Tootfinder

A vulnerability was identified in NASM Netwide Assember 2.17rc0. This issue affects the function assemble_file of the file nasm.c. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
CVE-2025-8845 (GCVE-0-2025-8845)
#nasm

License plate reader company Flock has stopped US agencies from accessing cameras in CA, IL, and VA after reports of lookups related to ICE and an abortion case (404 Media)
https://www.404media.co/flock-removes-state…

Flock Removes States From National Lookup Tool After ICE and Abortion Searches Revealed
Following 404 Media’s reporting and in light of new legislation, automatic license plate reader (ALPR) company Flock has stopped agencies reaching into cameras in California, Illinois, and Virginia.

We had the pleasure of presenting at FIRST.org 2025, showcasing the Vulnerability-Lookup and GCVE.eu initiatives.
Slides are now available.
#cybersecurity #vulnerability #cve

on my blog!
p-fast trie: lexically ordered hash map
https://dotat.at/@/2025-08-04-p-fast-trie.html
trie lookups in O(log k) where k is the key length
asymptotically faster than the usual O(k) trie lookup, but at what cost in memory?

WeTok: Powerful Discrete Tokenization for High-Fidelity Visual Reconstruction
Shaobin Zhuang, Yiwei Guo, Canmiao Fu, Zhipeng Huang, Zeyue Tian, Ying Zhang, Chen Li, Yali Wang
https://arxiv.org/abs/2508.05599

WeTok: Powerful Discrete Tokenization for High-Fidelity Visual Reconstruction
Visual tokenizer is a critical component for vision generation. However, the existing tokenizers often face unsatisfactory trade-off between compression ratios and reconstruction fidelity. To fill this gap, we introduce a powerful and concise WeTok tokenizer, which surpasses the previous leading tokenizers via two core innovations. (1) Group-wise lookup-free Quantization (GQ). We partition the latent features into groups, and perform lookup-free quantization for each group. As a result, GQ can …

Beyond CVEs: Mastering the Landscape with Vulnerability-Lookup is finally online.
The talk was given at @… conference.
#opensource #vulnerability

We are excited to announce the release of Vulnerability-Lookup 2.15.0!
This version brings new features, performance improvements, and several bug fixes.
Thanks to @… for the hard work.
#vulnerability

Who is right with this sudo vulnerability? The CVSS reported or the VLAI severity model?
#sudo #vulnerability #vulnerabilitymanagement

The Python-based data-exfiltration utility used by the Cl0p ransomware group (commonly distributed as part of the toolset during the 2023 – 2024 MoveIt campaigns) constructs operating-system commands by directly concatenating attacker-supplied strings without input sanitization. An authenticated endpoint on the Cl0p operators’ staging/collection host passes file-or directory-names received from compromised machines straight into a shell-escape sequence. No official patch or cooperation from …

Curious about the Chinese vulnerability database? It's now included on https://vulnerability-lookup.org!
Big thanks to @… for the aw…