Malicious code in @zalastax/nolb-hai (npm)

The package @zalastax/nolb-hai was found to contain malicious code...

MAL-2025-11878 Malicious code in @zalastax/nolb-hai (npm)

The package @zalastax/nolb-hai was found to contain malicious code...

WordPress LiteSpeed Cache Plugin <= 5.7 is vulnerable to Cross Site Scripting (XSS)

Software LiteSpeed Cache Type Plugin Vulnerable versions = 5.7 Fixed in 5.7.0.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-40000 Patch priority High CVSS severity High 8.3 Developer Hai Zheng / Lite Speed Cache PSID 61e99b6b8264 Credits Rafie Muhammad Patchsta...

HackerOne: LLM01: Invisible Prompt Injection

The report described a vulnerability in Hai's system involving invisible prompt injection via Unicode tag characters. The vulnerability allowed the submission of a test report with a fake report containing hidden characters, which could be used to inject prompts into the system's responses. The...

HackerOne: LLM03: Training Data Poisoning via ASCII decoding

Vulnerability description not provided...

hai-kongress.de Cross Site Scripting vulnerability OBB-3730104

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

WordPress LiteSpeed Cache Plugin <= 5.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software LiteSpeed Cache Type Plugin Vulnerable versions = 5.3 Fixed in 5.3.1 OWASP Top 10 A6: Security Misconfiguration Classification Cross Site Request Forgery CSRF CVE CVE-2022-46800 Patch priority Low CVSS severity Low 5.4 Developer Hai Zheng / Lite Speed Cache PSID 9f42f7c99015 Credits...

hai-hai.jp Cross Site Scripting vulnerability OBB-1449290

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Generalized SQL Injection Vulnerability in Abilify Multiservice Smart Gateway

Abilify Multi-service Smart Gateway is a product of Beijing Hai Rui Xing Ye Technology Co. A generic SQL injection vulnerability exists in Abilify Multi-service Smart Gateway. It allows attackers to utilize common SQL injection tools to obtain sensitive database information...

php using Shell. Application to program execution-vulnerability warning-the black bar safety net

On the use of the Shell. Application to execute the program in Hai Duong to the top of the asp Trojan is with an example. With ShellExecute this method. Today tried it with the open also can. the php code is as follows, I feel like I haven't in the php webshell to see Related methods ? php $wsh =...

XSS with default page parameter in Oracle Portal 10g

XSS with default page parameter in Oracle Portal 10g Discovered By: Phm c Hi Pham Duc Hai Email: duchaikhtn at gmail dot com YIM : kikicoco1985vn Website: http://blog.ajaxviet.com ------------------------- Description: When programmers code with Oracle Portal, they may use page parameters support...