LDAP Tool Box Self Service Password 授权问题漏洞

LDAP Tool Box Self Service Password is an open source PHP application for LDAP Tool Box that allows users to change passwords in the LDAP directory. An authorization issue vulnerability exists in LDAP Tool Box Self Service Password version 1.5.2, which stems from an improperly generated password...

PT-2025-52528

Name of the Vulnerable Software and Affected Versions LDAP Tool Box Self Service Password version 1.5.2 Description The software contains a password reset issue where attackers can manipulate HTTP Host headers during token generation. This allows crafting malicious password reset requests that...

CVE-2025-64677

Improper neutralization of input during web page generation 'cross-site scripting' in Office Out-of-Box Experience allows an unauthorized attacker to perform spoofing over a network...

CVE-2025-64677

Improper neutralization of input during web page generation 'cross-site scripting' in Office Out-of-Box Experience allows an unauthorized attacker to perform spoofing over a network...

CVE-2025-64677 Office Out-of-Box Experience Spoofing Vulnerability

...

CVE-2025-64677 Office Out-of-Box Experience Spoofing Vulnerability

...

EUVD-2025-204412

Improper neutralization of input during web page generation 'cross-site scripting' in Office Out-of-Box Experience allows an unauthorized attacker to perform spoofing over a network...

CVE-2025-64677

CVE-2025-64677 affects Microsoft Office Out-of-Box Experience. Multiple sources describe an improper neutralization of input during web page generation, enabling cross-site scripting that can lead to network spoofing. The affected component is “Office Out-of-Box Experience” and the root cause is ...

Microsoft Office Out-of-Box Experience 跨站脚本漏洞

Microsoft Office Out-of-Box Experience is a user experience process software from Microsoft Corporation USA. A cross-site scripting vulnerability exists in Microsoft Office Out-of-Box Experience that stems from improper input neutralization and could lead to a network spoofing attack...

KLA90826 Multiple vulnerabilities in Microsoft Office

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to perform cross-site scripting attack, spoof user interface, gain privileges, execute arbitrary code. Below is a complete list of vulnerabilities: 1. A spoofing vulnerability in Office...

New ClickFix Attack Uses Fake Browser Fix to Install DarkGate Malware

Researchers at Point Wild have discovered a new ClickFix attack campaign that tricks users into manually installing DarkGate malware via fake browser extension alerts. Learn how this attack bypasses security by using the Windows Run box and how you can stay safe...

WuppieFuzz: Coverage-Guided, Stateful REST API Fuzzing

Many business processes currently depend on web services, often using REST APIs for communication. REST APIs expose web service functionality through endpoints, allowing easy client interaction over the Internet. To reduce the security risk resulting from exposed endpoints, thorough testing is...

Behavior-Aware and Generalizable Defense against Black-Box Adversarial Attacks for ML-Based IDS

Machine learning based intrusion detection systems are increasingly targeted by black box adversarial attacks, where attackers craft evasive inputs using indirect feedback such as binary outputs or behavioral signals like response time and resource usage. While several defenses have been proposed...

One Leak Away: How Pretrained Model Exposure Amplifies Jailbreak Risks in Finetuned LLMs

Finetuning pretrained large language models LLMs has become the standard paradigm for developing downstream applications. However, its security implications remain unclear, particularly regarding whether finetuned LLMs inherit jailbreak vulnerabilities from their pretrained sources. We investigat...

EUVD-2025-201607

A weakness has been identified in H3C Magic B1 up to 100R004. The affected element is the function sub44de0 of the file /goform/aspForm. This manipulation of the argument param causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public...

ThinkTrap: Denial-Of-Service Attacks against Black-Box LLM Services Via Infinite Thinking

Large Language Models LLMs have become foundational components in a wide range of applications, including natural language understanding and generation, embodied intelligence, and scientific discovery. As their computational requirements continue to grow, these models are increasingly deployed as...

PT-2025-49392

New HTB video up - Editor machine Chained CVE-2024-24893 for the foothold and CVE-2024-32019 to get root. https://t.co/z1zRLuMttt commands: https://t.co/zZEPDE8xg0 HackTheBox OSCP pentesting editor https://t.co/opAGaJ4Evv...

Adversarial Limits of Quantum Certification: When Eve Defeats Detection

Security of quantum key distribution QKD relies on certifying that observed correlations arise from genuine quantum entanglement rather than eavesdropper manipulation. Theoretical security proofs assume idealized conditions, practical certification must contend with adaptive adversaries who...

Physical ID-Transfer Attacks against Multi-Object Tracking Via Adversarial Trajectory

Multi-Object Tracking MOT is a critical task in computer vision, with applications ranging from surveillance systems to autonomous driving. However, threats to MOT algorithms have yet been widely studied. In particular, incorrect association between the tracked objects and their assigned IDs can...

Malicious code in @pergel/module-box (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0481d4c0ca9178f58c5a7a14ae396a916f1ff2f36d5066f2565bf521d75cdb5 The package @pergel/module-box was found to contain malicious code. Source: google-open-source-security...