nginx: Memory disclosure in the ngx_http_mp4_module

A vulnerability was found in NGINX’s module, ngxhttpmp4module. This flaw allows a local attacker to cause a worker process crash or might result in worker process memory disclosure by using a specially crafted audio or video file. The issue affects only NGINX products built with ngxhttpmp4module...

xorg: xwayland: Use-after-free in SyncInitTrigger()

A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger is called. If one of the changes triggers an error, the function will return...

kernel: coresight: cti: Fix hang in cti_disable_hw()

A context violation bug was found in the Linux kernel's CoreSight CTI Cross Trigger Interface driver in the hardware enable/disable functions. These functions are called from atomic context but attempt runtime PM operations that can sleep when communicating with firmware. This causes "sleeping...

Where the Devil Hides: Deepfake Detectors Can No Longer Be Trusted

With the advancement of AI generative techniques, Deepfake faces have become incredibly realistic and nearly indistinguishable to the human eye. To counter this, Deepfake detectors have been developed as reliable tools for assessing face authenticity. These detectors are typically developed on De...

WebAssembly Jobs and CronJobs in Kubernetes with SpinKube & the Spin Command Trigger

Learn how to run WebAssembly workloads as Kubernetes Jobs and CronJobs using SpinKube and the Spin command trigger...

One Trigger Token Is Enough: a Defense Strategy for Balancing Safety and Usability in Large Language Models

Large Language Models LLMs have been extensively used across diverse domains, including virtual assistants, automated code generation, and scientific research. However, they remain vulnerable to jailbreak attacks, which manipulate the models into generating harmful responses despite safety...

SUSE CVE-2025-37842

In the Linux kernel, the following vulnerability has been resolved: spi: fsl-qspi: use devm function instead of driver remove Driver use devm APIs to manage clk/irq/resources and register the spi controller, but the legacy remove function will be called first during device detach and trigger kern...

Duplicate Advisory: ring has some AES functions that may panic when overflow checking is enabled in

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4p46-pwfr-66x6. This link is maintained to preserve external references. Original Description A flaw was found in Rust's Ring package. A panic may be triggered when overflow checking is enabled. In the QUIC...

CVE-2025-4432

A flaw was found in Rust's Ring package. A panic may be triggered when overflow checking is enabled. In the QUIC protocol, this flaw allows an attacker to induce this panic by sending a specially crafted packet. It will likely occur unintentionally in 1 out of every 232 packets sent or received...

DEBIAN-CVE-2025-37875

In the Linux kernel, the following vulnerability has been resolved: igc: fix PTM cycle trigger logic Writing to clear the PTM status 'valid' bit while the PTM cycle is triggered results in unreliable PTM operation. To fix this, clear the PTM 'trigger' and status after each PTM transaction. The...

AZL-70364 CVE-2025-37842 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: spi: fsl-qspi: use devm function instead of driver remove Driver use devm APIs to manage clk/irq/resources and register the spi controller, but the legacy remove function will be called first during device detach and trigger kern...

DEBIAN-CVE-2025-37842

In the Linux kernel, the following vulnerability has been resolved: spi: fsl-qspi: use devm function instead of driver remove Driver use devm APIs to manage clk/irq/resources and register the spi controller, but the legacy remove function will be called first during device detach and trigger kern...

CVE-2025-37875

CVE-25-37875 concerns the Linux kernel igc/PTM logic. The issue arose from writing to clear the PTM status 'valid' bit while a PTM cycle was in progress, causing unreliablePTM operation. The fix disables PTM trigger most of the time and limits triggering to very brief windows (roughly 10–100 μs) ...

CVE-2025-37875

In the Linux kernel, the following vulnerability has been resolved: igc: fix PTM cycle trigger logic Writing to clear the PTM status 'valid' bit while the PTM cycle is triggered results in unreliable PTM operation. To fix this, clear the PTM 'trigger' and status after each PTM transaction. The...

CVE-2025-37875 igc: fix PTM cycle trigger logic

In the Linux kernel, the following vulnerability has been resolved: igc: fix PTM cycle trigger logic Writing to clear the PTM status 'valid' bit while the PTM cycle is triggered results in unreliable PTM operation. To fix this, clear the PTM 'trigger' and status after each PTM transaction. The...

SUSE CVE-2022-49793

In the Linux kernel, the following vulnerability has been resolved: iio: trigger: sysfs: fix possible memory leak in iiosysfstriginit devsetname allocates memory for name, it need be freed when deviceadd fails, call putdevice to give up the reference that hold in deviceinitialize, so that it can ...

SUSE CVE-2022-49794

In the Linux kernel, the following vulnerability has been resolved: iio: adc: at91adc: fix possible memory leak in at91adcallocatetrigger If iiotriggerregister returns error, it should call iiotriggerfree to give up the reference that hold in iiotriggeralloc, so that it can call iiotrigrelease to...

BadLingual: a Novel Lingual-Backdoor Attack against Large Language Models

In this paper, we present a new form of backdoor attack against Large Language Models LLMs: lingual-backdoor attacks. The key novelty of lingual-backdoor attacks is that the language itself serves as the trigger to hijack the infected LLMs to generate inflammatory speech. They enable the precise...

Towards Dataset Copyright Evasion Attack against Personalized Text-To-Image Diffusion Models

Text-to-image T2I diffusion models have rapidly advanced, enabling high-quality image generation conditioned on textual prompts. However, the growing trend of fine-tuning pre-trained models for personalization raises serious concerns about unauthorized dataset usage. To combat this, dataset...

Malicious code in socket-event-trigger (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 84c96a1eba1263914947232b5710b1f74986be68b124fefcbd733643ddd31c47 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...