HogVul: Black-Box Adversarial Code Generation Framework against LM-Based Vulnerability Detectors

Recent advances in software vulnerability detection have been driven by Language Model LM-based approaches. However, these models remain vulnerable to adversarial attacks that exploit lexical and syntax perturbations, allowing critical flaws to evade detection. Existing black-box attacks on...

CVE-1999-0592

The Logon box of a Windows NT system displays the name of the last user who logged in...

CVE-2024-2036

The ApplyOnline – Application Form Builder and Manager plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the aolmodalbox AJAX action in all versions up to, and including, 2.6.2. This makes it possible for authenticated attackers, with subscribe...

Potential Undefined Behaviors in `Arc<T>`/`Rc<T>` impls of `from_value` on OOM

The SharedPointer::alloc implementation for sync::Arc and rc::Rc in rkyv/src/impls/alloc/rc/atomic.rs and rc.rs does not check if the allocator returns a null pointer on OOM Out of Memory. This null pointer can flow through to SharedPointer::fromvalue, which calls Box::fromrawptr with the null...

Rectifying Adversarial Examples Using Their Vulnerabilities

Deep neural network-based classifiers are prone to errors when processing adversarial examples AEs. AEs are minimally perturbed input data undetectable to humans posing significant risks to security-dependent applications. Hence, extensive research has been undertaken to develop defense mechanism...

CVE-2025-69021

Cross-Site Request Forgery CSRF vulnerability in Ays Pro Popup box ays-popup-box allows Cross Site Request Forgery.This issue affects Popup box: from n/a through = 6.0.7...

ai-box-lib (>=0.1.0 <=0.1.9), aligned-py (>=0.1.0 <=0.2.0a0) +86 more potentially affected by CVE-2025-68131 via cbor2 (>=4.1.2 <=5.7.1)

cbor2 PYPI version =4.1.2, =0.1.0, =0.1.0, =0.13.0, =0.5.5.post5, =0.5.5.post4, =0.2.0, =0.10.6, =0.7.1a0, =0.1.0, =2.0.1, =1.0.0, =0.0.1, =0.0.5 and more Source cves: CVE-2025-68131 Source advisory: OSV:PYSEC-2025-90...

Unity Linux 20.1070e Security Update: cups-filters (UTSA-2025-993320)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993320 advisory. cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. In cups-filters...

EUVD-2025-205723

Cross-Site Request Forgery CSRF vulnerability in Ays Pro Popup box ays-popup-box allows Cross Site Request Forgery.This issue affects Popup box: from n/a through = 6.0.7...

CVE-2025-69021

Cross-Site Request Forgery CSRF vulnerability in Ays Pro Popup box ays-popup-box allows Cross Site Request Forgery.This issue affects Popup box: from n/a through = 6.0.7...

CVE-2025-69021 WordPress Popup box plugin <= 6.0.7 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Ays Pro Popup box ays-popup-box allows Cross Site Request Forgery.This issue affects Popup box: from n/a through = 6.0.7...

CVE-2025-69021 WordPress Popup box plugin <= 6.0.7 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Ays Pro Popup box ays-popup-box allows Cross Site Request Forgery.This issue affects Popup box: from n/a through = 6.0.7...

CVE-2025-69021

CVE-2025-14998 (Branda – White Label & Branding, Free Login Page Customizer) : Unauthenticated privilege escalation via account takeover. CVSS 9.8 (Critical). Affected software: Branda – White Label & Branding, Free Login Page Customizer (

WordPress plugin Popup box 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...

Securing the AI Supply Chain: What Can We Learn from Developer-Reported Security Issues and Solutions of AI Projects?

The rapid growth of Artificial Intelligence AI models and applications has led to an increasingly complex security landscape. Developers of AI projects must contend not only with traditional software supply chain issues but also with novel, AI-specific security threats. However, little is known...

CVE-2025-68942

Gitea before 1.22.2 allows XSS because the search input box for creating tags and branches is v-html instead of v-text...

PT-2025-53440

Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.22.2 Description Gitea versions before 1.22.2 contain a cross-site scripting XSS issue. The search input box, used when creating tags and branches, utilizes v-html instead of v-text, which allows for the execution of...

CVE-2025-64677

Improper neutralization of input during web page generation 'cross-site scripting' in Office Out-of-Box Experience allows an unauthorized attacker to perform spoofing over a network...

CVE-2023-53958

LDAP Tool Box Self Service Password 1.5.2 contains a password reset vulnerability that allows attackers to manipulate HTTP Host headers during token generation. Attackers can craft malicious password reset requests that generate tokens sent to a controlled server, enabling potential account...

CVE-2023-53958 LDAP Tool Box Self Service Password 1.5.2 Account Takeover via HTTP Host Header

LDAP Tool Box Self Service Password 1.5.2 contains a password reset vulnerability that allows attackers to manipulate HTTP Host headers during token generation. Attackers can craft malicious password reset requests that generate tokens sent to a controlled server, enabling potential account...