3789 matches found
CVE-2025-46296
An authorization bypass vulnerability in FileMaker Server Admin Console allowed administrator roles with minimal privileges to access administrative features such as viewing license details and downloading application logs. This vulnerability has been fully addressed in FileMaker Server 22.0.4...
EUVD-2025-203725
In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Ensure XFD state on signal delivery Sean reported 1 the following splat when running KVM tests: WARNING: CPU: 232 PID: 15391 at xfdvalidatestate+0x65/0x70 Call Trace: fpuclearuserstates+0x9c/0x100...
PT-2025-51764
Name of the Vulnerable Software and Affected Versions Apache Commons Text versions prior to 1.10.0 FileMaker Server versions prior to 22.0.4 Description Apache Commons Text versions prior to 1.10.0 contain interpolation features that could be exploited when applications process untrusted input...
Behavior-Aware and Generalizable Defense against Black-Box Adversarial Attacks for ML-Based IDS
Machine learning based intrusion detection systems are increasingly targeted by black box adversarial attacks, where attackers craft evasive inputs using indirect feedback such as binary outputs or behavioral signals like response time and resource usage. While several defenses have been proposed...
PHANTOM: Progressive High-Fidelity Adversarial Network for Threat Object Modeling
The scarcity of cyberattack data hinders the development of robust intrusion detection systems. This paper introduces PHANTOM, a novel adversarial variational framework for generating high-fidelity synthetic attack data. Its innovations include progressive training, a dual-path VAE-GAN...
EUVD-2025-202928
LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, there is no handler for JSON parsing errors; SyntaxError from express.json includes user input in the error message, which gets reflected in responses. User input including HTML/JavaScript can be exposed in error...
CVE-2025-42875
The SAP Internet Communication Framework does not conduct any authentication checks for features that need user identification allowing an attacker to reuse authorization tokens, violating secure authentication practices causing low impact on Confidentiality, Integrity and Availability of the...
Oracle Linux 10 / 9 : Unbreakable Enterprise kernel (ELSA-2025-28040)
The remote Oracle Linux 10 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-28040 advisory. - netfilter: nftables: reject duplicate device on updates Pablo Neira Ayuso Orabug: 38712798 CVE-2025-38678 - ice: fix using untrusted value of...
EUVD-2025-201958
Insertion of Sensitive Information Into Sent Data vulnerability in averta Shortcodes and extra features for Phlox theme auxin-elements allows Retrieve Embedded Sensitive Data.This issue affects Shortcodes and extra features for Phlox theme: from n/a through = 2.17.12...
EUVD-2025-201852
The SAP Internet Communication Framework does not conduct any authentication checks for features that need user identification allowing an attacker to reuse authorization tokens, violating secure authentication practices causing low impact on Confidentiality, Integrity and Availability of the...
CVE-2025-42875
The SAP Internet Communication Framework does not conduct any authentication checks for features that need user identification allowing an attacker to reuse authorization tokens, violating secure authentication practices causing low impact on Confidentiality, Integrity and Availability of the...
CVE-2025-63071 WordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.15 - Sensitive Data Exposure vulnerability
Insertion of Sensitive Information Into Sent Data vulnerability in averta Shortcodes and extra features for Phlox theme auxin-elements allows Retrieve Embedded Sensitive Data.This issue affects Shortcodes and extra features for Phlox theme: from n/a through = 2.17.15...
Exposing Vulnerabilities in Counterfeit Prevention Systems Utilizing Physically Unclonable Surface Features
Counterfeit products pose significant risks to public health and safety through infiltrating untrusted supply chains. Among numerous anti-counterfeiting techniques, leveraging inherent, unclonable microscopic irregularities of paper surfaces is an accurate and cost-effective solution. Prior work ...
Amazon Linux 2023 : bpftool6.12, kernel6.12, kernel6.12-devel (ALAS2023-2025-1316)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1316 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: essiv - Check ssize for decryption and in-place encryption CVE-2025-40019 In the Linux kernel, the following...
Memos 安全漏洞
Memos is a Memos open source open source hosted meme center with knowledge management and social features. A security vulnerability exists in Memos version v0.25.2, which stems from improper access control of the Identity Provider service and could lead to account takeover or denial of service...
awesome-burp-extensions
This is a curated list of Burp Extensions, a collection of user-submitted plugins for the Burp Suite web application security testing tool. The repository is maintained under a CC0 1.0 Universal license, allowing for the permanent relinquishment of copyright and related rights to the works...
Deep Reinforcement Learning for Phishing Detection with Transformer-Based Semantic Features
Phishing is a cybercrime in which individuals are deceived into revealing personal information, often resulting in financial loss. These attacks commonly occur through fraudulent messages, misleading advertisements, and compromised legitimate websites. This study proposes a Quantile Regression De...
CVE-2025-66238
DCIM dcTrack allows an attacker to misuse certain remote access features. An authenticated user with access to the appliance's virtual console could exploit these features to redirect network traffic, potentially accessing restricted services or data on the host machine...
EUVD-2025-201312
DCIM dcTrack allows an attacker to misuse certain remote access features. An authenticated user with access to the appliance's virtual console could exploit these features to redirect network traffic, potentially accessing restricted services or data on the host machine...
Adobe Experience Manager (AEM) Sling Login Panel Detected
This plugin detects the presence of the Adobe Experience Manager AEM Sling Login panel on a web application. The Sling Login panel is part of the Apache Sling framework used by AEM for content delivery and management, providing authentication and access control features. No source data...