8 matches found
A Protocol-Language Model for Network Intrusion (Without Deep Packet Inspection)
Modern network intrusion detection systems NIDS are caught in a structural contradiction: the protocols carrying the highest threat intelligence are precisely those encrypted under TLS 1.3 and QUIC, where payload inspection yields nothing. We ask a simpler question -- what if the attack signature...
OpenClaw 安全漏洞
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that stems from the derivation of a loopback MCP owner context from a server-issued bearer token that can be spoofed in the request header, which can be exploited by an attacke...
Moderate: luksmeta security update
LUKSMeta is a simple library for storing metadata in the LUKSv1 header. The luksmeta package is a dependency of the clevis and tang packages, together providing the Network Bound Disk Encryption NBDE in AlmaLinux. Security Fixes: luksmeta: Data corruption when handling LUKS1 partitions with...
CVE-2025-66311 Grav vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/pages/[page]` in Multiples parameters
This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a Stored Cross-Site Scripting XSS vulnerability was identified in the /admin/pages/page endpoint of the Grav application. This...
CVE-2025-66311 Grav vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/pages/[page]` in Multiples parameters
This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a Stored Cross-Site Scripting XSS vulnerability was identified in the /admin/pages/page endpoint of the Grav application. This...
CVE-2025-66311
CVE-2025-66311 refers to a Stored XSS vulnerability in Grav’s admin interface. The issue is in the "/admin/pages/[page]" endpoint where un sanitized input could be injected into data[header][metadata], data[header][taxonomy][category], and data[header][taxonomy][tag], with payloads stored in page...
CVE-2025-66311 Grav vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/pages/[page]` in Multiples parameters
This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a Stored Cross-Site Scripting XSS vulnerability was identified in the /admin/pages/page endpoint of the Grav application. This...
[SECURITY] Fedora 42 Update: luksmeta-10-1.fc42
LUKSMeta is a command line utility for storing small portions of metadata in the LUKSv1 header for use before unlocking the volume...