Unlearning Inversion Attacks for Graph Neural Networks

Graph unlearning methods aim to efficiently remove the impact of sensitive data from trained GNNs without full retraining, assuming that deleted information cannot be recovered. In this work, we challenge this assumption by introducing the graph unlearning inversion attack: given only black-box...

AdInject: Real-World Black-Box Attacks on Web Agents Via Advertising Delivery

Vision-Language Model VLM based Web Agents represent a significant step towards automating complex tasks by simulating human-like interaction with websites. However, their deployment in uncontrolled web environments introduces significant security vulnerabilities. Existing research on adversarial...

CVE-2025-5133

A vulnerability classified as problematic has been found in Tmall Demo up to 20250505. Affected is an unknown function of the component Search Box. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be...

CPA-RAG:Covert Poisoning Attacks on Retrieval-Augmented Generation in Large Language Models

Retrieval-Augmented Generation RAG enhances large language models LLMs by incorporating external knowledge, but its openness introduces vulnerabilities that can be exploited by poisoning attacks. Existing poisoning methods for RAG systems have limitations, such as poor generalization and lack of...

CVE-2025-5133

A vulnerability classified as problematic has been found in Tmall Demo up to 20250505. Affected is an unknown function of the component Search Box. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be...

CVE-2025-5133

CVE-2025-5133 concerns Tmall Demo up to 20250505, affecting the Search Box component. The vulnerability is a cross-site scripting (XSS) issue caused by a misbehavior of an unknown function in the Search Box, enabling remote exploitation. The exploit has been publicly disclosed; no affected versio...

CVE-2025-5133 Tmall Demo Search Box cross site scripting

A vulnerability classified as problematic has been found in Tmall Demo up to 20250505. Affected is an unknown function of the component Search Box. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be...

CVE-2025-5133 Tmall Demo Search Box cross site scripting

A vulnerability classified as problematic has been found in Tmall Demo up to 20250505. Affected is an unknown function of the component Search Box. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be...

Tmall_demo 代码注入漏洞

Tmalldemo is a Spring Boot-based mini Tmall by the Xianqi Mall projectteam team. A code injection vulnerability exists in Tmalldemo 20250505 and earlier versions, which stems from a misbehavior of the component Search Box resulting in cross-site scripting...

PT-2025-22848 · Unknown · Tmall Demo

Name of the Vulnerable Software and Affected Versions: Tmall Demo up to 20250505 Description: A vulnerability has been found in the Search Box component of Tmall Demo, allowing for cross-site scripting through remote attack. The manipulation of an unknown function leads to this issue. The vendor...

CVE-2025-24711

Cross-Site Request Forgery CSRF vulnerability in Wow-Company Popup Box popup-box allows Cross Site Request Forgery.This issue affects Popup Box: from n/a through = 3.2.4...

CVE-2025-24715

Cross-Site Request Forgery CSRF vulnerability in Wow-Company Counter Box counter-box allows Cross Site Request Forgery.This issue affects Counter Box: from n/a through = 2.0.5...

CVE-2024-49236

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hafiz Uddin Ahmed Crazy Call To Action Box crazy-call-to-action-box allows DOM-Based XSS.This issue affects Crazy Call To Action Box: from n/a through = 1.0.5...

CVE-2024-1204

The Meta Box WordPress plugin before 5.9.4 does not prevent users with at least the contributor role from access arbitrary custom fields assigned to other user's posts...

CVE-2024-30553

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Joby Joseph WP Twitter Mega Fan Box Widget allows Stored XSS.This issue affects WP Twitter Mega Fan Box Widget : from n/a through 1.0...

CVE-2024-24865

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Noah Kagan Scroll Triggered Box allows Stored XSS.This issue affects Scroll Triggered Box: from n/a through 2.3...

CVE-2024-3897

The Popup Box – Best WordPress Popup Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ayspbcreateauthor AJAX action in all versions up to, and including, 4.3.6. This makes it possible for unauthenticated attackers to enumerate all...

CVE-2024-3675

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Flip Carousel, Flip Box, Post Grid, and Taxonomy List widgets in all versions up to, and including, 1.3.971 due to insufficient input sanitization and output escaping on use...

CVE-2024-3074

The Elementor ImageBox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image box widget in all versions up to, and including, 1.2.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,...

CVE-2024-29644

Cross Site Scripting vulnerability in dcat-admin v.2.1.3 and before allows a remote attacker to execute arbitrary code via a crafted script to the user login box...