CVE-2019-25674

CMSsite 1.0 is affected by an SQL injection vulnerability in the post parameter that can be exploited via GET requests to post.php. The vulnerability allows unauthenticated attackers to manipulate database queries, potentially extracting sensitive data or performing time-based blind SQL injection...

[SECURITY] [DSA 6197-1] dovecot security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6197-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 05, 2026 https://www.debian.org/security/faq -...

CoopGuard: Stateful Cooperative Agents Safeguarding LLMs against Evolving Multi-Round Attacks

As Large Language Models LLMs are increasingly deployed in complex applications, their vulnerability to adversarial attacks raises urgent safety concerns, especially those evolving over multi-round interactions. Existing defenses are largely reactive and struggle to adapt as adversaries refine...

Debian dsa-6197 : dovecot-auth-lua - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6197 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6197-1 [email protected] https://www.debian.org/securit...

PT-2026-30483

CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'post' parameter. Attackers can send GET requests to post.php with malicious 'post' values to extract sensitive database information or perfor...

AttackEval: A Systematic Empirical Study of Prompt Injection Attack Effectiveness against Large Language Models

Prompt injection has emerged as a critical vulnerability in large language model LLM deployments, yet existing research is heavily weighted toward defenses. The attack side -- specifically, which injection strategies are most effective and why -- remains insufficiently studied.We address this gap...

Improving ML Attacks on LWE with Data Repetition and Stepwise Regression

The Learning with Errors LWE problem is a hard math problem in lattice-based cryptography. In the simplest case of binary secrets, it is the subset sum problem, with error. Effective ML attacks on LWE were demonstrated in the case of binary, ternary, and small secrets, succeeding on fairly sparse...

Inside the Talos 2025 Year in Review: A discussion on what the data means for defenders

Every year, the Cisco Talos Year in Review captures the patterns shaping the threat landscape. The 2025 report paints a clear picture: Attackers are moving faster than ever, while using identity-related attacks as the primary battleground. To unpack the biggest takeaways and what they mean for...

stb 缓冲区错误漏洞

STB is a publicly available library for C/C++ developed by Sean Barrett. Versions of STB prior to 1.26 contained a buffer error vulnerability. This vulnerability stems from the operation of the stbttbufget8 function in the TTF File Handler component’s stbtruetype.h library, which could lead to...

Cesanta Mongoose 安全漏洞

Cesanta Mongoose is a set of embedded server libraries developed by the Irish company Cesanta. It includes functions for TCP and HTTP clients and servers, as well as WenSocket clients and servers. Versions of Cesanta Mongoose 7.20 and earlier contained security vulnerabilities. These...

Synthetic Trust Attacks: Modeling How Generative AI Manipulates Human Decisions in Social Engineering Fraud

Imagine receiving a video call from your CFO, surrounded by colleagues, asking you to urgently authorise a confidential transfer. You comply. Every person on that call was fake, and you just lost $25 million. This is not a hypothetical. It happened in Hong Kong in January 2024, and it is becoming...

Cesanta Mongoose 安全漏洞

Cesanta Mongoose is a set of embedded server libraries developed by the Irish company Cesanta. It includes functions for TCP and HTTP clients and servers, as well as WenSocket clients and servers. Versions of Cesanta Mongoose 7.20 and earlier contained security vulnerabilities. These...

Vanna 安全漏洞

Vanna is a personalized AI SQL proxy from Vanna Corporation. Versions of vanna 2.0.2 and earlier contained security vulnerabilities. These vulnerabilities were caused by overly lax cross-domain policies implemented in the FastAPI/Flask Server component, which could lead to remote attacks...

stb 缓冲区错误漏洞

STB is a publicly available library for C/C++ developed by Sean Barrett. Versions of STB prior to 1.22 contained a buffer error vulnerability. This vulnerability stemmed from an out-of-bounds write operation in the startdecoder function found in the file stbvorbis.c, which could lead to remote...

Cesanta Mongoose 安全漏洞

Cesanta Mongoose is a set of embedded server libraries developed by the Irish company Cesanta. It includes functions for TCP and HTTP clients and servers, as well as WenSocket clients and servers. Versions of Cesanta Mongoose 7.20 and earlier contained security vulnerabilities. These...

SourceCodester Best Courier Management System 访问控制错误漏洞

SourceCodester Best Courier Management System is an open-source courier management system developed by SourceCodester. Version 1.0 of the SourceCodester Best Courier Management System contains a vulnerability related to access control. This vulnerability stems from improper access control in the...

Vanna 访问控制错误漏洞

Vanna is a personalized AI SQL proxy from Vanna Corporation. Versions of vanna 2.0.2 and earlier contained an access control vulnerability. This vulnerability stemmed from the absence of authentication in the Chat API Endpoint component, which could lead to remote attacks...

A11y MCP Server 代码问题漏洞

A11y MCP Server is a web accessibility testing tool developed by Priyankar Kumar as an individual project. Versions of A11y MCP Server 1.0.5 and earlier contained code vulnerabilities. These vulnerabilities stemmed from a server-side request forgeing vulnerability in the A11yServer function locat...

JLSEC-2026-20

Hyperium Hyper before 0.14.19 does not allow for customization of the maxheaderlistsize method in the H2 third-party software, allowing attackers to perform HTTP2 attacks...

CVE-2026-0522 Local File Inclusion in the File Upload/Download Process

A local file inclusion vulnerability in the upload/download flow of the VertiGIS FM application allows authenticated attackers to read arbitrary files from the server by manipulating a file's path during its upload. When the file is subsequently downloaded, the file in the attacker controlled pat...