CVE-2025-23169

The Versa Director SD-WAN orchestration platform allows customization of the user interface, including the header, footer, and logo. However, the input provided for these customizations is not properly validated or sanitized, allowing a malicious user to inject and store cross-site scripting XSS...

CVE-2025-23169

CVE-2025-23169 affects the Versa Director SD-WAN orchestration platform. The vulnerability stems from unvalidated or unsanitized input used for UI customization (header, footer, logo), enabling a malicious user to inject and store cross-site scripting (XSS) payloads. Exploitation status across so...

ARIANNA: an Automatic Design Flow for Fabric Customization and EFPGA Redaction

In the modern global Integrated Circuit IC supply chain, protecting intellectual property IP is a complex challenge, and balancing IP loss risk and added cost for theft countermeasures is hard to achieve. Using embedded configurable logic allows designers to completely hide the functionality of...

CVE-2024-54451

A cross-site scripting XSS vulnerability in the graphicCustomization.do page in Kurmi Provisioning Suite before 7.9.0.38, 7.10.x through 7.10.0.18, and 7.11.x through 7.11.0.15 allows remote attackers authenticated as system administrators to inject arbitrary web script or HTML via the...

CVE-2023-26686

File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the image upload feature when customizing a shop...

CVE-2022-40841

A cross-site scripting XSS vulnerability in NdkAdvancedCustomizationFields v3.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payloads injected into the "htmlNodes" parameter...

CVE-2022-40842

ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable to Server-side request forgery SSRF via rotateimg.php...

CVE-2022-22257

The customization framework has a vulnerability of improper permission control.Successful exploitation of this vulnerability may affect data integrity...

CVE-2021-24215

An Improper Access Control vulnerability was discovered in the Controlled Admin Access WordPress plugin before 1.5.2. Uncontrolled access to the website customization functionality and global CMS settings, like /wp-admin/customization.php and /wp-admin/options.php, can lead to a complete compromi...

LLM Access Shield: Domain-Specific LLM Framework for Privacy Policy Compliance

Large language models LLMs are increasingly applied in fields such as finance, education, and governance due to their ability to generate human-like text and adapt to specialized tasks. However, their widespread adoption raises critical concerns about data privacy and security, including the risk...

PYSEC-2025-180

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.5.2, any user with the capability manage customizations can edit webhook that will execute javascript code. This can be abused to cause a denial of service attack by prototype...

CVE-2025-26621 OpenCTI vulnerable to Denial of Service through web hook

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.5.2, any user with the capability manage customizations can edit webhook that will execute javascript code. This can be abused to cause a denial of service attack by prototype...

RAR: Setting Knowledge Tripwires for Retrieval Augmented Rejection

Content moderation for large language models LLMs remains a significant challenge, requiring flexible and adaptable solutions that can quickly respond to emerging threats. This paper introduces Retrieval Augmented Rejection RAR, a novel approach that leverages a retrieval-augmented generation RAG...

Exploit for CVE-2025-24203

dirtyZero A simple customization toolbox that utilizes CVE-...

fontawesome-fonts bug fix update

An update is available for fontawesome-fonts. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Font Awesome gives you scalable vector icons that can instantly be...

Cybercriminals Can Now Clone Any Brand's Site in Minutes Using Darcula PhaaS v3

The threat actors behind the Darcula phishing-as-a-service PhaaS platform appear to be readying a new version that allows prospective customers and cyber crooks to clone any brand's legitimate website and create a phishing version, further bringing down the technical expertise required to pull of...

CVE-2025-26620 Duende.AccessTokenManagement race condition when concurrently retrieving customized Client Credentials Access Tokens

Duende.AccessTokenManagement is a set of .NET libraries that manage OAuth and OpenId Connect access tokens. Duende.AccessTokenManagement contains a race condition when requesting access tokens using the client credentials flow. Concurrent requests to obtain an access token using differing protoco...

[SECURITY] Fedora 41 Update: nginx-mod-fancyindex-0.5.2-10.fc41

The Fancy Index module makes possible the generation of file listings, like the built-in autoindex module does, but adding a touch of style. This is possible because the module allows a certain degree of customization of the generated content: Custom headers. Either local or stored remotely. Cust...

CVE-2024-54951

Monica 4.1.2 is vulnerable to Cross Site Scripting XSS. A malicious user can create a malformed contact and use that contact in the "HOW YOU MET" customization options to trigger the XSS...

CVE-2024-54951

Monica 4.1.2 is vulnerable to Cross Site Scripting XSS. A malicious user can create a malformed contact and use that contact in the "HOW YOU MET" customization options to trigger the XSS...