440 matches found
JavaDeserH2HC
This repository contains sample codes for the Hackers to Hackers Conference magazine 2017 H2HC. The codes are designed to demonstrate various exploitation techniques, specifically focusing on Java deserialization vulnerabilities. The primary vulnerability class/vector targeted is Java...
Sensitive Information Disclosure
io.projectreactor.netty:reactor-netty-http is vulnerable to Sensitive Information Disclosure. The vulnerability is due to credential leakage caused by the HTTP client leaking credentials during chained redirects when explicitly configured to follow redirects...
Reactor Netty HTTP is vulnerable to credential leaks during chained redirects
In some specific scenarios with chained redirects, Reactor Netty HTTP client leaks credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects...
GHSA-4Q2V-9P7V-3V22 Reactor Netty HTTP is vulnerable to credential leaks during chained redirects
In some specific scenarios with chained redirects, Reactor Netty HTTP client leaks credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects...
CVE-2025-22227
In some specific scenarios with chained redirects, Reactor Netty HTTP client leaks credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects...
CVE-2025-22227
CVE-2025-22227 is described in the initial document as a vulnerability where, in specific scenarios with chained redirects, the Reactor Netty HTTP client leaks credentials if the HTTP client is explicitly configured to follow redirects. The connected IBM bulletins list CVE-2025-22227 among a larg...
CVE-2025-22227 CVE-2025-22227: Authentication Leak On Redirect With Reactor Netty HTTP Client
In some specific scenarios with chained redirects, Reactor Netty HTTP client leaks credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects...
Reactor Netty 安全漏洞
Reactor Netty is a non-blocking and backpressure-ready TCP/HTTP/UDP/QUIC client and server based on the Netty framework. A security vulnerability exists in Reactor Netty that stems from the Reactor Netty HTTP client disclosing credentials in certain specific scenarios of chained redirection...
PT-2025-29713
Name of the Vulnerable Software and Affected Versions Reactor Netty HTTP client affected versions not specified Description In specific scenarios involving chained redirects, the Reactor Netty HTTP client is susceptible to credential leakage. This issue occurs when the HTTP client is explicitly...
Bridging AI and Software Security: a Comparative Vulnerability Assessment of LLM Agent Deployment Paradigms
Large Language Model LLM agents face security vulnerabilities spanning AI-specific and traditional software domains, yet current research addresses these separately. This study bridges this gap through comparative evaluation of Function Calling architecture and Model Context Protocol MCP deployme...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from queuing only chained jobs when the HCI work queue is empty...
TimeWak: Temporal Chained-Hashing Watermark for Time Series Data
Synthetic time series generated by diffusion models enable sharing privacy-sensitive datasets, such as patients' functional MRI records. Key criteria for synthetic data include high data utility and traceability to verify the data source. Recent watermarking methods embed in homogeneous latent...
CVE-2025-24701
Server-Side Request Forgery SSRF vulnerability in Bob Chained Quiz chained-quiz allows Server Side Request Forgery.This issue affects Chained Quiz: from n/a through = 1.3.2.9...
CVE-2024-37921
Missing Authorization vulnerability in Kiboko Labs Chained Quiz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chained Quiz: from n/a through 1.3.2.8...
CVE-2024-37446
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Kiboko Labs Chained Quiz allows Stored XSS.This issue affects Chained Quiz: from n/a through 1.3.2.8...
CVE-2023-25027
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Kiboko Labs Chained Quiz plugin = 1.3.2.5 versions...
CVE-2022-4212
The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'ipf' parameter on the 'chainedquizlist' page in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
CVE-2022-4216
The Chained Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'facebookappid' parameter in versions up to, and including, 1.3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative...
CVE-2022-4210
The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dnf' parameter on the 'chainedquizlist' page in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
CVE-2022-4218
The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the listquizzes function. This makes it possible for unauthenticated attackers to delete quizzes and copy quizzes via a forged...