294 matches found
CVE-2026-41673
xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, seven recursive traversals in lib/dom.js operate without a depth limit. A sufficiently deeply nested DO...
XMLDOM 安全漏洞
XMLDOM is a JavaScript implementation of the W3C DOM for Node developed by jindw. Versions of XMLDOM prior to 0.9.10, 0.8.13, and xmldom 0.6.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the unlimited depth of recursive traversal in lib/dom.js, which could...
WordPress TreePress – Easy Family Trees & Ancestor Profiles plugin <= 3.0.6 - Unauthenticated Reflected Cross-Site Scripting vulnerability
Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin TreePress – Easy Family Trees & Ancestor Profiles versions = 3.0.6...
UBUNTU-CVE-2026-35365
The mv utility in uutils coreutils improperly handles directory trees containing symbolic links during moves across filesystem boundaries. Instead of preserving symlinks, the implementation expands them, copying the linked targets as real files or directories at the destination. This can lead to...
CVE-2026-35365
The mv utility in uutils coreutils improperly handles directory trees containing symbolic links during moves across filesystem boundaries. Instead of preserving symlinks, the implementation expands them, copying the linked targets as real files or directories at the destination. This can lead to...
CVE-2026-35365
The mv utility in uutils coreutils improperly handles directory trees containing symbolic links during moves across filesystem boundaries. Instead of preserving symlinks, the implementation expands them, copying the linked targets as real files or directories at the destination. This can lead to...
claude-code-pentest
claude-code-pentest 6 Claude Code skills that automate th...
CVE-2026-22364
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes SevenTrees seventrees allows PHP Local File Inclusion.This issue affects SevenTrees: from n/a through =1.0.2...
ShellForge: Adversarial Co-Evolution of Webshell Generation and Multi-View Detection for Robust Webshell Defense
Webshells remain a primary foothold for attackers to compromise servers, particularly within PHP ecosystems. However, existing detection mechanisms often struggle to keep pace with rapid variant evolution and sophisticated obfuscation techniques that camouflage malicious intent. Furthermore, many...
Explainability Methods for Hardware Trojan Detection: A Systematic Comparison
Hardware trojan detection requires accurate identification and interpretable explanations for security engineers to validate and act on results. This work compares three explainability categories for gate-level trojan detection on the Trust-Hub benchmark: 1 domain-aware property-based analysis of...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000396)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000396 advisory. fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain...
Malicious Package
Overview vis-trees is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
Evaluating Vulnerabilities of Connected Vehicles under Cyber Attacks by Attack-Defense Tree
Connected vehicles represent a key enabler of intelligent transportation systems, where vehicles are equipped with advanced communication, sensing, and computing technologies to interact not only with one another but also with surrounding infrastructures and the environment. Through continuous da...
A Unified Compositional View of Attack Tree Metrics
Attack trees ATs are popular graphical models for reasoning about the security of complex systems, allowing for the quantification of risk through so-called AT metrics. A large variety of different such AT metrics have been proposed, and despite their wide-spread practical use, no systematic...
The Jasmin Compiler Preserves Cryptographic Security
Jasmin is a programming and verification framework for developing efficient, formally verified, cryptographic implementations. A main component of the framework is the Jasmin compiler, which empowers programmers to write efficient implementations of state-of-the-art cryptographic primitives,...
Android Malware Detection: A Machine Learning Approach
This study examines machine learning techniques like Decision Trees, Support Vector Machines, Logistic Regression, Neural Networks, and ensemble methods to detect Android malware. The study evaluates these models on a dataset of Android applications and analyzes their accuracy, efficiency, and...
[SECURITY] Fedora 42 Update: vgrep-2.8.0-4.fc42
vgrep is a pager for grep, git-grep, ripgrep and similar grep implementations, and allows for opening the indexed file locations in a user-specified editor such as vim or emacs. vgrep is inspired by the ancient cgvg scripts but extended to perform further operations such as listing statistics of...
[SECURITY] Fedora 41 Update: vgrep-2.8.0-4.fc41
vgrep is a pager for grep, git-grep, ripgrep and similar grep implementations, and allows for opening the indexed file locations in a user-specified editor such as vim or emacs. vgrep is inspired by the ancient cgvg scripts but extended to perform further operations such as listing statistics of...
OESA-2025-2482 poppler security update
is a PDF rendering library. Security Fixes: Poppler 24.06.1 through 25.x before 25.04.0 allows stack consumption and a SIGSEGV via deeply nested structures within the metadata such as GTSPDFEVersion of a PDF document, e.g., a regular expression for a long pdfsubver string. This occurs in...
CVE-2023-53671
In the Linux kernel, the following vulnerability has been resolved: srcu: Delegate work to the boot cpu if using SRCUSIZESMALL Commit 994f706872e6 "srcu: Make Tree SRCU able to operate without snpnode array" assumes that cpu 0 is always online. However, there really are situations when some other...