WordPress 3D Viewer – 3D Model Viewer – Augmented Reality – Virtual Try On plugin <= 2.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Plugin Settings Modification vulnerability discovered by Legion Hunter in WordPress Plugin 3D Viewer – 3D Model Viewer – Augmented Reality – Virtual Try On versions = 2.0.1...

Apple多款产品 安全漏洞

Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Apple VisionOS is an operating system designed for AR glasses. Several Apple products have security...

Apple多款产品 安全漏洞

Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Apple VisionOS is an operating system designed for AR glasses. Several Apple products have security...

UNSEEN: A Cross-Stack LLM Unlearning Defense against AR-LLM Social Engineering Attacks

Emerging AR-LLM-based Social Engineering attack e.g., SEAR is at the edge of posing great threats to real-world social life. In such AR-LLM-SE attack, the attacker can leverage AR Augmented Reality glass to capture the image and vocal information of the target, using the LLM to identify the targe...

XREAL Nebula App 安全漏洞

The XREAL Nebula App is an application designed for XREAL’s augmented reality devices. Versions of the XREAL Nebula App 3.2.1 and earlier contained security vulnerabilities. These vulnerabilities stemmed from improper handling of parameters such as accessKey, secretAccessKey, and securityToken in...

CVE-2021-31882

A vulnerability has been identified in Capital Embedded AR Classic 431-422 All versions, Capital Embedded AR Classic R20-11 All versions V2303. The DHCP client application does not validate the length of the Domain Name Server IP options 0x06 when processing DHCP ACK packets. This may lead to...

EUVD-2025-179333

Malicious code in deneb-multiverse-augmentedreality-phoenix npm...

EUVD-2025-175601

Malicious code in webdriver-mocha-scripts-hadron-augmentedreality npm...

EUVD-2025-180245

Malicious code in augmentedreality-frontend-cz-conventional-changelog-neptunology npm...

EUVD-2025-179812

Malicious code in ceres-augmentedreality-iota-transport npm...

EUVD-2025-179016

Malicious code in europa-augmentedreality-redgiant-halley npm...

EUVD-2025-180065

Malicious code in biohacking-release-it-augmentedreality-janus npm...

MAL-2025-185643 Malicious code in augmentedreality-frontend-cz-conventional-changelog-neptunology (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7f8670d124ec65024366529e678d71c9c6e75aef3c338716d5991bb1f5d1af36 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-180246

Malicious code in augmentedreality-fetch-gravity-hawkingradiation npm...

EUVD-2025-177924

Malicious code in mechatronics-augmentedreality-hapi-jupiter npm...

EUVD-2025-180241

Malicious code in augmentedreality-version-wavefunction-spawn npm...

EUVD-2025-177520

Malicious code in npm-global-sublimation-augmentedreality npm...

EUVD-2025-180243

Malicious code in augmentedreality-update-tethys-dynamo npm...

EUVD-2025-176929

Malicious code in publish-antimatter-augmentedreality-hawkingradiation npm...

EUVD-2025-179147

Malicious code in enceladus-oortcloud-augmentedreality-cosmicsilence npm...