263 matches found
UBUNTU-CVE-2025-11233
Starting from Rust 1.87.0 and before Rust 1.89.0, the tier 3 Cygwin target x8664-pc-cygwin didn't correctly handle path separators, causing the standard library's Path API to ignore path components separated by backslashes. Due to this, programs compiled for Cygwin that validate paths could...
CVE-2025-11233 Rust standard library didn't detect all path separators on Cygwin
Starting from Rust 1.87.0 and before Rust 1.89.0, the tier 3 Cygwin target x8664-pc-cygwin didn't correctly handle path separators, causing the standard library's Path API to ignore path components separated by backslashes. Due to this, programs compiled for Cygwin that validate paths could...
CVE-2025-11233
CVE-2025-11233 affects Rust when using the tier 3 Cygwin target (x86_64-pc-cygwin) with Rust 1.87.0 up to 1.88.x. The standard library Path API failed to handle backslash-separated components on Cygwin, potentially enabling path traversal or unsafe filesystem operations. Rust 1.89.0 fixes the iss...
CVE-2025-59434
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to August 2025 Cloud-Hosted Flowise, an authenticated vulnerability in Flowise Cloud allows any user on the free tier to access sensitive environment variables from other tenants via the Custom JavaScri...
MAL-2025-41468 Malicious code in @twork-data-services/cashout-tier-settings-v2 (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-41467 Malicious code in @twork-data-services/cashout-tier-settings (npm)
--- -= Per source details. Do not edit below this line.=-...
Prescriptive Zero Trust- Assessing the Impact of Zero Trust on Cyber Attack Prevention
Increasingly sophisticated and varied cyber threats necessitate ever improving enterprise security postures. For many organizations today, those postures have a foundation in the Zero Trust Architecture. This strategy sees trust as something an enterprise must not give lightly or assume too...
Selective KV-Cache Sharing to Mitigate Timing Side-Channels in LLM Inference
Global KV-cache sharing has emerged as a key optimization for accelerating large language model LLM inference. However, it exposes a new class of timing side-channel attacks, enabling adversaries to infer sensitive user inputs via shared cache entries. Existing defenses, such as per-user isolatio...
Leveraging Large Language Models for SQL Behavior-Based Database Intrusion Detection
Database systems are extensively used to store critical data across various domains. However, the frequency of abnormal database access behaviors, such as database intrusion by internal and external attacks, continues to rise. Internal masqueraders often have greater organizational knowledge,...
CVE-2025-45156
Splashin iOS v2.0 fails to enforce server-side interval restrictions for location updates for free-tier users...
CVE-2025-45156
Splashin iOS v2.0 fails to enforce server-side interval restrictions for location updates for free-tier users...
CVE-2025-45156
Splashin iOS v2.0 fails to enforce server-side interval restrictions for location updates for free-tier users...
CVE-2025-45156
Splashin iOS v2.0 is affected by a vulnerability where the application does not enforce server-side interval restrictions for location updates for free-tier users. The root cause is the lack of enforcement of update intervals on the server side, as described in PT-2025-30063. The impact is the po...
Toward an Intent-Based and Ontology-Driven Autonomic Security Response in Security Orchestration Automation and Response
Modern Security Orchestration, Automation, and Response SOAR platforms must rapidly adapt to continuously evolving cyber attacks. Intent-Based Networking has emerged as a promising paradigm for cyber attack mitigation through high-level declarative intents, which offer greater flexibility and...
TRIDENT -- a Three-Tier Privacy-Preserving Propaganda Detection Model in Mobile Networks Using Transformers, Adversarial Learning, and Differential Privacy
The proliferation of propaganda on mobile platforms raises critical concerns around detection accuracy and user privacy. To address this, we propose TRIDENT - a three-tier propaganda detection model implementing transformers, adversarial learning, and differential privacy which integrates syntact...
NanoZone: Scalable, Efficient, and Secure Memory Protection for Arm CCA
Arm Confidential Computing Architecture CCA currently isolates at the granularity of an entire Confidential Virtual Machine CVM, leaving intra-VM bugs such as Heartbleed unmitigated. The state-of-the-art narrows this to the process level, yet still cannot stop attacks that pivot within the same...
CVE-2018-18862
BMC Remedy Mid-Tier 7.1.00 and 9.1.02.003 for BMC Remedy AR System has Incorrect Access Control in ITAM forms, as demonstrated by TLS%3APLR-Configuration+Details/Default+Admin+View/, AST%3AARServerConnection/Default+Admin+View/, and AR+System+Administration%3A+Server+Information/Default+Admin+Vie...
BlobTierInadequateForContentLength during Machine Catalog Update
The following error is seen while updating a MCS Machine Catalog after resizing the size of the Master VM disk. Exception: StudioErrorId : ProvisioningTaskError ErrorCategory : NotSpecified TaskState : FailedToCreateImagePreparationVm TaskStateInformation : Terminated ErrorId :...
CVE-2024-34398
An issue was discovered in BMC Remedy Mid Tier 7.6.04. The web application allows stored HTML Injection by authenticated remote attackers...
CVE-2024-34398
The CVE-2024-34398 entry concerns BMC Remedy Mid Tier 7.6.04 where the web application is vulnerable to stored HTML injection. The vulnerability is triggered by authenticated remote attackers and has a CVSS v3.1 base score of 4.2 (Medium). The underlying impact is limited to confidentiality and i...