sigmoid.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A social space for people researching, working with, or just interested in AI!

Server stats:

595
active users

#cve

4 posts3 participants1 post today

I love the @github Security Advisory Database because they actually preserve the data from rejected advisories including the original information and the reason for rejection.

It’s clearly much more insightful than just having a bare ID marked as "rejected."

You can easily spot this in vulnerability-lookup: vulnerability.circl.lu/vuln/cv

Yet another great example of why having diverse sources for vulnerability data matters.

As of 15 July 2025, the TYPO3 Association is approved as a CVE Numbering Authority (CNA) by the CVE Program.

The TYPO3 Security Team can now assign CVE Identifiers for vulnerabilities in TYPO3 CMS and its ecosystem. This ensures TYPO3 security issues are disclosed in a coordinated and consistent way.

Learn more: t3.ms/cve-bm

Unbound 1.23.1 in now available. This security release fixes the Rebirthday Attack CVE-2025-5994.

The vulnerability re-opens up #DNS resolvers to a birthday paradox, for EDNS client subnet servers that respond with non-ECS answers. The #CVE is described here:
nlnetlabs.nl/downloads/unbound

We would like to thank Xiang Li (AOSP Lab, Nankai University) for discovering and responsibly disclosing the vulnerability.
github.com/NLnetLabs/unbound/r