304 matches found
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to Cross-site Scripting in golang.org/x/net/proxy [CVE-2025-22872]
Summary IBM Watson Speech Services Cartridge is vulnerable to Cross-site Scripting in golang.org/x/net/proxy, due to incorrect interpretation of tags in the tokenizer CVE-2025-22872. Golang is used in our speech utilities. This vulnerabilitiy has been addressed. Please read the details for...
Regular Expression Denial Of Service (ReDoS)
transformers is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regular expression processing in the removelanguagecode method of the MarianTokenizer, which allows an attacker to exploit crafted input strings with malformed language code patterns ...
Linux Distros Unpatched Vulnerability : CVE-2025-52566
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - llama.cpp is an inference of several LLM models in C/C++. Prior to version b5721, there is a signed vs. unsigned integer overflow in llama.cpp's tokenizer...
OESA-2025-2372 llama.cpp security update
Security Fixes: llama.cpp is an inference of several LLM models in C/C++. Prior to version b5721, there is a signed vs. unsigned integer overflow in llama.cpp's tokenizer implementation llamavocab::tokenize src/llama-vocab.cpp:3036 resulting in unintended behavior in tokens copying size compariso...
OESA-2025-2371 llama.cpp security update
Security Fixes: llama.cpp is an inference of several LLM models in C/C++. Prior to version b5721, there is a signed vs. unsigned integer overflow in llama.cpp's tokenizer implementation llamavocab::tokenize src/llama-vocab.cpp:3036 resulting in unintended behavior in tokens copying size compariso...
Security update for podofo
This update for podofo fixes the following issues: fixed a free-after-use in PdfTokenizer bsc1249105 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for your produc...
SUSE-SU-2025:03533-1 Security update for podofo
This update for podofo fixes the following issues: - fixed a free-after-use in PdfTokenizer bsc1249105...
EUVD-2020-18491
Malware in sbrugna...
EUVD-2025-29032
Malicious code in bioql PyPI...
EUVD-2025-25714
Malicious code in bioql PyPI...
EUVD-2025-19074
Malicious code in bioql PyPI...
EUVD-2022-6284
Malicious code in bioql PyPI...
CVE-2025-46205
A heap-use-after free in the PdfTokenizer::ReadDictionary function of podofo v0.10.0 to v0.10.5 allows attackers to cause a Denial of Service DoS by supplying a crafted PDF file. NOTE: this is disputed by the Supplier because there is no available file to reproduce the issue...
CVE-2025-46205
A heap-use-after free in the PdfTokenizer::ReadDictionary function of podofo v0.10.0 to v0.10.5 allows attackers to cause a Denial of Service DoS by supplying a crafted PDF file. NOTE: this is disputed by the Supplier because there is no available file to reproduce the issue...
PT-2025-40287
Name of the Vulnerable Software and Affected Versions podofo versions 0.10.0 through 0.10.5 Description A heap-use-after-free issue exists in the PdfTokenizer::ReadDictionary function. This allows attackers to potentially cause a Denial of Service DoS by providing a specially crafted PDF file...
CVE-2025-46205
A heap-use-after free in the PdfTokenizer::ReadDictionary function of podofo v0.10.0 to v0.10.5 allows attackers to cause a Denial of Service DoS by supplying a crafted PDF file. NOTE: this is disputed by the Supplier because there is no available file to reproduce the issue...
Important: amazon-ssm-agent
Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...
Important: amazon-ssm-agent
Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...
Malicious code in login-tokenizer (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware afd2c92f86a125653632d04c1a4dbd53c5277d7362e0caaff90e0f65b7a92c5d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious Package
Overview login-tokenizer is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...