25682 matches found
EUVD-2018-21951
Paroiciel 11.20 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the eGeqIdEquipe parameter. Attackers can send GET requests to the egeq.php endpoint with crafted SQL payloads to extract sensitive...
EUVD-2026-33934
A stack-based buffer overflow in the exportlanguage.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root via a crafted POST request to the /cgi-bin/admin/exportlanguage.cgi endpoint. The handler passes the...
CVE-2026-35717
A stack-based buffer overflow in the exportlanguage.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root via a crafted POST request to the /cgi-bin/admin/exportlanguage.cgi endpoint. The handler passes the...
PT-2026-45686
A vulnerability was detected in itsourcecode Fees Management System 1.0. Affected is an unknown function of the file /manage payment.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit is now public and may be used...
Backdoor Unlearning Generalization: A Path toward the Removal of Unknown Triggers in LLMs
Backdoor attacks in Large Language Models LLMs are a growing security concern, where models can generate adversary-chosen content. Existing defenses target backdoors one at a time and typically require knowledge of the trigger, leaving the defender at a structural disadvantage when unknown...
PT-2026-46650
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An uninitialized use in ANGLE Almost Native Graphics Layer Engine, an abstraction layer that allows OpenGL ES to run on various graphics APIs allows a remote attacker to obtain...
CVE-2026-35717
CVE-2026-35717 affects VIVOTEK FD8136 firmware FD8136-VVTK-0300a, specifically the export_language.cgi endpoint. The vulnerability is a stack-based buffer overflow where the handler passes the attacker-controlled Content-Length value directly to fread() as the read size into a fixed-size 0x60-byt...
Windows Scheduled Task Persistence Using S4U Authentication
This Python script defines a class called S4UPersistence that automates the creation of a Windows Scheduled Task to repeatedly execute an executable payload. It generates a Task Scheduler XML configuration and uses the S4U logon type, allowing the task to run without requiring an interactive...
PT-2026-46427
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description A stack buffer overflow exists in the GPU component. This issue allows a remote attacker who has already compromised the renderer process to potentially achieve a sandbox escape by usin...
PT-2026-45833
Name of the Vulnerable Software and Affected Versions authentik versions prior to 2025.12.5 authentik versions prior to 2026.2.3 Description The SAML source response processor ResponseProcessor.parse fails to validate the Conditions element on assertions. Specifically, NotBefore, NotOnOrAfter, an...
PT-2026-46756
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description A use after free issue in Extensions allows a remote attacker to execute arbitrary code inside a sandbox by using a crafted HTML page. Use after free is a memory corruption flaw that...
PT-2026-46587
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description A use after free issue in Blink allows a remote attacker to execute arbitrary code inside a sandbox by using a crafted HTML page. Use after free is a memory corruption flaw that occurs...
PT-2026-46508
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An out of bounds read in ANGLE allows a remote attacker to obtain potentially sensitive information from process memory by using a crafted HTML page. An out of bounds read occurs when a...
PT-2026-46723
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description A type confusion issue in the XML component allows a remote attacker to obtain potentially sensitive information from process memory by using a crafted XML file. Type confusion occurs...
PT-2026-46696
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in XML allows a remote attacker to perform Universal Cross-Site Scripting UXSS, which is a vulnerability that enables the execution of arbitrary scripts ...
PT-2026-46674
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description A use after free issue exists in WebML, which allows a remote attacker to execute arbitrary code within a sandbox by utilizing a specially crafted HTML page. Use after free is a memory...
go-toolset:ol8 security update
delve golang 1.25.9-1.0.1 - EXPERIMENTAL: Introduce fipsnoenforceems GODEBUG var - Backported from OL9u7 - Resolves: OLDIS-53586...
PT-2026-46469
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description A race condition in Codecs allows a remote attacker who has already compromised the renderer process to potentially perform a sandbox escape. This is achieved through the use of a...
PT-2026-45735
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Ahmad WP Job Portal allows Blind SQL Injection. This issue affects WP Job Portal: from n/a through 2.5.1...
From Untrusted Input to Trusted Memory: A Systematic Study of Memory Poisoning Attacks in LLM Agents
Memory is a core component of AI agents, enabling them to accumulate knowledge across interactions and improve performance. However, persistent memory introduces the risk of memory poisoning, where a single adversarial memory write can exert long-term influence over agent behavior. We present a...