EUVD-2023-45163

Malicious code in bioql PyPI...

EUVD-2022-27881

Malicious code in bioql PyPI...

CVE-2025-10192 WP Photo Effects <= 1.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The WP Photo Effects plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wppeeffect' shortcode in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...

PT-2025-40468

Name of the Vulnerable Software and Affected Versions WP Photo Effects plugin for WordPress versions prior to 1.2.5 Description The WP Photo Effects plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'wppe effect' shortcode. This is due to inadequate input sanitization...

WordPress plugin Woo superb slideshow transition gallery with random effect SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host personal blog sites on PHP and MySQL based...

WordPress Effect Maker plugin <= 1.2.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Effect Maker versions = 1.2.1...

Linux Distros Unpatched Vulnerability : CVE-2018-17463

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted...

Network Isolation Bypass

github.com/moby/moby is vulnerable to network isolation bypass. The vulnerability is due to Docker failing to re-create iptables rules isolating bridge networks after firewalld reload, which allows an attacker to access all ports of containers across different bridge networks on the same host,...

Optimal Debiased Inference on Privatized Data Via Indirect Estimation and Parametric Bootstrap

We design a debiased parametric bootstrap framework for statistical inference from differentially private data. Existing usage of the parametric bootstrap on privatized data ignored or avoided handling the effect of clamping, a technique employed by the majority of privacy mechanisms. Ignoring th...

OESA-2025-1771 ffmpeg security update

FFmpeg is a complete and free Internet live audio and video broadcasting solution for Linux/Unix. It also includes a digital VCR. It can encode in real time in many formats including MPEG1 audio and video, MPEG4, h263, ac3, asf, avi, real, mjpeg, and flash. Security Fixes: A heap-use-after-free i...

CVE-2025-5318

A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftphandle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in...

Animating zooming using CSS: transform order is important… sometimes

I was using Discord the other day. I tapped to zoom into an image, and it animated in an odd way that I'd seen before. Like this: Notice how it kinda 'swoops' into the wildcat's face, rather than zooming straight in? See how the right-hand side of the cat's head goes out-of-frame, and then back i...

SmartAttack: Air-Gap Attack Via Smartwatches

Air-gapped systems are considered highly secure against data leaks due to their physical isolation from external networks. Despite this protection, ultrasonic communication has been demonstrated as an effective method for exfiltrating data from such systems. While smartphones have been extensivel...

SafeGenes: Evaluating the Adversarial Robustness of Genomic Foundation Models

Genomic Foundation Models GFMs, such as Evolutionary Scale Modeling ESM, have demonstrated significant success in variant effect prediction. However, their adversarial robustness remains largely unexplored. To address this gap, we propose SafeGenes: a framework for Secure analysis of genomic...

PrivATE: Differentially Private Confidence Intervals for Average Treatment Effects

The average treatment effect ATE is widely used to evaluate the effectiveness of drugs and other medical interventions. In safety-critical applications like medicine, reliable inferences about the ATE typically require valid uncertainty quantification, such as through confidence intervals CIs...

CVE-2024-48140

A prompt injection vulnerability in the chatbox of Butterfly Effect Limited Monica Your AI Copilot powered by ChatGPT4 v6.3.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message...

CVE-2024-48142

A prompt injection vulnerability in the chatbox of Butterfly Effect Limited Monica ChatGPT AI Assistant v2.4.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message...

CVE-2022-20548

In setParameter of EqualizerEffect.cpp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2021-24683

The Weather Effect WordPress plugin before 1.3.4 does not have any CSRF checks in place when saving its settings, and do not validate or escape them, which could lead to Stored Cross-Site Scripting issue...

CVE-2019-6677

On BIG-IP versions 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, and 12.1.0-12.1.5, under certain conditions when using custom TCP congestion control settings in a TCP profile, TMM stops processing traffic when processed by an iRule...