CVE-2025-62661 Do permission checking when getting counts of global and local edits, new articles and thanks

Incorrect Default Permissions vulnerability in The Wikimedia Foundation Mediawiki - Thanks Extension, Mediawiki - Growth Experiments Extension allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Mediawiki - Thanks Extension, Mediawiki - Growth Experiments Extension:...

CVE-2025-62661

The CVE-2025-62661 issue targets Wikimedia Foundation MediaWiki extensions (Thanks Extension and Growth Experiments Extension). The root cause is incorrect default permissions that allow access to functionality not properly constrained by ACLs. Affected products include the Thanks Extension and G...

EUVD-2025-35215

Incorrect Default Permissions vulnerability in The Wikimedia Foundation Mediawiki - Thanks Extension, Mediawiki - Growth Experiments Extension allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Mediawiki - Thanks Extension, Mediawiki - Growth Experiments Extension:...

MediaWiki - Thanks Extension和MediaWiki - Growth Experiments Extension 安全漏洞

MediaWiki - Thanks Extension and MediaWiki - Growth Experiments Extension are both open source MediaWiki products.MediaWiki - Thanks Extension is a thanks extension.MediaWiki - Growth Experiments Extension is a web extension. A security vulnerability exists in MediaWiki - Thanks Extension and...

CVE-2025-62667

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Stored XSS.This issue affects Mediawiki - GrowthExperiments Extension: from master before 1.39...

Mediawiki - GrowthExperiments Extension 安全漏洞

Mediawiki - GrowthExperiments Extension is an extension to MediaWiki designed to increase new user engagement and the quality of content contributions through a task system, a recommendation mechanism and a mentor feature. A cross-site scripting vulnerability exists in Mediawiki - GrowthExperimen...

MLFlow server is exposed to data exfiltration and destruction due to lack of Origin validation

The MLFlow REST server is vulnerable to DNS rebinding attacks, allowing malicious websites to bypass Same-Origin Policy protections and execute unauthorized calls against REST endpoints. Once rebinding is successful, the attacker can: Query for experiments via the 2.0/mlflow/experiments/search...

EUVD-2018-4343

Malware in sbrugna...

EUVD-2025-2840

Malicious code in bioql PyPI...

EUVD-2023-53911

Malicious code in bioql PyPI...

EUVD-2025-2839

Malicious code in bioql PyPI...

EUVD-2025-10825

Malicious code in bioql PyPI...

Bridging Technical Capability and User Accessibility: Off-Grid Civilian Emergency Communication

During large-scale crises disrupting cellular and Internet infrastructure, civilians lack reliable methods for communication, aid coordination, and access to trustworthy information. This paper presents a unified emergency communication system integrating a low-power, long-range network with a...

CVE-2025-10975 GuanxingLu vlarl ZeroMQ reasoning_server.py run_reasoning_server deserialization

A vulnerability was found in GuanxingLu vlarl up to 31abc0baf53ef8f5db666a1c882e1ea64def2997. This vulnerability affects the function experiments.robot.bridge.reasoningserver::runreasoningserver of the file experiments/robot/bridge/reasoningserver.py of the component ZeroMQ. Performing manipulati...

Seeing Is Deceiving: Mirror-Based LiDAR Spoofing for Autonomous Vehicle Deception

Autonomous vehicles AVs rely heavily on LiDAR sensors for accurate 3D perception. We show a novel class of low-cost, passive LiDAR spoofing attacks that exploit mirror-like surfaces to inject or remove objects from an AV's perception. Using planar mirrors to redirect LiDAR beams, these attacks...

ConCap: Practical Network Traffic Generation for Flow-Based Intrusion Detection Systems

Network Intrusion Detection Systems NIDS have been studied in research for almost four decades. Yet, despite thousands of papers claiming scientific advances, a non-negligible number of recent works suggest that the findings of prior literature may be questionable. At the root of such a...

Pentest-scripts

Pentest-scripts Personal repository with offensive secur...

Linux Distros Unpatched Vulnerability : CVE-2023-4018

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Due to improper...

Auto-SGCR: Automated Generation of Smart Grid Cyber Range Using IEC 61850 Standard Models

Digitalization of power grids have made them increasingly susceptible to cyber-attacks in the past decade. Iterative cybersecurity testing is indispensable to counter emerging attack vectors and to ensure dependability of critical infrastructure. Furthermore, these can be used to evaluate...

Rockwell Automation Arena Code Execution Vulnerability

Rockwell Automation Arena is a discrete-event simulation software developed by Rockwell Automation for a wide range of manufacturing, logistics, and service industries. A code execution vulnerability exists in Rockwell Automation Arena, which is caused by out-of-bounds writes to specially crafted...