Lucene search
K

304 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/10/31 6:33 p.m.9 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to Cross-site Scripting in golang.org/x/net/proxy [CVE-2025-22872]

Summary IBM Watson Speech Services Cartridge is vulnerable to Cross-site Scripting in golang.org/x/net/proxy, due to incorrect interpretation of tags in the tokenizer CVE-2025-22872. Golang is used in our speech utilities. This vulnerabilitiy has been addressed. Please read the details for...

6.5CVSS6.6AI score0.0045EPSS
Exploits0Affected Software1
Veracode
Veracode
added 2025/10/24 4:27 a.m.8 views

Regular Expression Denial Of Service (ReDoS)

transformers is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regular expression processing in the removelanguagecode method of the MarianTokenizer, which allows an attacker to exploit crafted input strings with malformed language code patterns ...

7.5CVSS7.2AI score0.00483EPSS
Exploits1References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/10/22 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-52566

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - llama.cpp is an inference of several LLM models in C/C++. Prior to version b5721, there is a signed vs. unsigned integer overflow in llama.cpp's tokenizer...

8.8CVSS5.8AI score0.00318EPSS
Exploits1References2
OSV
OSV
added 2025/10/11 1:20 p.m.4 views

OESA-2025-2372 llama.cpp security update

Security Fixes: llama.cpp is an inference of several LLM models in C/C++. Prior to version b5721, there is a signed vs. unsigned integer overflow in llama.cpp's tokenizer implementation llamavocab::tokenize src/llama-vocab.cpp:3036 resulting in unintended behavior in tokens copying size compariso...

8.8CVSS7.1AI score0.00318EPSS
Exploits1References2
OSV
OSV
added 2025/10/11 1:20 p.m.3 views

OESA-2025-2371 llama.cpp security update

Security Fixes: llama.cpp is an inference of several LLM models in C/C++. Prior to version b5721, there is a signed vs. unsigned integer overflow in llama.cpp's tokenizer implementation llamavocab::tokenize src/llama-vocab.cpp:3036 resulting in unintended behavior in tokens copying size compariso...

8.8CVSS7.1AI score0.00318EPSS
Exploits1References2
SUSE Linux
SUSE Linux
added 2025/10/10 3:14 p.m.6 views

Security update for podofo

This update for podofo fixes the following issues: fixed a free-after-use in PdfTokenizer bsc1249105 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for your produc...

7AI score
Exploits0References4
OSV
OSV
added 2025/10/10 3:14 p.m.3 views

SUSE-SU-2025:03533-1 Security update for podofo

This update for podofo fixes the following issues: - fixed a free-after-use in PdfTokenizer bsc1249105...

6.9AI score
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-18491

Malware in sbrugna...

7.5CVSS7.5AI score0.09639EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-29032

Malicious code in bioql PyPI...

5.3CVSS5.4AI score0.00483EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-25714

Malicious code in bioql PyPI...

5.5CVSS5.4AI score0.0019EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-19074

Malicious code in bioql PyPI...

8.8CVSS6.3AI score0.00318EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-6284

Malicious code in bioql PyPI...

7.5CVSS6.5AI score0.01949EPSS
Exploits1References7
Cvelist
Cvelist
added 2025/10/01 12:0 a.m.9 views

CVE-2025-46205

A heap-use-after free in the PdfTokenizer::ReadDictionary function of podofo v0.10.0 to v0.10.5 allows attackers to cause a Denial of Service DoS by supplying a crafted PDF file. NOTE: this is disputed by the Supplier because there is no available file to reproduce the issue...

0.0037EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2025/10/01 12:0 a.m.3 views

CVE-2025-46205

A heap-use-after free in the PdfTokenizer::ReadDictionary function of podofo v0.10.0 to v0.10.5 allows attackers to cause a Denial of Service DoS by supplying a crafted PDF file. NOTE: this is disputed by the Supplier because there is no available file to reproduce the issue...

8.1CVSS6.5AI score0.0037EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/10/01 12:0 a.m.10 views

PT-2025-40287

Name of the Vulnerable Software and Affected Versions podofo versions 0.10.0 through 0.10.5 Description A heap-use-after-free issue exists in the PdfTokenizer::ReadDictionary function. This allows attackers to potentially cause a Denial of Service DoS by providing a specially crafted PDF file...

8.1CVSS6.6AI score0.0037EPSS
Exploits1References15
Debian CVE
Debian CVE
added 2025/10/01 12:0 a.m.6 views

CVE-2025-46205

A heap-use-after free in the PdfTokenizer::ReadDictionary function of podofo v0.10.0 to v0.10.5 allows attackers to cause a Denial of Service DoS by supplying a crafted PDF file. NOTE: this is disputed by the Supplier because there is no available file to reproduce the issue...

8.1CVSS5.2AI score0.0037EPSS
Exploits1
Amazon
Amazon
added 2025/09/29 12:0 a.m.10 views

Important: amazon-ssm-agent

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

9.1CVSS7.1AI score0.00724EPSS
Exploits0
Amazon
Amazon
added 2025/09/29 12:0 a.m.4 views

Important: amazon-ssm-agent

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

9.1CVSS7AI score0.00724EPSS
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/09/16 5:21 a.m.2 views

Malicious code in login-tokenizer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware afd2c92f86a125653632d04c1a4dbd53c5277d7362e0caaff90e0f65b7a92c5d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
Snyk
Snyk
added 2025/09/16 5:21 a.m.1 views

Malicious Package

Overview login-tokenizer is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score
Exploits0References2
Rows per page
Query Builder