Microsoft Azure HDInsight 跨站脚本漏洞

Microsoft Azure HDInsight is a hosted cluster platform provided by Microsoft Corporation, offering managed, full-spectrum, open-source cloud analysis services for businesses. Microsoft Azure HDInsight has a cross-site scripting vulnerability. Attackers utilize this vulnerability to carry out...

CVE-2025-66602

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The web server accepts access by IP address. When a worm that randomly searches for IP addresses intrudes into the network, it could potentially be attacked by the worm. The affected products and versions are ...

Yokogawa FAST/TOOLS 安全漏洞

Yokogawa FAST/TOOLS is a real-time operation management and visualization software developed by Yokogawa Electric Corporation. There are security vulnerabilities in the Yokogawa FAST/TOOLS R9.01 to R10.04 versions. These vulnerabilities stem from the Web server’s acceptance of IP address access;...

Reverse Online Guessing Attacks on PAKE Protocols

Though not yet widely deployed, password-authenticated key exchange PAKE protocols have been the subject of several recent standardization efforts, partly because of their resistance against various guessing attacks, but also because they do not require a public-key infrastructure PKI, making the...

Shor's Harvest Now Decrypt Later

This plugin reports network services that may be vulnerable now to a future attack by adversaries using a cryptographically relevant quantum computer CRQC. Shor's is a theoretical algorithm that leverages the unique ability of quantum computation to do massively parallel calculations developed by...

PT-2026-6984

Name of the Vulnerable Software and Affected Versions Tenda RX3 version 16.03.13.11 Description A stack-based buffer overflow exists in the set qosMib list function located in the /goform/formSetQosBand file. Manipulation of arguments to this function can trigger the overflow, allowing for remote...

PT-2026-7006

Name of the Vulnerable Software and Affected Versions code-projects Contact Management System version 1.0 Description A security flaw exists in the Contact Management System. The issue involves improper authentication due to manipulation of the ID argument within the CRUD Endpoint component. This...

PT-2026-6909

Name of the Vulnerable Software and Affected Versions PHPGurukul Beauty Parlour Management System version 1.1 Description A flaw exists in PHPGurukul Beauty Parlour Management System that allows for SQL injection. This issue is located in the /admin/accepted-appointment.php file. Manipulation of...

Aegis: Towards Governance, Integrity, and Security of AI Voice Agents

With the rapid advancement and adoption of Audio Large Language Models ALLMs, voice agents are now being deployed in high-stakes domains such as banking, customer service, and IT support. However, their vulnerabilities to adversarial misuse still remain unexplored. While prior work has examined...

ShallowJail: Steering Jailbreaks against Large Language Models

Large Language ModelsLLMs have been successful in numerous fields. Alignment has usually been applied to prevent them from harmful purposes. However, aligned LLMs remain vulnerable to jailbreak attacks that deliberately mislead them into producing harmful outputs. Existing jailbreaks are either...

PT-2026-6739

thejshen Globitek CMS 1.4 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'id' GET parameter. Attackers can exploit boolean-based, time-based, and UNION-based SQL injection techniques to potentially extract or modify database information...

Trilium Notes 安全漏洞

Trilium Notes is a hierarchical note-taking application developed by Zadam, the individual developer of this project. It focuses on building large personal knowledge bases. Versions of Trilium Notes prior to 0.101.0 contained security vulnerabilities. These vulnerabilities stemmed from critical...

AlertBERT: A Noise-Robust Alert Grouping Framework for Simultaneous Cyber Attacks

Automated detection of cyber attacks is a critical capability to counteract the growing volume and sophistication of cyber attacks. However, the high numbers of security alerts issued by intrusion detection systems lead to alert fatigue among analysts working in security operations centres SOC,...

Jamming Attacks on the Random Access Channel in 5G and B5G Networks

Random Access Channel RACH jamming poses a critical security threat to 5G and beyond B5G networks. This paper presents an analytical model for predicting the impact of Msg1 jamming attacks on RACH performance. We use the OpenAirInterface OAI open-source user equipment UE to implement a Msg1 jammi...

Semi-Device-Independent Quantum Random Number Generator Resistant to General Attacks

Quantum random number generators QRNGs produce true random numbers based on the inherent randomness of quantum theory, rendering them a foundational segment of quantum cryptography. Distinguished from trusted-device QRNGs whose security depends on characterized devices, semi-device-independent...

WeKan 访问控制错误漏洞

WeKan is an open-source dashboard application developed by WeKan. Versions of WeKan prior to 8.20 contained a security vulnerability related to access control. This vulnerability stemmed from an unknown function in the Attachment Migration component, specifically the file...

WeKan 访问控制错误漏洞

WeKan is an open-source dashboard application developed by WeKan. Versions of WeKan prior to 8.20 contained a security vulnerability related to access control. This vulnerability stemmed from an unknown function in the models/boards.js file within the component’s REST endpoint, which had improper...

WeKan 访问控制错误漏洞

WeKan is an open-source dashboard application developed by WeKan. Versions of WeKan prior to 8.20 contained a security vulnerability related to access control. This vulnerability stemmed from an unknown function in the Attachment Storage component, specifically the file models/attachments.js, whi...

CVE-2023-38010 Multiple Vulnerabilities in IBM Cloud Pak System

IBM Cloud Pak System displays sensitive information in user messages that could aid in further attacks against the system...

BentoML v1.3.9 - Open Redirect

An open redirect vulnerability exists in BentoML v1.3.9, where the file parameter in the /ui/gradioapi/file= endpoint can be manipulated to redirect users to malicious websites. This could facilitate phishing attacks by tricking users into visiting attacker-controlled URLs. id: CVE-2024-12760 inf...