploits1References1Affected Software1
Packet Storm News
Packet Storm News
added 2025/07/17 12:0 a.m.5 views

Toward an Intent-Based and Ontology-Driven Autonomic Security Response in Security Orchestration Automation and Response

Modern Security Orchestration, Automation, and Response SOAR platforms must rapidly adapt to continuously evolving cyber attacks. Intent-Based Networking has emerged as a promising paradigm for cyber attack mitigation through high-level declarative intents, which offer greater flexibility and...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/11 12:0 a.m.4 views

TRIDENT -- a Three-Tier Privacy-Preserving Propaganda Detection Model in Mobile Networks Using Transformers, Adversarial Learning, and Differential Privacy

The proliferation of propaganda on mobile platforms raises critical concerns around detection accuracy and user privacy. To address this, we propose TRIDENT - a three-tier propaganda detection model implementing transformers, adversarial learning, and differential privacy which integrates syntact...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/08 12:0 a.m.9 views

NanoZone: Scalable, Efficient, and Secure Memory Protection for Arm CCA

Arm Confidential Computing Architecture CCA currently isolates at the granularity of an entire Confidential Virtual Machine CVM, leaving intra-VM bugs such as Heartbleed unmitigated. The state-of-the-art narrows this to the process level, yet still cannot stop attacks that pivot within the same...

6.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 5:47 a.m.6 views

CVE-2018-18862

BMC Remedy Mid-Tier 7.1.00 and 9.1.02.003 for BMC Remedy AR System has Incorrect Access Control in ITAM forms, as demonstrated by TLS%3APLR-Configuration+Details/Default+Admin+View/, AST%3AARServerConnection/Default+Admin+View/, and AR+System+Administration%3A+Server+Information/Default+Admin+Vie...

8.8CVSS7AI score0.02886EPSS
Exploits2References1
Citrix
Citrix
added 2025/05/08 12:0 a.m.22 views

BlobTierInadequateForContentLength during Machine Catalog Update

The following error is seen while updating a MCS Machine Catalog after resizing the size of the Master VM disk. Exception: StudioErrorId : ProvisioningTaskError ErrorCategory : NotSpecified TaskState : FailedToCreateImagePreparationVm TaskStateInformation : Terminated ErrorId :...

7.1AI score
Exploits0
OSV
OSV
added 2025/03/12 5:15 p.m.4 views

CVE-2024-34398

An issue was discovered in BMC Remedy Mid Tier 7.6.04. The web application allows stored HTML Injection by authenticated remote attackers...

4.2CVSS5.8AI score0.00234EPSS
Exploits0References1
CVE
CVE
added 2025/03/12 12:0 a.m.44 views

CVE-2024-34398

The CVE-2024-34398 entry concerns BMC Remedy Mid Tier 7.6.04 where the web application is vulnerable to stored HTML injection. The vulnerability is triggered by authenticated remote attackers and has a CVSS v3.1 base score of 4.2 (Medium). The underlying impact is limited to confidentiality and i...

4.2CVSS7AI score0.00234EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder