2640 matches found
CVE-2012-10045
XODA version 0.4.5 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary PHP code on the server. The flaw resides in the upload functionality, which fails to properly validate or restrict uploaded file types. By crafting a multipart/form-data POST...
BDFirewall: Towards Effective and Expeditiously Black-Box Backdoor Defense in MLaaS
In this paper, we endeavor to address the challenges of backdoor attacks countermeasures in black-box scenarios, thereby fortifying the security of inference under MLaaS. We first categorize backdoor triggers from a new perspective, i.e., their impact on the patched area, and divide them into:...
Medium: pam
Issue Overview: A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input stdin. As this occurs, the attacker can train the branch predictor to execute an ROP chain...
Proactive Disentangled Modeling of Trigger-Object Pairings for Backdoor Defense
Deep neural networks DNNs and generative AI GenAI are increasingly vulnerable to backdoor attacks, where adversaries embed triggers into inputs to cause models to misclassify or misinterpret target labels. Beyond traditional single-trigger scenarios, attackers may inject multiple triggers across...
Malicious code in trigger-dev-logger (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...
MAL-2025-6773 Malicious code in trigger-dev-logger (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...
The vulnerability of the Linux operating system’s Bluetooth kernel component, which allows a hacker to trigger a service failure
The vulnerability of the Linux operating system’s Bluetooth kernel component is related to improper cleaning or release of resources. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the queue_work() function in the Linux operating system’s kernel allows a hacker to trigger a service failure.
The vulnerability of the queuework function in the Linux operating system’s kernel is related to the use of memory after it has been freed. Exploiting this vulnerability could allow an attacker to cause a service failure...
FedBAP: Backdoor Defense Via Benign Adversarial Perturbation in Federated Learning
Federated Learning FL enables collaborative model training while preserving data privacy, but it is highly vulnerable to backdoor attacks. Most existing defense methods in FL have limited effectiveness due to their neglect of the model's over-reliance on backdoor triggers, particularly as the...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an unreleased timeline in the event of a VMA allocation error could result in a warning...
ImageMagick has XMP profile write that triggers hang due to unbounded loop
Summary Infinite lines occur when writing during a specific XMP file conversion command Details 0 GetXmpNumeratorAndDenominator denominator=, numerator=, value= at MagickCore/profile.c:2578 1 GetXmpNumeratorAndDenominator denominator=, numerator=, value=720000000000000 at MagickCore/profile.c:256...
The vulnerability of the Native Image component in the Oracle GraalVM for JDK virtual machine allows a hacker to trigger a service failure.
The vulnerability of the Native Image component in the Oracle GraalVM for JDK lies in the insecure management of privileges. Exploiting this vulnerability allows a malicious actor to trigger a service failure using the HTTP protocol...
CVE-2025-53889
Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.12.0 and prior to version 11.9.0, Directus Flows with a manual trigger are not validating whether the user triggering the Flow has permissions to the items provided as payload to the Flow...
PT-2025-37221
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains a flaw related to ACPI and APEI handling of synchronous memory errors. When abnormal synchronous errors occur invalid PA, unexpected severity, no memory failu...
GHSA-7CVF-PXGP-42FC Directus' insufficient permission checks can enable unauthenticated users to manually trigger Flows
Summary Directus Flows with a manual trigger are not validating whether the user triggering the Flow has permissions to the items provided as payload to the Flow. Depending on what the Flow is set up to do this can lead to the Flow executing potential tasks on the attacker's behalf without...
Directus' insufficient permission checks can enable unauthenticated users to manually trigger Flows
Summary Directus Flows with a manual trigger are not validating whether the user triggering the Flow has permissions to the items provided as payload to the Flow. Depending on what the Flow is set up to do this can lead to the Flow executing potential tasks on the attacker's behalf without...
Directus tokens are not redacted in flow logs, exposing session credentials to all admin
Summary When using Directus Flows with the WebHook trigger, all incoming request details are logged including security sensitive data like access and refresh tokens in cookies. Impact Malicious admins with access to the logs can hijack the user sessions within the token expiration time of them...
GHSA-F24X-RM6G-3W5V Directus tokens are not redacted in flow logs, exposing session credentials to all admin
Summary When using Directus Flows with the WebHook trigger, all incoming request details are logged including security sensitive data like access and refresh tokens in cookies. Impact Malicious admins with access to the logs can hijack the user sessions within the token expiration time of them...
CVE-2025-53889
Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.12.0 and prior to version 11.9.0, Directus Flows with a manual trigger are not validating whether the user triggering the Flow has permissions to the items provided as payload to the Flow...
Mageia: Security Advisory (MGASA-2025-0208)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...