EUVD-2025-199454

Malicious code in @pergel/module-box npm...

MAL-2025-191285 Malicious code in @pergel/module-box (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0481d4c0ca9178f58c5a7a14ae396a916f1ff2f36d5066f2565bf521d75cdb5 The package @pergel/module-box was found to contain malicious code. Source: google-open-source-security...

Is Your Android TV Streaming Box Part of a Botnet?

On the surface, the Superbox media streaming devices for sale at retailers like BestBuy and Walmart may seem like a steal: They offer unlimited access to more than 2,200 pay-per-view and streaming services like Netflix , ESPN and Hulu , all for a one-time fee of around $400. But security experts...

Revive Adserver Cross-Site Scripting Vulnerability (CNVD-2025-29421)

Revive Adserver is an open source ad serving system that allows advertisers, publishers, and networks to place ads on multiple platforms e.g., websites, apps, video players and supports ad effectiveness tracking, campaign management, and placement rule definition. Revive Adserver suffers from a...

FedPoisonTTP: A Threat Model and Poisoning Attack for Federated Test-Time Personalization

Test-time personalization in federated learning enables models at clients to adjust online to local domain shifts, enhancing robustness and personalization in deployment. Yet, existing federated learning work largely overlooks the security risks that arise when local adaptation occurs at test tim...

Frequency Bias Matters: Diving into Robust and Generalized Deep Image Forgery Detection

As deep image forgery powered by AI generative models, such as GANs, continues to challenge today's digital world, detecting AI-generated forgeries has become a vital security topic. Generalizability and robustness are two critical concerns of a forgery detector, determining its reliability when...

CVE-2025-64503

A flaw was found in cups-filters. This vulnerability allows an out-of-bounds write via a crafted Portable Document Format PDF file with a large MediaBox value...

EUVD-2025-198334

HackerOne community member Dang Hung Vi vidang04 has reported a stored XSS vulnerability involving the navigation box at the top of advertiser-related pages, with campaign names being the vector for the stored XSS...

CVE-2025-55126

HackerOne community member Dang Hung Vi vidang04 has reported a stored XSS vulnerability involving the navigation box at the top of advertiser-related pages, with campaign names being the vector for the stored XSS...

CVE-2025-55126

HackerOne community member Dang Hung Vi vidang04 has reported a stored XSS vulnerability involving the navigation box at the top of advertiser-related pages, with campaign names being the vector for the stored XSS...

CVE-2025-55126

Revive Adserver is affected by a stored XSS in the navigation/advertiser pages where campaign names are stored and later rendered without escaping. The vulnerability is exploitable by a low-privilege authenticated user who can store HTML/JS in campaign names via the admin Inventory → Banners adve...

CVE-2025-55126

HackerOne community member Dang Hung Vi vidang04 has reported a stored XSS vulnerability involving the navigation box at the top of advertiser-related pages, with campaign names being the vector for the stored XSS...

"To Survive, I Must Defect": Jailbreaking LLMs Via the Game-Theory Scenarios

As LLMs become more common, non-expert users can pose risks, prompting extensive research into jailbreak attacks. However, most existing black-box jailbreak attacks rely on hand-crafted heuristics or narrow search spaces, which limit scalability. Compared with prior attacks, we propose Game-Theor...

PT-2025-47624

HackerOne community member Dang Hung Vi vidang04 has reported a stored XSS vulnerability involving the navigation box at the top of advertiser-related pages, with campaign names being the vector for the stored XSS...

Revive Adserver 安全漏洞

Revive Adserver is an open source ad serving system that allows advertisers, publishers, and networks to place ads on multiple platforms e.g., websites, apps, video players and supports ad effectiveness tracking, campaign management, and placement rule definition. Revive Adserver suffers from a...

CVE-2025-51663

A vulnerability found in IPRateLimit implementation of FileCodeBox up to 2.2 allows remote attackers to bypass ip-based rate limit protection and failed attempt restrictions by faking X-Real-IP and X-Forwarded-For HTTP headers. This can enable attackers to perform DoS attacks or brute force share...

GRAPHTEXTACK: A Realistic Black-Box Node Injection Attack on LLM-Enhanced GNNs

Text-attributed graphs TAGs, which combine structural and textual node information, are ubiquitous across many domains. Recent work integrates Large Language Models LLMs with Graph Neural Networks GNNs to jointly model semantics and structure, resulting in more general and expressive models that...

Linux Distros Unpatched Vulnerability : CVE-2025-64503

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. In...

DEBIAN-CVE-2025-64503

cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. In cups-filters prior to 1.28.18, by crafting a PDF file with a large MediaBox value, an attacker can cause CUPS-Filter 1.x’s pdftoraster tool to...

CVE-2025-64503 [BIGSLEEP-434615384] cups-filters 1.x: out of bounds write in pdftoraster

cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. In cups-filters prior to 1.28.18, by crafting a PDF file with a large MediaBox value, an attacker can cause CUPS-Filter 1.x’s pdftoraster tool to...