784 matches found
EUVD-2025-25780
Malicious code in bioql PyPI...
EUVD-2023-1450
Malicious code in bioql PyPI...
EUVD-2024-1167
Malicious code in bioql PyPI...
EUVD-2025-28446
Malicious code in bioql PyPI...
EUVD-2025-20927
Malicious code in bioql PyPI...
SafeSearch: Automated Red-Teaming for the Safety of LLM-Based Search Agents
Search agents connect LLMs to the Internet, enabling access to broader and more up-to-date information. However, unreliable search results may also pose safety threats to end users, establishing a new threat surface. In this work, we conduct two in-the-wild experiments to demonstrate both the...
Details About Chinese Surveillance and Propaganda Companies
Details from leaked documents: While people often look at China’s Great Firewall as a single, all-powerful government system unique to China, the actual process of developing and maintaining it works the same way as surveillance technology in the West. Geedge collaborates with academic institutio...
gnutls: Vulnerability in GnuTLS SCT extension parsing
A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency CT Signed Certificate Timestamp SCT extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension OID...
gnutls: Vulnerability in GnuTLS SCT extension parsing
A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency CT Signed Certificate Timestamp SCT extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension OID...
CISA, NSA, and Global Partners Release a Shared Vision of Software Bill of Materials (SBOM) Guidance
CISA, in collaboration with NSA and 19 international partners, released joint guidance outliningA Shared Vision of Software Bill of Materials SBOM for Cybersecurity. This marks a significant step forward in strengthening software supply chain transparency and security worldwide. An SBOM is a form...
CISA: a Shared Vision of Software Bill of Materials (SBOM) for Cybersecurity
CISA and the National Security Agency NSA in collaboration with 19 international cybersecurity organizations, have released joint guidance outlining a shared global vision of Software Bill of Materials SBOM. This milestone reflects a growing international consensus on the importance of software...
CVE-2025-8700
Invoice Ninja's configuration on macOS, specifically the presence of entitlement "com.apple.security.get-task-allow", allows local attackers with unprivileged access e.g. via a malicious application to attach a debugger, read or modify the process memory, inject code in the application's context...
Security update for gnutls
This update for gnutls fixes the following issues: CVE-2025-32988: Fixed double-free due to incorrect ownership handling in the export logic of SAN entries containing an otherName bsc1246232. CVE-2025-32989: Fixed heap buffer overread when handling the CT SCT extension during X.509 certificate...
Malicious code in key-transparency (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-41577 Malicious code in key-transparency (npm)
--- -= Per source details. Do not edit below this line.=-...
TencentOS Server 4: gnutls (TSSA-2025:0540)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0540 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
CVE-2025-8700
Invoice Ninja's configuration on macOS, specifically the presence of entitlement "com.apple.security.get-task-allow", allows local attackers with unprivileged access e.g. via a malicious application to attach a debugger, read or modify the process memory, inject code in the application's context...
CVE-2025-53811
The configuration of Mosh-Pro on macOS, specifically the "RunAsNode" fuse enabled, allows a local attacker with unprivileged access to execute arbitrary code that inherits Mosh-Pro TCC Transparency, Consent, and Control permissions. Acquired resource access is limited to previously granted...
CVE-2025-8700 Privilege Escalation via get-task-allow entitlement in Invoice Ninja
Invoice Ninja's configuration on macOS, specifically the presence of entitlement "com.apple.security.get-task-allow", allows local attackers with unprivileged access e.g. via a malicious application to attach a debugger, read or modify the process memory, inject code in the application's context...
CVE-2025-8597 Privilege Escalation via get-task-allow entitlement in MacVim.app
MacVim's configuration on macOS, specifically the presence of entitlement "com.apple.security.get-task-allow", allows local attackers with unprivileged access e.g. via a malicious application to attach a debugger, read or modify the process memory, inject code in the application's context despite...