130 matches found
EUVD-2022-42358
Malicious code in bioql PyPI...
EUVD-2022-2618
Malicious code in bioql PyPI...
DNN Vulnerable to Stored XSS Using Backend Admin Credentials
Summary Users that can edit modules could set a title that includes scripts. Description Some users administrators and content editors can set html in module titles and that could include javascript which could be used for XSS based attacks. With the addition of more roles being able to set modul...
Cross-site Scripting (XSS)
Overview DotNetNuke.Core is a references provider to the DotNetNuke.dll to develop extensions for the DNN Platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the Persona Bar module. An attacker can inject and execute arbitrary scripts by setting crafted HTML ...
CVE-2025-41031
Lack of authorisation in Deporsite by T-INNOVA. This vulnerability allows an unauthenticated attacker to change other users' profile pictures via a POST request using the parameters ‘IdPersona’ and “Foto” in ‘/ajax/TInnovac/FotoUsuario/llamadaAjax/uploadImage’...
CVE-2025-41030
CVE-2025-41030 affects Deporsite by T-INNOVA. The root cause is lack of authorization, allowing an unauthenticated attacker to obtain information about other users via GET /ajax/TInnova_v2/Integrantes_Recurso_v2_1/llamadaAjax/buscarPersona using the dni parameter. The CVSSv4 base score is 6.9 (ME...
PT-2025-35543
Name of the Vulnerable Software and Affected Versions: Deporsite by T-INNOVA affected versions not specified Description: The application lacks proper authorization, allowing an unauthenticated attacker to obtain information from other users. This is achieved by sending a GET request to the...
T-INNOVA Deporsite 安全漏洞
T-INNOVA Deporsite is an application from T-INNOVA, Inc. A security vulnerability exists in T-INNOVA Deporsite that stems from a lack of authorization and could lead to the modification of other users' avatars via POST requests and the IdPersona and Foto parameters...
Enhancing Jailbreak Attacks on LLMs Via Persona Prompts
Jailbreak attacks aim to exploit large language models LLMs by inducing them to generate harmful content, thereby revealing their vulnerabilities. Understanding and addressing these attacks is crucial for advancing the field of LLM safety. Previous jailbreak approaches have mainly focused on dire...
PHASE: Passive Human Activity Simulation Evaluation
Cybersecurity simulation environments, such as cyber ranges, honeypots, and sandboxes, require realistic human behavior to be effective, yet no quantitative method exists to assess the behavioral fidelity of synthetic user personas. This paper presents PHASE Passive Human Activity Simulation...
Denial Of Service (DoS)
github.com/kuadrant/authorino is vulnerable to Denial of Service DoS. The vulnerability is due to the lack of limits on post-authorization callbacks, allowing an attacker with developer persona access to overload the service...
GHSA-R8XR-PGV5-GXW3 Authorino Uncontrolled Resource Consumption vulnerability
The Authorino service in the Red Hat Connectivity Link is the authorization service for zero trust API security. Authorino allows the users with developer persona to add callbacks to be executed to HTTP endpoints once the authorization process is completed. It was found that an attacker with...
CVE-2025-25209
CVE-2025-25209 affects Red Hat Connectivity Link. The issue arises in the AuthPolicy metadata, where an object storing secrets assumes they already exist in the kuadrant-system instead of copying them to the referred namespace, enabling a attacker with developer persona access to leak secrets via...
CVE-2025-25208
CVE-2025-25208 affects the Authorino project (github.com/kuadrant/authorino) and is described as an uncontrolled resource consumption denial of service through an authpolicy with sharedsecretref, per multiple connected entries (e.g., CVE list/circl). The core impact is that a malicious/developer ...
CVE-2025-25208 Rhcl: authorino denial of service through authpolicy with sharedsecretref severity
A Developer persona can bring down the Authorino service, preventing the evaluation of all AuthPolicies on the cluster...
CVE-2025-25207
The CVE concerns Authorino in Red Hat Connectivity Link. A developer-persona attacker can flood the service with post‑authorization callbacks, and since policy enforcement is handled by a single Authorino instance, this leads to Denial of Service during post‑authorization callback processing. Doc...
CVE-2024-23295
A permissions issue was addressed to help ensure Personas are always protected. This issue is fixed in visionOS 1.1. An unauthenticated user may be able to use an unprotected Persona...
CVE-2024-40865
The issue was addressed by suspending Persona when the virtual keyboard is active. This issue is fixed in visionOS 1.3. Inputs to the virtual keyboard may be inferred from Persona...
CVE-2022-39913
Exposure of Sensitive Information to an Unauthorized Actor in Persona Manager prior to Android T13 allows local attacker to access user profiles information...
CVE-2020-2293
Jenkins Persona Plugin 2.4 and earlier allows users with Overall/Read permission to read arbitrary files on the Jenkins controller...