PT-2026-6909

Name of the Vulnerable Software and Affected Versions PHPGurukul Beauty Parlour Management System version 1.1 Description A flaw exists in PHPGurukul Beauty Parlour Management System that allows for SQL injection. This issue is located in the /admin/accepted-appointment.php file. Manipulation of...

PT-2026-6739

thejshen Globitek CMS 1.4 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'id' GET parameter. Attackers can exploit boolean-based, time-based, and UNION-based SQL injection techniques to potentially extract or modify database information...

AlertBERT: A Noise-Robust Alert Grouping Framework for Simultaneous Cyber Attacks

Automated detection of cyber attacks is a critical capability to counteract the growing volume and sophistication of cyber attacks. However, the high numbers of security alerts issued by intrusion detection systems lead to alert fatigue among analysts working in security operations centres SOC,...

ShallowJail: Steering Jailbreaks against Large Language Models

Large Language ModelsLLMs have been successful in numerous fields. Alignment has usually been applied to prevent them from harmful purposes. However, aligned LLMs remain vulnerable to jailbreak attacks that deliberately mislead them into producing harmful outputs. Existing jailbreaks are either...

Trilium Notes 安全漏洞

Trilium Notes is a hierarchical note-taking application developed by Zadam, the individual developer of this project. It focuses on building large personal knowledge bases. Versions of Trilium Notes prior to 0.101.0 contained security vulnerabilities. These vulnerabilities stemmed from critical...

Jamming Attacks on the Random Access Channel in 5G and B5G Networks

Random Access Channel RACH jamming poses a critical security threat to 5G and beyond B5G networks. This paper presents an analytical model for predicting the impact of Msg1 jamming attacks on RACH performance. We use the OpenAirInterface OAI open-source user equipment UE to implement a Msg1 jammi...

WeKan 访问控制错误漏洞

WeKan is an open-source dashboard application developed by WeKan. Versions of WeKan prior to 8.20 contained a security vulnerability related to access control. This vulnerability stemmed from an unknown function in the models/boards.js file within the component’s REST endpoint, which had improper...

WeKan 访问控制错误漏洞

WeKan is an open-source dashboard application developed by WeKan. Versions of WeKan prior to 8.20 contained a security vulnerability related to access control. This vulnerability stemmed from an unknown function in the Attachment Migration component, specifically the file...

Semi-Device-Independent Quantum Random Number Generator Resistant to General Attacks

Quantum random number generators QRNGs produce true random numbers based on the inherent randomness of quantum theory, rendering them a foundational segment of quantum cryptography. Distinguished from trusted-device QRNGs whose security depends on characterized devices, semi-device-independent...

WeKan 访问控制错误漏洞

WeKan is an open-source dashboard application developed by WeKan. Versions of WeKan prior to 8.20 contained a security vulnerability related to access control. This vulnerability stemmed from an unknown function in the Attachment Storage component, specifically the file models/attachments.js, whi...

CVE-2023-38010 Multiple Vulnerabilities in IBM Cloud Pak System

IBM Cloud Pak System displays sensitive information in user messages that could aid in further attacks against the system...

BentoML v1.3.9 - Open Redirect

An open redirect vulnerability exists in BentoML v1.3.9, where the file parameter in the /ui/gradioapi/file= endpoint can be manipulated to redirect users to malicious websites. This could facilitate phishing attacks by tricking users into visiting attacker-controlled URLs. id: CVE-2024-12760 inf...

IBM Cloud Pak System 安全漏洞

IBM Cloud Pak System is a fully configurable and pre-integrated software-based, full-stack, integrated infrastructure provided by IBM. This product supports deployment across hybrid cloud environments, as well as management and mobile application scenarios. There is a security vulnerability in IB...

GHSA-5CX4-W4FH-FR57 Moodle Affected by Improper Restriction of Excessive Authentication Attempts

A flaw was found in Moodle. A remote attacker could exploit a lack of proper rate limiting in the confirmation email service. This vulnerability allows attackers to more easily enumerate or guess user credentials, facilitating brute-force attacks against user accounts...

UBUNTU-CVE-2025-67853

A flaw was found in Moodle. A remote attacker could exploit a lack of proper rate limiting in the confirmation email service. This vulnerability allows attackers to more easily enumerate or guess user credentials, facilitating brute-force attacks against user accounts...

EUVD-2025-206748

A flaw was found in Moodle. A remote attacker could exploit a lack of proper rate limiting in the confirmation email service. This vulnerability allows attackers to more easily enumerate or guess user credentials, facilitating brute-force attacks against user accounts...

EUVD-2025-206732

HTML injection vulnerability in NICE Chat. This vulnerability allows an attacker to inject and render arbitrary HTML content in email transcripts by modifying the 'firstName' and 'lastName' parameters during a chat session. The injected HTML is included in the body of the email sent by the system...

Ziroom ZHOME A0101 安全漏洞

Ziroom ZHOME A0101 is a smart home hardware device developed by Ziroom Corporation. The version 1.0.1.0 of Ziroom ZHOME A0101 contains a security vulnerability. This vulnerability stems from the Dropbear SSH Service component using default credentials, which may lead to remote attacks...

PT-2026-5962

Name of the Vulnerable Software and Affected Versions Moodle affected versions not specified Description A flaw exists in Moodle related to insufficient rate limiting within the confirmation email service. This allows attackers to more easily enumerate or guess user credentials, potentially...

CVE-2026-25060 OpenList Insecure TLS Default Configuration

OpenList Frontend is a UI component for OpenList. Prior to 4.1.10, certificate verification is disabled by default for all storage driver communications. The TlsInsecureSkipVerify setting is default to true in the DefaultConfig function in internal/conf/config.go. This vulnerability enables...