MultiFuzz: a Dense Retrieval-Based Multi-Agent System for Network Protocol Fuzzing

Traditional protocol fuzzing techniques, such as those employed by AFL-based systems, often lack effectiveness due to a limited semantic understanding of complex protocol grammars and rigid seed mutation strategies. Recent works, such as ChatAFL, have integrated Large Language Models LLMs to guid...

PT-2025-33845 · Flaskblog · Flaskblog

Name of the Vulnerable Software and Affected Versions: flaskBlog versions 2.8.0 and earlier Description: The application checks the userRole for "admin" privileges only when accessing the /admin page, but not its subroutes. Specifically, the check is performed in routes/adminPanel.py, but not in...

CVE-2025-7649

The Surbma | Recent Comments Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'recent-comments' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

Linux Distros Unpatched Vulnerability : CVE-2024-24685

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple stack-based buffer overflow vulnerabilities exist in the readOFF functionality of libigl v2.5.0. A specially crafted .off file can lead to stack-based...

CVE-2025-49056

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in shen2 多说社会化评论框 duoshuo allows Reflected XSS.This issue affects 多说社会化评论框: from n/a through = 1.2...

CVE-2025-7649

The Surbma | Recent Comments Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'recent-comments' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2025-7649

CVE-2025-7649 affects the WordPress plugin Surbma | Recent Comments Shortcode. The vulnerability is a Stored Cross‑Site Scripting (XSS) via the plugin's recent-comments shortcode in all versions up to and including 2.0. An attacker with at least a contributor‑level account can inject arbitrary sc...

CVE-2025-7649 Surbma | Recent Comments Shortcode <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Surbma | Recent Comments Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'recent-comments' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2025-7649 Surbma | Recent Comments Shortcode <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Surbma | Recent Comments Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'recent-comments' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

WordPress plugin Surbma | Recent Comments Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...

WordPress Surbma | Recent Comments Shortcode plugin <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by muhammad yudha in WordPress Plugin Surbma | Recent Comments Shortcode versions = 2.0...

CVE-2025-49056 WordPress 多说社会化评论框 Plugin <= 1.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in shen2 多说社会化评论框 duoshuo allows Reflected XSS.This issue affects 多说社会化评论框: from n/a through = 1.2...

FreeBSD : PostgreSQL -- vulnerabilities (fc048b51-7909-11f0-90a2-6cc21735f730)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the fc048b51-7909-11f0-90a2-6cc21735f730 advisory. PostgreSQL project reports: Tighten security checks in planner estimation functions. Prevent...

PostgreSQL -- vulnerabilities

PostgreSQL project reports: Tighten security checks in planner estimation functions. Prevent pgdump scripts from being used to attack the user running the restore. Convert newlines to spaces in names included in comments in pgdump output...

WordPress 多说社会化评论框 Plugin <= 1.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nguyen Xuan Chien Patchstack Alliance in WordPress Plugin 多说社会化评论框 versions = 1.2...

[SECURITY] Fedora 42 Update: reposurgeon-5.3-1.fc42

Reposurgeon enables risky operations that version-control systems don't want to let you do, such as editing past comments and metadata and removing commits. It works with any version control system that can export and import git fast-import streams, including git, hg, fossil, bzr, CVS and RCS. It...

GitLab Enterprise Edition 安全漏洞

GitLab Enterprise Edition EE is a content management system from the American company GitLab. A security vulnerability exists in GitLab Enterprise Edition versions prior to 17.0 through 18.0.5, versions prior to 18.1 through 18.1.3, and versions prior to 18.2 through 18.2.1, which stems from the...

CVE-2015-10133 Subscribe to Comments <= 2.1.2 - Local File Includion

The Subscribe to Comments for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.1.2 via the Path to header value. This allows authenticated attackers, with administrative privileges and above, to include and execute arbitrary files on the server, allowing the...

WordPress plugin Subscribe to Comments security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

PT-2025-30125 · WordPress · Subscribe To Comments For Wordpress

Name of the Vulnerable Software and Affected Versions: Subscribe to Comments for WordPress versions prior to 2.1.3 Description: The Subscribe to Comments for WordPress is susceptible to a Local File Inclusion issue via the Path to header value. Authenticated attackers with administrative privileg...