AutoVulnPHP: LLM-Powered Two-Stage PHP Vulnerability Detection and Automated Localization

PHP's dominance in web development is undermined by security challenges: static analysis lacks semantic depth, causing high false positives; dynamic analysis is computationally expensive; and automated vulnerability localization suffers from coarse granularity and imprecise context. Additionally,...

CVE-2025-68398

Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to overwrite Git configuration remotely and override some of its behavior. Version 5.15.1 fixes the issue...

CVE-2025-68398 Weblate has git config file overwrite vulnerability that leads to remote code execution

Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to overwrite Git configuration remotely and override some of its behavior. Version 5.15.1 fixes the issue...

CVE-2025-68398 Weblate has git config file overwrite vulnerability that leads to remote code execution

Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to overwrite Git configuration remotely and override some of its behavior. Version 5.15.1 fixes the issue...

EUVD-2025-204337

A stored cross-site scripting vulnerability in Kentico Xperience allows global administrators to inject malicious payloads via the Localization application. Attackers can execute scripts that could affect multiple parts of the administration interface...

CVE-2023-53737

A stored cross-site scripting vulnerability in Kentico Xperience allows global administrators to inject malicious payloads via the Localization application. Attackers can execute scripts that could affect multiple parts of the administration interface...

CVE-2023-53737

A stored cross-site scripting vulnerability in Kentico Xperience allows global administrators to inject malicious payloads via the Localization application. Attackers can execute scripts that could affect multiple parts of the administration interface...

CVE-2023-53737 Kentico Xperience <= 13.0.101 Localization Application Stored XSS

A stored cross-site scripting vulnerability in Kentico Xperience allows global administrators to inject malicious payloads via the Localization application. Attackers can execute scripts that could affect multiple parts of the administration interface...

CVE-2023-53737 Kentico Xperience <= 13.0.101 Localization Application Stored XSS

A stored cross-site scripting vulnerability in Kentico Xperience allows global administrators to inject malicious payloads via the Localization application. Attackers can execute scripts that could affect multiple parts of the administration interface...

CVE-2023-53737

CVE-2023-53737 describes a stored cross-site scripting vulnerability in Kentico Xperience, specifically via the Localization Application. The CVE entry (title: Kentico Xperience

PT-2025-52375

Name of the Vulnerable Software and Affected Versions Weblate versions prior to 5.15.1 Description Weblate is a web-based localization tool. Versions prior to 5.15.1 allowed remote overwriting of the Git configuration, potentially overriding its behavior. This could lead to remote code execution...

PT-2025-52311

Name of the Vulnerable Software and Affected Versions Kentico Xperience affected versions not specified Description A stored cross-site scripting issue exists in Kentico Xperience. Global administrators can inject malicious payloads through the Localization application. Successful exploitation...

CVE-2025-64725

Weblate is a web based localization tool. In versions prior to 5.15, it was possible to accept an invitation opened by a different user. Version 5.15. contains a patch. As a workaround, avoid leaving one's Weblate sessions with an invitation opened unattended...

PT-2025-51350

Name of the Vulnerable Software and Affected Versions Weblate versions prior to 5.15 Description Weblate, a web-based localization tool, had a broken authorization issue in its REST API that allowed for systematic user and project enumeration. Specifically, it was possible to retrieve user...

PT-2025-51315

Name of the Vulnerable Software and Affected Versions Weblate versions prior to 5.15 Description Weblate is a web-based localization tool. Versions prior to 5.15 allowed accepting an invitation opened by a different user. Recommendations Update to version 5.15 or later. As a workaround, avoid...

COGNITION: From Evaluation to Defense against Multimodal LLM CAPTCHA Solvers

This paper studies how multimodal large language models MLLMs undermine the security guarantees of visual CAPTCHA. We identify the attack surface where an adversary can cheaply automate CAPTCHA solving using off-the-shelf models. We evaluate 7 leading commercial and open-source MLLMs across 18...

Mageia: Security Advisory (MGASA-2025-0305)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

VULPO: Context-Aware Vulnerability Detection Via On-Policy LLM Optimization

The widespread reliance on open-source software dramatically increases the risk of vulnerability exploitation, underscoring the need for effective and scalable vulnerability detection VD. Existing VD techniques, whether traditional machine learning-based or LLM-based approaches like prompt...

CVE-2025-64326

Weblate is a web based localization tool. In versions 5.14 and below, Weblate leaks the IP address of the project member inviting the user to the project in the audit log. The audit log includes IP addresses from admin-triggered actions, which can be viewed by invited users. This issue is fixed i...

Weblate 安全漏洞

Weblate is a Copyleft open source web-based free software continuous localization system. A security vulnerability exists in Weblate 5.14 and earlier versions, which stems from audit logs leaking project member IP addresses, potentially leading to information disclosure...