CVE-2025-57931 WordPress Popup box plugin <= 5.5.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Ays Pro Popup box ays-popup-box allows Cross Site Request Forgery.This issue affects Popup box: from n/a through = 5.5.4...

CVE-2025-57931 WordPress Popup box plugin <= 5.5.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Ays Pro Popup box allows Cross Site Request Forgery.This issue affects Popup box: from n/a through 5.5.4...

WordPress Popup box plugin <= 5.5.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by ch4r0n in WordPress Plugin Popup box versions = 5.5.4...

WordPress plugin Popup box 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...

PT-2025-44231

Name of the Vulnerable Software and Affected Versions Ays Pro Popup box versions through 5.5.4 Description A Cross-Site Request Forgery CSRF issue exists in Ays Pro Popup box, potentially allowing attackers to perform actions on behalf of authenticated users. This occurs due to insufficient...

SIRAJ: Diverse and Efficient Red-Teaming for LLM Agents Via Distilled Structured Reasoning

The ability of LLM agents to plan and invoke tools exposes them to new safety risks, making a comprehensive red-teaming system crucial for discovering vulnerabilities and ensuring their safe deployment. We present SIRAJ: a generic red-teaming framework for arbitrary black-box LLM agents. We emplo...

CVE-2025-62802

CVE-2025-62802 affects the DNN (DotNetNuke) CKEditor Provider. Prior to version 10.1.1, the out-of-the-box HTML editing experience allows unauthenticated users to upload files, creating a potential vector for further security issues. The vulnerability is fixed in 10.1.1. Affected material indicat...

CVE-2025-62802 DNN CKEditor Provider allows unauthenticated upload out-of-the-box

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to 10.1.1, the out-of-box experience for HTML editing allows unauthenticated users to upload files. This opens a potential vector to other security issues and is not needed on most...

Gitbook

Personal Pentesting Knowledge Base 👋 Welcome! This reposit...

HP ThinPro 安全漏洞

HP ThinPro is a Linux-based operating system from Hewlett-Packard HP in the United States. A security vulnerability exists in HP ThinPro version 8.1, which originates from an application GUI dialog box that allows unauthorized viewing of files in the file system without proper authorization...

QueryIPI: Query-Agnostic Indirect Prompt Injection on Coding Agents

Modern coding agents integrated into IDEs combine powerful tools and system-level actions, exposing a high-stakes attack surface. Existing Indirect Prompt Injection IPI studies focus mainly on query-specific behaviors, leading to unstable attacks with lower success rates. We identify a more sever...

Enhanced MLLM Black-Box Jailbreaking Attacks and Defenses

Multimodal large language models MLLMs comprise of both visual and textual modalities to process vision language tasks. However, MLLMs are vulnerable to security-related issues, such as jailbreak attacks that alter the model's input to induce unauthorized or harmful responses. The incorporation o...

Can You Trust What You See? Alpha Channel No-Box Attacks on Video Object Detection

As object detection models are increasingly deployed in cyber-physical systems such as autonomous vehicles AVs and surveillance platforms, ensuring their security against adversarial threats is essential. While prior work has explored adversarial attacks in the image domain, those attacks in the...

Separating Pseudorandom Generators from Logarithmic Pseudorandom States

Pseudorandom generators PRGs are a foundational primitive in classical cryptography, underpinning a wide range of constructions. In the quantum setting, pseudorandom quantum states PRSs were proposed as a potentially weaker assumption that might serve as a substitute for PRGs in cryptographic...

PolarEdge Targets Cisco, ASUS, QNAP, Synology Routers in Expanding Botnet Campaign

Cybersecurity researchers have shed light on the inner workings of a botnet malware called PolarEdge. PolarEdge was first documented by Sekoia in February 2025, attributing it to a campaign targeting routers from Cisco, ASUS, QNAP, and Synology with the goal of corralling them into a network for ...

CVE-2025-56320

Enterprise Contract Management Portal v.22.4.0 is vulnerable to Stored Cross-Site Scripting XSS in its chat box component. This allows a remote attacker to execute arbitrary code. NOTE: the Supplier reports that this is "Present only in an obsolete, unsupported version no longer in circulation."...

Multimodal Safety Is Asymmetric: Cross-Modal Exploits Unlock Black-Box MLLMs Jailbreaks

Multimodal large language models MLLMs have demonstrated significant utility across diverse real-world applications. But MLLMs remain vulnerable to jailbreaks, where adversarial inputs can collapse their safety constraints and trigger unethical responses. In this work, we investigate jailbreaks i...

box-bin (=0.3.1), box-format (>=0.3.0 <=0.3.3) +11 more potentially affected by unknown CVE via unic-normal (>=0.1.2 <=0.9.0)

unic-normal CARGO version =0.1.2, =0.3.0, =0.2.4-beta, =0.1.0, =0.3.0, =0.3.0, =0.1.0, =0.3.0, =0.5.0, =0.7.0, =0.1.1, =0.9.0 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2025-0082...

CVE-2025-56320

Enterprise Contract Management Portal v.22.4.0 is vulnerable to Stored Cross-Site Scripting XSS in its chat box component. This allows a remote attacker to execute arbitrary code. NOTE: the Supplier reports that this is "Present only in an obsolete, unsupported version no longer in circulation."...

CVE-2025-56320

The CVE-2025-56320 entry affects Cobblestone’s Enterprise Contract Management Portal v.22.4.0. It describes a Stored Cross-Site Scripting (XSS) vulnerability in the chat box component, enabling a remote attacker to execute arbitrary code. The available data does not provide technical details such...