RAR: Setting Knowledge Tripwires for Retrieval Augmented Rejection

Content moderation for large language models LLMs remains a significant challenge, requiring flexible and adaptable solutions that can quickly respond to emerging threats. This paper introduces Retrieval Augmented Rejection RAR, a novel approach that leverages a retrieval-augmented generation RAG...

SAP NetWeaver Visual Composer Metadata Uploader Deserialization Vulnerability

SAP NetWeaver Visual Composer Metadata Uploader is a component in SAP NetWeaver for uploading metadata. A deserialization vulnerability exists in SAP NetWeaver Visual Composer Metadata Uploader that originates from deserializing malicious content, which can be exploited by an attacker to cause a...

The vulnerability of the AES-128-CBC encryption algorithm in the microprogramming-based router software Tenda RX2 Pro allows a hacker to disclose the protected information.

The vulnerability of the AES-128-CBC encryption algorithm in the microprogramming-based router software Tenda RX2 Pro relates to the repeated use of the Initialization Vector IV during the generation of cryptographic keys. Exploiting this vulnerability could allow a malicious actor to disclose th...

CVE-2024-9238

The AVIF Uploader WordPress plugin before 1.1.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...

CVE-2024-8245

The GamiPress WordPress plugin before 1.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2023-7086

The SVG Uploads Support WordPress plugin through 2.1.1 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...

CVE-2023-6541

The Allow SVG WordPress plugin before 1.2.0 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...

CVE-2024-8094

The CVE-2024-8094 entry identifies a CSRF flaw in the Ntz Antispam WordPress plugin (versions up to 2.0e) where the settings update flow lacks CSRF protection. Root cause: missing CSRF check when updating plugin settings. Impact: a CSRF attack could cause a logged-in admin to change settings. Pub...

CVE-2025-47789 Horilla Open Redirect Vulnerability in Login

Horilla is a free and open source Human Resource Management System HRMS. In versions up to and including 1.3, an attacker can craft a Horilla URL that refers to an external domain. Upon clicking and logging in, the user is redirected to an external domain. This allows the redirection to any...

WordPress plugin AVIF Uploader 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin Allow SVG 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

PT-2025-30842 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw exists in the Linux kernel's RISC-V vector implementation related to context save and restore operations with xtheadvector. Previously, only registers v0-v7 were correctly saved...

Mageia: Security Advisory (MGASA-2025-0156)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-29689

CVE-2025-29689 describes an XSS in OA System prior to 2025.01.01. The vulnerability stems from improper input handling of the password parameter in the endpoint “/mail/MailController.java”, allowing execution of arbitrary web scripts/HTML. A fix is available: upgrade OA System to 2025.01.01 or la...

Optimizing DDoS Detection in SDNs through Machine Learning Models

The emergence of Software-Defined Networking SDN has changed the network structure by separating the control plane from the data plane. However, this innovation has also increased susceptibility to DDoS attacks. Existing detection techniques are often ineffective due to data imbalance and accurac...

grub2: commands/extcmd: Missing check for failed allocation

A flaw was found in grub2 where the grubextcmddispatcher function calls grubarglistalloc to allocate memory for the grub's argument list. However, it fails to check in case the memory allocation fails. Once the allocation fails, a NULL point will be processed by the parseoption function, leading...

CVE-2025-30011 Multiple vulnerabilities in SAP Supplier Relationship Management (Live Auction Cockpit)

The Live Auction Cockpit in SAP Supplier Relationship Management SRM uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to send an malicious request to the application, which could disclose the internal version details of the affected...

Huawei EulerOS: Security Advisory for freetype (EulerOS-SA-2025-1509)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for grub2 (EulerOS-SA-2025-1518)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2025-1526)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...