CVE-2012-5006

Heap-based buffer overflow in npdjvu.dll in Caminova DjVu Browser Plug-in 6.1.4 Build 27351 and other versions before 6.1.4.27993 allows remote attackers to execute arbitrary code via a crafted Sjbz chunk in a djvu file...

CVE-2010-1568

The Send Secure functionality in the Cisco IronPort Desktop Flag Plug-in for Outlook before 6.5.0-006 does not properly handle simultaneously composed messages, which might allow remote attackers to obtain cleartext contents of e-mail messages that were intended to be encrypted, aka bug 65623...

CVE-2013-2835

Google Chrome OS before 26.0.1410.57 does not properly enforce origin restrictions for the O3D and Google Talk plug-ins, which allows remote attackers to bypass the domain-whitelist protection mechanism via a crafted web site, a different vulnerability than CVE-2013-2834...

CVE-2009-4169

Cross-site scripting XSS vulnerability in wp-cumulus.php in the WP-Cumulus Plug-in before 1.22 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

JULI: Jailbreak Large Language Models by Self-Introspection

Large Language Models LLMs are trained with safety alignment to prevent generating malicious content. Although some attacks have highlighted vulnerabilities in these safety-aligned LLMs, they typically have limitations, such as necessitating access to the model weights or the generation process...

The vulnerability of the SDK components of AirPlay and CarPlay Communication Plug-in, which allows a perpetrator to cause a service failure.

The vulnerability of the SDK components of AirPlay and CarPlay Communication Plug-in relates to the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow a malicious actor to cause service failures...

CVE-2025-30422

A buffer overflow was addressed with improved input validation. This issue is fixed in AirPlay audio SDK 2.7.1 and AirPlay video SDK 3.6.0.126. An attacker on the local network may cause an unexpected app termination...

CVE-2025-24132

The issue was addressed with improved memory handling. This issue is fixed in AirPlay audio SDK 2.7.1 and AirPlay video SDK 3.6.0.126. An attacker on the local network may cause an unexpected app termination...

CVE-2025-24132

The issue was addressed with improved memory handling. This issue is fixed in AirPlay audio SDK 2.7.1 and AirPlay video SDK 3.6.0.126. An attacker on the local network may cause an unexpected app termination...

CVE-2025-30422

A buffer overflow was addressed with improved input validation. This issue is fixed in AirPlay audio SDK 2.7.1 and AirPlay video SDK 3.6.0.126. An attacker on the local network may cause an unexpected app termination...

CVE-2025-30422

A buffer overflow was addressed with improved input validation. This issue is fixed in AirPlay audio SDK 2.7.1, AirPlay video SDK 3.6.0.126, CarPlay Communication Plug-in R18.1. An attacker on the local network may cause an unexpected app termination...

CVE-2025-24132

The issue was addressed with improved memory handling. This issue is fixed in AirPlay audio SDK 2.7.1, AirPlay video SDK 3.6.0.126, CarPlay Communication Plug-in R18.1. An attacker on the local network may cause an unexpected app termination...

CVE-2025-24132

CVE-2025-24132 affects Apple AirPlay SDKs (AirPlay audio SDK 2.7.1, AirPlay video SDK 3.6.0.126) and the CarPlay plug‑in (R18.1). The issue is described as a memory handling vulnerability that can cause an application to terminate when exploited from the local network. Public connected documents ...

Apple多款产品 安全漏洞

Apple FairPlay and others are products of Apple Inc.Apple FairPlay is a core component used to provide media playback capabilities to devices.Apple AirPlay audio SDK is an officially licensed development kit that allows third-party hardware products to integrate the AirPlay audio streaming protoc...

Apple多款产品 安全漏洞

Apple FairPlay and others are products of Apple Inc.Apple FairPlay is a core component used to provide media playback capabilities to devices.Apple AirPlay audio SDK is an officially licensed development kit that allows third-party hardware products to integrate the AirPlay audio streaming protoc...

PT-2025-18328

Name of the Vulnerable Software and Affected Versions AirPlay audio SDK versions prior to 2.7.1 AirPlay video SDK versions prior to 3.6.0.126 CarPlay Communication Plug-in versions prior to R18.1 Description A buffer overflow issue was addressed by improving input validation. This could allow an...

DoomArena: a Framework for Testing AI Agents against Evolving Security Threats

We present DoomArena, a security evaluation framework for AI agents. DoomArena is designed on three principles: 1 It is a plug-in framework and integrates easily into realistic agentic frameworks like BrowserGym for web agents and $τ$-bench for tool calling agents; 2 It is configurable and allows...

Nullsoft Scriptable Install System 安全漏洞

Nullsoft Scriptable Install System is a specialized open source system from the Nullsoft team for creating Windows installers. A security vulnerability exists in Nullsoft Scriptable Install System versions prior to 3.11, which stems from an improperly created temporary plug-in directory that coul...

CVE-2025-31008 WordPress YouTube Embed plugin <= 5.3.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Embeds For YouTube Plugin Support YouTube Embed youtube-embed allows Stored XSS.This issue affects YouTube Embed: from n/a through = 5.3.1...

PT-2025-18219

Name of the Vulnerable Software and Affected Versions AirPlay audio SDK versions 2.7.1 and later AirPlay video SDK versions 3.6.0.126 and later CarPlay Communication Plug-in version R18.1 and later Description This issue involves improved memory handling to address a flaw that could allow a local...