AVM FRITZ!Box 7530 AX - Unauthorized Access

An access control issue in the component /juisboxinfo.xml of AVM FRITZ!Box 7530 AX v7.59 allows attackers to obtain sensitive information without authentication. id: CVE-2024-54767 info: name: AVM FRITZ!Box 7530 AX - Unauthorized Access author: DhiyaneshDK severity: high description: | An access...

Wordpress Multiple Themes - Reflected Cross-Site Scripting

All of the above Aapna WordPress theme through 1.3, Anand WordPress theme through 1.2, Anfaust WordPress theme through 1.1, Arendelle WordPress theme before 1.1.13, Atlast Business WordPress theme through 1.5.8.5, Bazaar Lite WordPress theme before 1.8.6, Brain Power WordPress theme through 1.2,...

UBUNTU-CVE-2025-55664

A heap buffer overflow in the m2tsdmxsendpacket function filters/dmxm2ts.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

PT-2026-45416

A NULL pointer dereference in the gf ac4 pres b 4 back channels present function /media tools/av parsers.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted AC4 file...

CVE-2025-60485

A segmentation violation in the gfisomapplesettagex function /isomedia/isomwrite.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

PT-2026-45415

A NULL pointer dereference in the gf odf ac4 cfg dsi v1 function /odf/descriptors.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted AC4 file...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining Interim Fix for May 2026

Summary Multiple vulnerabilities were addressed in IBM Process Mining 2.1.1 IF002 Vulnerability Details CVEID:CVE-2026-41607 DESCRIPTION: Out-of-bounds Read vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which...

DEBIAN-CVE-2025-70116

A NULL pointer dereference in GPAC MP4Box: when parsing certain truncated MP4 files, an unknown/invalid stsd entry can result in missing descriptor fields e.g., codec/mime/profile strings. gfmediamapesd then calls strlen on a NULL pointer, triggering a crash ASan SEGV...

CVE-2026-45983

In the Linux kernel, the following vulnerability has been resolved: nfsd: never defer requests during idmap lookup During v4 request compound arg decoding, some ops e.g. SETATTR can trigger idmap lookup upcalls. When those upcall responses get delayed beyond the allowed time limit, cachecheck wil...

PT-2026-44037

Name of the Vulnerable Software and Affected Versions GPAC MP4Box affected versions not specified Description A NULL pointer dereference occurs when parsing certain truncated MP4 files. An unknown or invalid stsd entry can lead to missing descriptor fields, such as codec, mime, or profile strings...

Evolving Skill-Structured Attack Memory Enhances LLM Jailbreaking

Jailbreak attacks on large language models LLMs aim to induce LLMs to produce content that they are expected to refuse. Automated black-box jailbreak generation is especially important for safety evaluation, where the attacker observes only model outputs and needs to automatically search for...

MonitorsFour-Write-UP

MonitorsFour-Write-UP Hack The Box MonitorsFour is an Easy-rat...

PT-2026-43380

A security vulnerability has been detected in GPAC up to 2.4.0. Affected by this issue is the function Media GetSample of the file src/isomedia/media.c of the component MP4Box. Such manipulation of the argument cat leads to memory leak. The attack can only be performed from a local environment. T...

MRMMIA: Membership Inference Attacks on Memory in Chat Agents

Membership inference attacks MIAs test whether a target data record belongs to a system's private data, and have become a standard tool to measure privacy leakage in machine learning systems. Prior work has primarily focused on training corpora or retrieval databases. However, MIAs against agent...

CVE-2026-41071

A flaw was found in libheif, a library for decoding and encoding HEIF High Efficiency Image File Format and AVIF files. A remote attacker could exploit this vulnerability by providing a specially crafted HEIF sequence file. When parsing the file, if the saiz sample auxiliary information box...

CVE-2026-9393

A vulnerability was found in H3C Magic B0 up to 100R002. This affects the function EditBasicSSID5G of the file /goform/aspForm. Performing a manipulation of the argument param results in buffer overflow. The attack may be initiated remotely. The exploit has been made public and could be used. The...

CVE-2023-54349

AmazCart CMS 3.4 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting payloads through the search functionality. Attackers can enter script tags in the search box to execute arbitrary JavaScript that fires when...

programming-for-penetration-testing-buffer-overflow-exploit

Buffer Overflow Exploit in Ruby Overview This project was...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the SampleAuxInfoReader constructor when parsing a specially crafted HEIF sequence file containing a saiz box that declares more samples than exist in the track's chunk table. An attacker can cause a heap buffer...

DEBIAN-CVE-2026-41071

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box declares more samples than actually exist in the track's chunk table causes a heap-buffer-overflow out-of-bounds read in the SampleAuxInfoReader constructor. T...