Time-Domain Voice Identity Morphing (TD-VIM): A Signal-Level Approach to Morphing Attacks on Speaker Verification Systems

In biometric systems, it is a common practice to associate each sample or template with a specific individual. Nevertheless, recent studies have demonstrated the feasibility of generating "morphed" biometric samples capable of matching multiple identities. These morph attacks have been recognized...

PT-2026-30985

Name of the Vulnerable Software and Affected Versions AVideo versions 26.0 and prior Description The AVideo platform, an open source video platform, has an issue in the PayPal IPN v1 handler located at 'plugin/PayPalYPT/ipn.php'. This handler does not properly deduplicate transactions, which coul...

WWBN AVideo 数据伪造问题漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained a data manipulation vulnerability. This vulnerability stemmed from a lack of transaction deduplication in the PayPal IPN v1 handler, which could allow attackers to...

Emissary 命令注入漏洞

Emissary is a distributed P2P data-driven workflow framework developed by the National Security Agency. Versions of Emissary prior to 8.39.0 contained a command injection vulnerability. This vulnerability stemmed from shell injection points in the GitHub Actions workflow files. User-controlled...

IBM Concert 安全漏洞

IBM Concert is a new tool developed by the American international business company IBM. It utilizes generative AI to assist in managing complex cloud-native applications. Versions of IBM Concert from 1.0.0 to 2.2.0 contained security vulnerabilities. These vulnerabilities stemmed from the creatio...

Security Bulletin: Vulnerabilities in llama_index_core bundled with IBM Fusion, IBM Fusion HCI and Content-Aware Storage.

Summary IBM Fusion, IBM Fusion HCI and Content-Aware Storage includes llamaindexcore which could allow Denial of Service DoS, steal proprietary models, poison cached embeddings, conduct symlink attacks. CVE-2025-5472, CVE-2024-12911, CVE-2024-12704, CVE-2025-5302, CVE-2025-7647. Vulnerability...

SigCorr 0.1.0

SigCorr detects cross-protocol attack chains spanning SS7/MAP, Diameter S6a, and GTPv2-C interfaces in mobile core networks. It performs unified subscriber identity correlation across protocol boundaries to detect multi-stage attacks that single-interface monitors miss. It is written in Java 17 a...

PT-2026-30685

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, Tandoor Recipes allows authenticated users to inject arbitrary tags into recipe step instructions. The bleach.clean sanitizer explicitly whitelists the tag, causing the backend to...

CVE-2019-25674

CMSsite 1.0 contains an SQL injection vulnerability exposed via the post parameter in post.php, allowing unauthenticated attackers to manipulate database queries and extract data or perform time-based blind SQLi. Exploitation details are supported by linked references (e.g., Exploit-DB). CVSS met...

[SECURITY] [DSA 6197-1] dovecot security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6197-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 05, 2026 https://www.debian.org/security/faq -...

CoopGuard: Stateful Cooperative Agents Safeguarding LLMs against Evolving Multi-Round Attacks

As Large Language Models LLMs are increasingly deployed in complex applications, their vulnerability to adversarial attacks raises urgent safety concerns, especially those evolving over multi-round interactions. Existing defenses are largely reactive and struggle to adapt as adversaries refine...

Debian dsa-6197 : dovecot-auth-lua - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6197 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6197-1 [email protected] https://www.debian.org/securit...

PT-2026-30483

CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'post' parameter. Attackers can send GET requests to post.php with malicious 'post' values to extract sensitive database information or perfor...

AttackEval: A Systematic Empirical Study of Prompt Injection Attack Effectiveness against Large Language Models

Prompt injection has emerged as a critical vulnerability in large language model LLM deployments, yet existing research is heavily weighted toward defenses. The attack side -- specifically, which injection strategies are most effective and why -- remains insufficiently studied.We address this gap...

Improving ML Attacks on LWE with Data Repetition and Stepwise Regression

The Learning with Errors LWE problem is a hard math problem in lattice-based cryptography. In the simplest case of binary secrets, it is the subset sum problem, with error. Effective ML attacks on LWE were demonstrated in the case of binary, ternary, and small secrets, succeeding on fairly sparse...

Inside the Talos 2025 Year in Review: A discussion on what the data means for defenders

Every year, the Cisco Talos Year in Review captures the patterns shaping the threat landscape. The 2025 report paints a clear picture: Attackers are moving faster than ever, while using identity-related attacks as the primary battleground. To unpack the biggest takeaways and what they mean for...

Synthetic Trust Attacks: Modeling How Generative AI Manipulates Human Decisions in Social Engineering Fraud

Imagine receiving a video call from your CFO, surrounded by colleagues, asking you to urgently authorise a confidential transfer. You comply. Every person on that call was fake, and you just lost $25 million. This is not a hypothetical. It happened in Hong Kong in January 2024, and it is becoming...

Cesanta Mongoose 安全漏洞

Cesanta Mongoose is a set of embedded server libraries developed by the Irish company Cesanta. It includes functions for TCP and HTTP clients and servers, as well as WenSocket clients and servers. Versions of Cesanta Mongoose 7.20 and earlier contained security vulnerabilities. These...

SourceCodester Best Courier Management System 访问控制错误漏洞

SourceCodester Best Courier Management System is an open-source courier management system developed by SourceCodester. Version 1.0 of the SourceCodester Best Courier Management System contains a vulnerability related to access control. This vulnerability stems from improper access control in the...

stb 缓冲区错误漏洞

STB is a publicly available library for C/C++ developed by Sean Barrett. Versions of STB prior to 1.26 contained a buffer error vulnerability. This vulnerability stems from the operation of the stbttbufget8 function in the TTF File Handler component’s stbtruetype.h library, which could lead to...