938 matches found
CVE-2025-50738
Summary: CVE-2025-50738 affects the Memos application (up to v0.24.3), where embedding markdown images with arbitrary URLs can trigger automatic image fetches when a memo is viewed, enabling potential information disclosure (IP address, User-Agent, and other request data) to an attacker-controlle...
CVE-2025-50738
The Memos application, up to version v0.24.3, allows for the embedding of markdown images with arbitrary URLs. When a user views a memo containing such an image, their browser automatically fetches the image URL without explicit user consent or interaction beyond viewing the memo. This can be...
CVE-2025-6262 muse.ai video embedding <= 0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via muse-ai Shortcode
The muse.ai video embedding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's muse-ai shortcode in all versions up to, and including, 0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...
CVE-2025-6262 muse.ai video embedding <= 0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via muse-ai Shortcode
The muse.ai video embedding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's muse-ai shortcode in all versions up to, and including, 0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...
SUSE-SU-2025:02368-1 Security update for MozillaThunderbird
This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 128.12 MFSA 2025-55, bsc1244670: - CVE-2025-6424: Use-after-free in FontFaceSet bmo1966423 - CVE-2025-6425: The WebCompat WebExtension shipped exposed a persistent UUID bmo1717672 - CVE-2025-6426: No...
Hashed Watermark As a Filter: Defeating Forging and Overwriting Attacks in Weight-Based Neural Network Watermarking
As valuable digital assets, deep neural networks necessitate robust ownership protection, positioning neural network watermarking NNW as a promising solution. Among various NNW approaches, weight-based methods are favored for their simplicity and practicality; however, they remain vulnerable to...
Multi-Trigger Poisoning Amplifies Backdoor Vulnerabilities in LLMs
Recent studies have shown that Large Language Models LLMs are vulnerable to data poisoning attacks, where malicious training examples embed hidden behaviours triggered by specific input patterns. However, most existing works assume a phrase and focus on the attack's effectiveness, offering limite...
3S-Attack: Spatial, Spectral and Semantic Invisible Backdoor Attack against DNN Models
Backdoor attacks involve either poisoning the training data or directly modifying the model in order to implant a hidden behavior, that causes the model to misclassify inputs when a specific trigger is present. During inference, the model maintains high accuracy on benign samples but misclassifie...
Security update for umoci
This update for umoci fixes the following issues: Update to umoci v0.5.0. Upstream changelog is available from bsc1243388 A security flaw was found in the OCI image-spec, where it is possible to cause a blob with one media-type to be interpreted as a different media-type. As umoci is not a regist...
Defending against Prompt Injection with a Few DefensiveTokens
When large language model LLM systems interact with external data to perform complex tasks, a new attack, namely prompt injection, becomes a significant threat. By injecting instructions into the data accessed by the system, the attacker is able to override the initial user task with an arbitrary...
Phantom Subgroup Poisoning: Stealth Attacks on Federated Recommender Systems
Federated recommender systems FedRec have emerged as a promising solution for delivering personalized recommendations while safeguarding user privacy. However, recent studies have demonstrated their vulnerability to poisoning attacks. Existing attacks typically target the entire user group, which...
CVE-2025-27455
The web application is vulnerable to clickjacking attacks. The site can be embedded into another frame, allowing an attacker to trick a user into clicking on something different from what the user perceives, thus potentially revealing confidential information or allowing others to take control of...
CVE-2025-27455
The web application is vulnerable to clickjacking attacks. The site can be embedded into another frame, allowing an attacker to trick a user into clicking on something different from what the user perceives, thus potentially revealing confidential information or allowing others to take control of...
CVE-2025-27455
The web application is vulnerable to clickjacking attacks. The site can be embedded into another frame, allowing an attacker to trick a user into clicking on something different from what the user perceives, thus potentially revealing confidential information or allowing others to take control of...
firefox: thunderbird: Incorrect parsing of URLs could have allowed embedding of youtube.com
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an embed tag. This could have bypassed website security...
firefox: thunderbird: Incorrect parsing of URLs could have allowed embedding of youtube.com
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an embed tag. This could have bypassed website security...
firefox: thunderbird: Incorrect parsing of URLs could have allowed embedding of youtube.com
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an embed tag. This could have bypassed website security...
firefox: thunderbird: Incorrect parsing of URLs could have allowed embedding of youtube.com
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an embed tag. This could have bypassed website security...
firefox: thunderbird: Incorrect parsing of URLs could have allowed embedding of youtube.com
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an embed tag. This could have bypassed website security...
Security update for MozillaFirefox
This update for MozillaFirefox fixes the following issues: Update to MozillaFirefox 128.12.0 MFSA 2025-23, bsc1244670: CVE-2025-6424: Use-after-free in FontFaceSet CVE-2025-6425: The WebCompat WebExtension shipped with Firefox exposed a persistent UUID CVE-2025-6426: No warning when opening...