WordPress plugin Cool Author Box 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site request forgery...

PT-2025-20083 · Unknown · Hossni Mubarak Cool Author Box

Name of the Vulnerable Software and Affected Versions: Hossni Mubarak Cool Author Box versions prior to 3.0.0 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows for Cross Site Request Forgery. Recommendations: For versions prior to 3.0.0, update to version 3.0...

The vulnerability of the gf_hevc_read_sps_bs_internal function in the MP4Box module of the GPAC multimedia platform allows a hacker to execute arbitrary code.

The vulnerability of the gfhevcreadspsbsinternal function in the MP4Box module of the GPAC multimedia platform is related to integer overflow. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

CVE-2025-2488

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Profelis Informatics SambaBox allows Cross-Site Scripting XSS. This issue affects SambaBox: before 5.1...

CVE-2025-2488

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Profelis Informatics SambaBox allows Cross-Site Scripting XSS.This issue affects SambaBox: before 5.1...

OET: Optimization-Based Prompt Injection Evaluation Toolkit

Large Language Models LLMs have demonstrated remarkable capabilities in natural language understanding and generation, enabling their widespread adoption across various domains. However, their susceptibility to prompt injection attacks poses significant security risks, as adversarial inputs can...

Unlocking User-Oriented Pages: Intention-Driven Black-Box Scanner for Real-World Web Applications

Black-box scanners have played a significant role in detecting vulnerabilities for web applications. A key focus in current black-box scanning is increasing test coverage i.e., accessing more web pages. However, since many web applications are user-oriented, some deep pages can only be accessed...

The vulnerability of the ctts_box_write function in the isomedia/box_code_base.c file of the MP4Box packaging tool of the GPAC multimedia platform allows a hacker to cause a service failure.

The vulnerability of the cttsboxwrite function in the isomedia/boxcodebase.c file of the MP4Box packaging tool for the GPAC multimedia platform is related to the assignment of a null pointer. Exploiting this vulnerability could allow an attacker to cause a service failure...

SentinelOne Uncovers Chinese Espionage Campaign Targeting Its Infrastructure and Clients

Cybersecurity company SentinelOne has revealed that a China-nexus threat cluster dubbed PurpleHaze conducted reconnaissance attempts against its infrastructure and some of its high-value customers. "We first became aware of this threat cluster during a 2024 intrusion conducted against an...

AGATE: Stealthy Black-Box Watermarking for Multimodal Model Copyright Protection

Recent advancement in large-scale Artificial Intelligence AI models offering multimodal services have become foundational in AI systems, making them prime targets for model theft. Existing methods select Out-of-Distribution OoD data as backdoor watermarks and retrain the original model for...

Graph of Attacks: Improved Black-Box and Interpretable Jailbreaks for LLMs

The challenge of ensuring Large Language Models LLMs align with societal standards is of increasing interest, as these models are still prone to adversarial jailbreaks that bypass their safety mechanisms. Identifying these vulnerabilities is crucial for enhancing the robustness of LLMs against su...

Quantifying Source Speaker Leakage in One-To-One Voice Conversion

Using a multi-accented corpus of parallel utterances for use with commercial speech devices, we present a case study to show that it is possible to quantify a degree of confidence about a source speaker's identity in the case of one-to-one voice conversion. Following voice conversion using a...

SUSE CVE-2017-9333

OpenWebif 1.2.5 allows remote code execution via a URL to the CallOPKG function in the IpkgController class in plugin/controllers/ipkg.py, when the URL refers to an attacker-controlled web site with a Trojan horse package. This has security implications in cases where untrusted users can trigger...

BadApex: Backdoor Attack Based on Adaptive Optimization Mechanism of Black-Box Large Language Models

Previous insertion-based and paraphrase-based backdoors have achieved great success in attack efficacy, but they ignore the text quality and semantic consistency between poisoned and clean texts. Although recent studies introduce LLMs to generate poisoned texts and improve the stealthiness,...

Q-FAKER: Query-Free Hard Black-Box Attack Via Controlled Generation

Many adversarial attack approaches are proposed to verify the vulnerability of language models. However, they require numerous queries and the information on the target model. Even black-box attack methods also require the target model's output information. They are not applicable in real-world...

Bypassing Prompt Injection and Jailbreak Detection in LLM Guardrails

Large Language Models LLMs guardrail systems are designed to protect against prompt injection and jailbreak attacks. However, they remain vulnerable to evasion techniques. We demonstrate two approaches for bypassing LLM prompt injection and jailbreak detection systems via traditional character...

Token-Level Constraint Boundary Search for Jailbreaking Text-To-Image Models

Recent advancements in Text-to-Image T2I generation have significantly enhanced the realism and creativity of generated images. However, such powerful generative capabilities pose risks related to the production of inappropriate or harmful content. Existing defense mechanisms, including prompt...

CVE-2024-54767

An access control issue in the component /juisboxinfo.xml of AVM FRITZ!Box 7530 AX v7.59 allows attackers to obtain sensitive information without authentication. NOTE: this is disputed by the Supplier because it cannot be reproduced, and the issue report focuses on an unintended configuration wit...

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop in the findBox function. An attacker can cause the application to hang indefinitely by supplying a malicious image. PoC js // mkdir 2.0.1 // cd 2.0.1/ // npm i [email protected] const imageSizeFromFile =...

GHSA-M5QC-5HW7-8VG7 image-size Denial of Service via Infinite Loop during Image Processing

Summary image-size is vulnerable to a Denial of Service vulnerability when processing specially crafted images. The issue occurs because of an infine loop in findBox when processing certain images with a box with size 0. Details If the first bytes of the input does not match any bytes in...