EUVD-2025-150365

cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. In cups-filters prior to 1.28.18, by crafting a PDF file with a large MediaBox value, an attacker can cause CUPS-Filter 1.x’s pdftoraster tool to...

CVE-2025-64503 [BIGSLEEP-434615384] cups-filters 1.x: out of bounds write in pdftoraster

cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. In cups-filters prior to 1.28.18, by crafting a PDF file with a large MediaBox value, an attacker can cause CUPS-Filter 1.x’s pdftoraster tool to...

CVE-2025-64503

CVE-2025-64503 is a publicly reported issue affecting cups-filters (and libcupsfilters) where a crafted PDF with an oversized MediaBox width triggers an integer overflow in bytesPerLine calculation, leading to an out-of-bounds write in pdftoraster/writePixel8 and potential memory corruption. The ...

CVE-2025-64503

cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. In cups-filters prior to 1.28.18, by crafting a PDF file with a large MediaBox value, an attacker can cause CUPS-Filter 1.x’s pdftoraster tool to...

CVE-2025-64503

cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. In cups-filters prior to 1.28.18, by crafting a PDF file with a large MediaBox value, an attacker can cause CUPS-Filter 1.x’s pdftoraster tool to...

PT-2025-46713

Name of the Vulnerable Software and Affected Versions cups-filters versions prior to 1.28.18 Description cups-filters includes backends, filters, and other software needed for the CUPS printing service. A flaw exists where a specially crafted PDF file with a large MediaBox value can cause an...

UBUNTU-CVE-2025-64503

cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. In cups-filters prior to 1.28.18, by crafting a PDF file with a large MediaBox value, an attacker can cause CUPS-Filter 1.x’s pdftoraster tool to...

JPRO: Automated Multimodal Jailbreaking Via Multi-Agent Collaboration Framework

The widespread application of large VLMs makes ensuring their secure deployment critical. While recent studies have demonstrated jailbreak attacks on VLMs, existing approaches are limited: they require either white-box access, restricting practicality, or rely on manually crafted patterns, leadin...

Quantifying the Risk of Transferred Black Box Attacks

Neural networks have become pervasive across various applications, including security-related products. However, their widespread adoption has heightened concerns regarding vulnerability to adversarial attacks. With emerging regulations and standards emphasizing security, organizations must...

Black-Box Guardrail Reverse-Engineering Attack

Large language models LLMs increasingly employ guardrails to enforce ethical, legal, and application-specific constraints on their outputs. While effective at mitigating harmful responses, these guardrails introduce a new class of vulnerabilities by exposing observable decision patterns. In this...

CVE-2025-12400

The LMB^Box Smileys plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2. This is due to missing or incorrect nonce validation on the managepage function. This makes it possible for unauthenticated attackers to update settings and inject...

CVE-2025-12400

CVE-2025-12400 concerns the WordPress plugin LMB^Box Smileys. The vulnerability is a CSRF to Stored XSS in all versions up to 3.2, caused by missing or incorrect nonce validation in the plugin’s manage_page() function. As described, unauthenticated attackers can cause a site administrator to perf...

CVE-2025-12400 LMB^Box Smileys <= 3.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The LMB^Box Smileys plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2. This is due to missing or incorrect nonce validation on the managepage function. This makes it possible for unauthenticated attackers to update settings and inject...

CVE-2025-12400 LMB^Box Smileys <= 3.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The LMB^Box Smileys plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2. This is due to missing or incorrect nonce validation on the managepage function. This makes it possible for unauthenticated attackers to update settings and inject...

WordPress plugin LMB Box Smileys 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-site reques...

CVE-2025-57931

Cross-Site Request Forgery CSRF vulnerability in Ays Pro Popup box ays-popup-box allows Cross Site Request Forgery.This issue affects Popup box: from n/a through = 5.5.4...

EUVD-2025-36566

DNN CKEditor Provider allows unauthenticated upload out-of-the-box...

DNN CKEditor Provider allows unauthenticated upload out-of-the-box

Summary The out-of-box experience for HTML editing allows unauthenticated users to upload files. This opens a potential vector to other security issues and is not needed on most implementations. Details The new out-of-box experience blocks that endpoint to unauthenticated users. If there is a rea...

EUVD-2025-36595

Cross-Site Request Forgery CSRF vulnerability in Ays Pro Popup box allows Cross Site Request Forgery.This issue affects Popup box: from n/a through 5.5.4...

CVE-2025-57931

CVE-2025-57931 : WordPress plugin Popup Box (Ays Pro Popup box) is affected by a Cross-Site Request Forgery (CSRF) vulnerability in versions up to 5.5.4. The connected documents indicate CSRF as the underlying issue; no exploitation details are provided. A fix is to upgrade to a version later tha...