Unspecified Vulnerability in Apache HTTP Server (CNVD-2025-30837)

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A security vulnerability exists in Apache HTTP Server versions 2.4.30 through 2.4.66 and earlier, which can be exploited by an...

EUVD-2021-34732

COMMAX CVD-Axx DVR 5.1.4 contains weak default administrative credentials that allow remote password attacks and disclose RTSP stream. Attackers can exploit this by sending a POST request with the 'passkey' parameter set to '1234', allowing them to access the web control panel...

CVE-2025-9612

An issue was discovered in the PCI Express PCIe Integrity and Data Encryption IDE specification, where insufficient guidance on Transaction Layer Packet TLP ordering and tag uniqueness may allow encrypted packets to be replayed or reordered without detection. This can enable local or physical...

CVE-2025-9612

CVE-2025-9612 concerns the PCI Express (PCIe) Integrity and Data Encryption (IDE) specification. The issue is that insufficient guidance on Transaction Layer Packet (TLP) ordering and tag uniqueness may allow encrypted packets to be replayed or reordered without detection, enabling local or physi...

CVE-2025-55129

HackerOne community member Kassem S.kassems94 has reported that username handling in Revive Adserver was still vulnerable to impersonation attacks after the fix for CVE-2025-52672, via several alternate techniques. Homoglyphs based impersonation has been independently reported by other HackerOne...

SqlScanner

SqlScanner SQL Injection Scanner deve...

Opportunistic Pro-Russia Hacktivists Attack US and Global Critical Infrastructure

CISA, in partnership with Federal Bureau of Investigation, the National Security Agency, Department of Energy, Environmental Protection Agency, the Department of Defense Cyber Crime Center, and other international partners published a joint cybersecurity advisory, Pro-Russia Hacktivists Create...

Microsoft SharePoint 跨站脚本漏洞

Microsoft SharePoint is a set of enterprise business collaboration platforms from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A cross-site...

COMMAX CVD-Axx DVR 安全漏洞

COMMAX CVD-Axx DVR is a series of digital video recorders from the Korean company COMMAX. A security vulnerability exists in COMMAX CVD-Axx DVR version 5.1.4, which stems from a weak default credentials issue that could lead to remote password attacks and RTSP stream leaks...

WBCE CMS 安全特征问题漏洞

WBCE CMS is a PHP and MySQL based open source content management system CMS from WBCE CMS Open Source. A security feature issue vulnerability exists in WBCE CMS version 1.6.4 and earlier, which stems from an insecure password generation function that could lead to password prediction or brute for...

PT-2025-49686

Plack-Middleware-Session versions before 0.17 may be vulnerable to HMAC comparison timing attacks...

PT-2025-50237

Name of the Vulnerable Software and Affected Versions COMMAX CVD-Axx DVR version 5.1.4 Description The COMMAX CVD-Axx DVR contains weak default administrative credentials, enabling remote password attacks and disclosure of RTSP streams. An attacker can exploit this by sending a POST request to an...

Siemens Advanced Licensing (SALT) Toolkit

SUMMARY Multiple Siemens products are affected by improper certificate validation in Siemens Advanced Licensing SALT Toolkit. This could allow an unauthenticated remote attacker to perform man in the middle attacks. Siemens has released new versions for several affected products and recommends...

React2Shell: Technical Deep-Dive & In-the-Wild Exploitation of CVE-2025-55182

We break down the exploit mechanics and detail active in-the-wild attacks observed by our team, from credential harvesting to sophisticated cloud backdoors...

A Practical Framework for Evaluating Medical AI Security: Reproducible Assessment of Jailbreaking and Privacy Vulnerabilities across Clinical Specialties

Medical Large Language Models LLMs are increasingly deployed for clinical decision support across diverse specialties, yet systematic evaluation of their robustness to adversarial misuse and privacy leakage remains inaccessible to most researchers. Existing security benchmarks require GPU cluster...

A Comprehensive Study of Supervised Machine Learning Models for Zero-Day Attack Detection: Analyzing Performance on Imbalanced Data

Among the various types of cyberattacks, identifying zero-day attacks is problematic because they are unknown to security systems as their pattern and characteristics do not match known blacklisted attacks. There are many Machine Learning ML models designed to analyze and detect network attacks,...

PT-2025-49343

The WP Landing Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9.3. This is due to missing nonce validation on the 'wplp api update text' function. This makes it possible for unauthenticated attackers to update arbitrary post meta via ...

JEPaaS 授权问题漏洞

JEPaaS is a rapid development platform from China's Kate Weiye JEPaaS. An authorization issue vulnerability exists in JEPaaS 7.2.8 and prior versions, which stems from improper authorization and could lead to remote attacks...

TeleAI-Safety: A Comprehensive LLM Jailbreaking Benchmark Towards Attacks, Defenses, and Evaluations

While the deployment of large language models LLMs in high-value industries continues to expand, the systematic assessment of their safety against jailbreak and prompt-based attacks remains insufficient. Existing safety evaluation benchmarks and frameworks are often limited by an imbalanced...

youlai-mall 安全漏洞

youlai-mall is a full-stack mall system by youlaitech open source. A security vulnerability exists in youlai-mall version 1.0.0 and 2.0.0, which stems from improper control of dynamic variables and may lead to remote attacks...