Asymmetry by Design: Boosting Cyber Defenders with Differential Access to AI

As AI-enabled cyber capabilities become more advanced, we propose "differential access" as a strategy to tilt the cybersecurity balance toward defense by shaping access to these capabilities. We introduce three possible approaches that form a continuum, becoming progressively more restrictive for...

WordPress plugin Gearside Developer Dashboard 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-23254 · WordPress · Gearside Developer Dashboard

Name of the Vulnerable Software and Affected Versions: Gearside Developer Dashboard WordPress plugin versions 1.0.72 and earlier Description: The issue arises from the plugin not sanitizing and escaping a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...

CVE-2025-5326

A vulnerability was found in zhilink 智互联深圳科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0 and classified as critical. Affected by this issue is some unknown functionality of the file /adpweb/wechat/verifyToken/. The manipulation leads to deserialization. The attack may be launched remotel...

CVE-2025-5325

A vulnerability has been found in zhilink 智互联深圳科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /adpweb/a/ica/api/service/rfa/testService. The manipulation leads to improper neutralization of...

CVE-2025-5325

A vulnerability has been found in zhilink 智互联深圳科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /adpweb/a/ica/api/service/rfa/testService. The manipulation leads to improper neutralization of...

CVE-2025-5326 zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 verifyToken deserialization

A vulnerability was found in zhilink 智互联深圳科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0 and classified as critical. Affected by this issue is some unknown functionality of the file /adpweb/wechat/verifyToken/. The manipulation leads to deserialization. The attack may be launched remotel...

CVE-2025-5326 zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 verifyToken deserialization

A vulnerability was found in zhilink 智互联深圳科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0 and classified as critical. Affected by this issue is some unknown functionality of the file /adpweb/wechat/verifyToken/. The manipulation leads to deserialization. The attack may be launched remotel...

WordPress Minimal Share Buttons plugin <= 1.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via align Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Minimal Share Buttons versions = 1.7.3...

MINI-QF3F-9GPG-5MG7

Bulletin has no description...

Zhilink ADP Application Developer Platform 安全漏洞

Zhilink ADP Application Developer Platform is an application development platform from Zhilink, which provides one-stop development tools and environment to support rapid building and deployment of enterprise-level applications. A security vulnerability exists in Zhilink ADP Application Developer...

WordPress Smash Balloon Instagram Feed plugin <= 6.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via `data-plugin` Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via data-plugin Attribute vulnerability discovered by Asaf Mozes in WordPress Plugin Instagram Feed versions = 6.9.0...

Apple Blocks $9 Billion in Fraud Over 5 Years Amid Rising App Store Threats

Apple on Tuesday revealed that it prevented over $9 billion in fraudulent transactions in the last five years, including more than $2 billion in 2024 alone. The company said the App Store is confronted by a wide range of threats that seek to defraud users in various ways, ranging from "deceptive...

CVE-2025-5271

Previewing a response in Devtools ignored CSP headers, which could have allowed content injection attacks. This vulnerability affects Firefox 139 and Thunderbird 139...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox prior to version 139, which stems from an omission of the CSP header when previewing responses in Devtools, which could lead to a content injection...

CVE-2024-21133

Vulnerability in the Oracle Reports Developer product of Oracle Fusion Middleware component: Servlet. Supported versions that are affected are 12.2.1.4.0 and 12.2.1.19.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Reports...

CVE-2024-5257

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Developer user with admincomplianceframework custom role may have been able to modify the URL for a group namespace...

CVE-2024-28034

Cross-site scripting vulnerability exists in Mini Thread Version 3.33βi. An arbitrary script may be executed on the web browser of the user accessing the website that uses the product. Note that the developer was unreachable, therefore, users should consider stop using Mini Thread Version 3.33βi...

CVE-2024-5067

An issue was discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where certain project-level analytics settings could be leaked in DOM to group members with Developer or higher roles...

CVE-2024-26018

Cross-site scripting vulnerability exists in TvRock 0.9t8a. An arbitrary script may be executed on the web browser of the user accessing the website that uses the product. Note that the developer was unreachable, therefore, users should consider stop using TvRock 0.9t8a...