12642 matches found
Amazon Linux 2 : runc (ALASDOCKER-2025-068)
The version of runc installed on the remote host is prior to 1.2.4-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2DOCKER-2025-068 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF...
Amazon Linux 2023 : runc (ALAS2023-2025-1041)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1041 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly...
Robot Context Protocol (RCP): a Runtime-Agnostic Interface for Agent-Aware Robot Control
The Robot Context Protocol RCP is a lightweight, middleware-agnostic communication protocol designed to simplify the complexity of robotic systems and enable seamless interaction between robots, users, and autonomous agents. RCP provides a unified and semantically meaningful interface that...
Expert Insight-Based Modeling of Non-Kinetic Strategic Deterrence of Rare Earth Supply Disruption: a Simulation-Driven Systematic Framework
This study constructs a quantifiable modelling framework to simulate non-kinetic strategic deterrence pathways in rare earth supply disruption scenarios, based on structured responses from expert interviews led by Dr. Daniel O'Connor, CEO of the Rare Earth Exchange REE. Focusing on disruption...
Doppelgänger Method: Breaking Role Consistency in LLM Agent via Prompt-based Transferable Adversarial Attack
Since the advent of large language models, prompt engineering now enables the rapid, low-effort creation of diverse autonomous agents that are already in widespread use. Yet this convenience raises urgent concerns about the safety, robustness, and behavioral consistency of the underlying prompts,...
The vulnerability of the NOOP command in the PCMan FTP server allows a hacker to execute arbitrary code or cause a service failure.
The vulnerability of the NOOP command in the PCMan FTP server is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause service interruptions...
The vulnerability in the ZendTo web application for transferring files involves an incorrect restriction on the path to the restricted directory. This allows a malicious actor to gain read and write access to data, or cause a service failure.
The vulnerability in the web application for transferring files via ZendTo is related to an incorrect restriction on the path to the restricted directory during the processing of the tmpname parameter. Exploiting this vulnerability can allow an attacker to gain read and modify access to data, or...
CVE-2025-4821
Impact Cloudflare quiche was discovered to be vulnerable to incorrect congestion window growth, which could cause it to send data at a rate faster than the path might actually support. An unauthenticated remote attacker can exploit the vulnerability by first completing a handshake and initiating ...
DEBIAN-CVE-2022-50044
In the Linux kernel, the following vulnerability has been resolved: net: qrtr: start MHI channel after endpoit creation MHI channel may generates event/interrupt right after enabling. It may leads to 2 race conditions issues. 1 Such event may be dropped by qcommhiqrtrdlcallback at check: if !qdev...
UBUNTU-CVE-2022-50044
In the Linux kernel, the following vulnerability has been resolved: net: qrtr: start MHI channel after endpoit creation MHI channel may generates event/interrupt right after enabling. It may leads to 2 race conditions issues. 1 Such event may be dropped by qcommhiqrtrdlcallback at check: if !qdev...
UBUNTU-CVE-2022-50023
In the Linux kernel, the following vulnerability has been resolved: dmaengine: dw-axi-dmac: ignore interrupt if no descriptor If the channel has no descriptor and the interrupt is raised then the kernel will OOPS. Check the result of vchannextdesc in the handler axichanblockxfercomplete to avoid...
PT-2025-27955
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved, related to the handling of /proc/net/atm/lec. The issue arises from the lack of safety against dev lec changes, specifically due ...
libsoup: Out of bounds reads in soup_headers_parse_request()
A flaw was found in libsoup, where the soupheadersparserequest function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted HTTP request to crash the HTTP server...
Proposal for Improving Google A2A Protocol: Safeguarding Sensitive Data in Multi-Agent Systems
A2A, a protocol for AI agent communication, offers a robust foundation for secure AI agent communication. However, it has several critical issues in handling sensitive data, such as payment details, identification documents, and personal information. This paper reviews the existing protocol,...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Added a NULL check in ufshcdmcqcomplpendingtransfer. Also added a NULL check for the returned hwq pointer by ufshcdmcqreqtohwq. This is similar to the fix in commit 74736103fb41 “scsi: ufs: core: Fix ufs abort ra...
CVE-2025-49197
The application uses a weak password hash function, allowing an attacker to crack the weak password hash to gain access to an FTP user account...
Important: cni-plugins
Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...
SICK Field Analytics和SICK Media Server 安全漏洞
SICK Field Analytics and SICK Media Server are both products of the German company SICK.SICK Field Analytics is software for evaluating manufacturing data.SICK Media Server is a media server. A security vulnerability exists in SICK Field Analytics and SICK Media Server that stems from an FTP logi...
Amazon Linux 2023 : cni-plugins (ALAS2023-2025-1012)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1012 advisory. The various Is methods IsPrivate, IsLoopback, etc did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms...
Apache InLong Deserialization Vulnerability (CNVD-2025-12411)
Apache InLong is the U.S. Apache Apache Foundation's one-stop massive data integration framework. Provides automated, secure and reliable data transfer capabilities. Apache InLong versions 1.13.0 to 2.1.0 has a deserialization vulnerability , the vulnerability stems from the application in the...