Open5GS 安全漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities. These vulnerabilities stem from a null pointer dereferencing in the smfnsmfhandlecreatedatainhsm...

Microsoft Edge 安全漏洞

Microsoft Edge is a web browser included with Windows 10 and later versions from Microsoft. There are security vulnerabilities in Microsoft Edge. Attackers use these vulnerabilities to carry out phishing attacks...

OSK ATBroker Registry Security Scanner

This program is a defensive Windows security scanner designed to inspect registry locations related to On-Screen Keyboard osk.exe and Accessibility/ATBroker configuration, which are sometimes abused in privilege escalation or persistence attacks...

Guaranteed Jailbreaking Defense Via Disrupt-And-Rectify Smoothing

This paper proposes a guaranteed defense method for large language models LLMs to safeguard against jailbreaking attacks. Drawing inspiration from the denoised-smoothing approach in the adversarial defense domain, we propose a novel smoothing-based defense method, termed Disrupt-and-Rectify...

Janus: Compiler-Based Defense against Transient Execution Attacks Using ARM Hardware Primitives

We present Janus, a compiler-based security framework that mitigates transient execution attacks like Spectre and control-flow hijacking on ARM64 platforms. Janus integrates speculative execution and control flow dependencies with PA modifiers, using PA and BTI microarchitectural features to...

Re-Triggering Safeguards within LLMs for Jailbreak Detection

This paper proposes a jailbreaking prompt detection method for large language models LLMs to defend against jailbreak attacks. Although recent LLMs are equipped with built-in safeguards, it remains possible to craft jailbreaking prompts that bypass them. We argue that such jailbreaking prompts ar...

LITMUS: Benchmarking Behavioral Jailbreaks of LLM Agents in Real OS Environments

The rapid proliferation of LLM-based autonomous agents in real operating system environments introduces a new category of safety risk beyond content safety: behavior jailbreak, where an adversary induces an agent to execute dangerous OS-level operations with irreversible consequences. Existing...

EUVD-2021-34781

Rocket LMS 1.1 contains a persistent cross-site scripting vulnerability in the support ticket module that allows authenticated users to inject malicious script code through the title parameter. Attackers can submit support tickets with embedded HTML/JavaScript payloads that execute in the browser...

cybersec-hw2

cybersec-hw2 Homework 2 for Introduction to Computer Securi...

Canias ERP 安全漏洞

Canias ERP is a comprehensive management system developed by the Swiss company Canias, covering enterprise resource planning and business process management. Version 8.03 of Canias ERP contains a security vulnerability. This vulnerability stems from an improper authorization in the function...

Open5GS 安全漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities. These vulnerabilities stem from a function in the SMF component file/src/smf/n4-build.c called...

Devs Palace ERP Online 跨站脚本漏洞

Devs Palace ERP Online is a cloud-based enterprise resource planning and business management system developed by Devs Palace. Versions of Devs Palace ERP Online 4.0.0 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from an unknown function in the...

Open5GS 安全漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for Lte/Nr networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities. These vulnerabilities stem from a function in the delete Endpoint component called...

CodeAstro Online Catering Ordering System 注入漏洞

The CodeAstro Online Catering Ordering System is an online catering ordering system developed by CodeAstro Corporation. Version 1.0 of the CodeAstro Online Catering Ordering System has a SQL injection vulnerability. This vulnerability stems from the handling of parameter IDs in the...

EFM ipTIME A8004T 缓冲区错误漏洞

The EFM ipTIME A8004T is a wireless router produced by the South Korean company EFM. The version 14.18.2 of the EFM ipTIME A8004T contains a buffer error vulnerability. This vulnerability stems from an stack buffer overflow issue in the formWifiBasicSet function within the file/goform/WifiBasicSe...

Canias ERP 授权问题漏洞

Canias ERP is a comprehensive management system developed by the Swiss company Canias, covering enterprise resource planning and business process management. Version 8.03 of Canias ERP contains an authorization vulnerability. This vulnerability stems from the parameter clientVersion in the Login...

Devs Palace ERP Online 跨站脚本漏洞

Devs Palace ERP Online is a cloud-based enterprise resource planning and business management system developed by Devs Palace. Versions of Devs Palace ERP Online 4.0.0 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from an unknown function in the...

PT-2026-39523

CyberPanel 2.1 contains a command execution vulnerability that allows authenticated attackers to read arbitrary files and execute remote code by exploiting symlink attacks through the filemanager controller endpoint. Attackers can manipulate the completeStartingPath parameter in POST requests to...

Canias ERP 安全漏洞

Canias ERP is a comprehensive management system developed by the Swiss company Canias, covering enterprise resource planning and business process management. Version 8.03 of Canias ERP contains a security vulnerability. This vulnerability stems from observed differences in the response of the...

AgentShield: Deception-Based Compromise Detection for Tool-Using LLM Agents

Defenses against indirect prompt injection IPI in tool-using LLM agents share two structural weaknesses. First, they all attempt to prevent attacks rather than detect the compromises that slip through. Second, they have only been evaluated in English, leaving users of low-resource languages such ...