Clouding the Mirror: Stealthy Prompt Injection Attacks Targeting LLM-Based Phishing Detection

Phishing sites continue to grow in volume and sophistication. Recent work leverages large language models LLMs to analyze URLs, HTML, and rendered content to decide whether a website is a phishing site. While these approaches are promising, LLMs are inherently vulnerable to prompt injection PI...

EUVD-2014-5270

Malware in sbrugna...

EUVD-2007-3619

Malware in sbrugna...

EUVD-2013-1786

Malware in sbrugna...

EUVD-2015-3087

Malware in sbrugna...

EUVD-2018-0506

Malware in sbrugna...

EUVD-2022-1227

Malicious code in bioql PyPI...

WordPress WP LOL Rotation <= 1.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Chu The Anh Blue Rock in WordPress Plugin WP LOL Rotation versions = 1.0...

WordPress Search with Typesense plugin <= 2.0.10 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Search with Typesense versions = 2.0.10...

WordPress WPCHURCH plugin <= 2.7.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Phúc ton luoi in WordPress Plugin WPCHURCH versions = 2.7.0...

CVE-2025-22479

Summary: CVE-2025-22479 affects Dell Storage Center / Dell Storage Manager, version 20.0.21. The root cause is an improper limitation of a pathname to a restricted directory, i.e., a path traversal that could allow an unauthenticated, adjacent-network attacker to inject scripts. The public docume...

CVE-2025-2190

The mobile application com.transsnet.store has a man-in-the-middle attack vulnerability, which may lead to code injection risks...

CVE-2025-2190

The mobile application com.transsnet.store has a man-in-the-middle attack vulnerability, which may lead to code injection risks...

CVE-2025-2190

The mobile application com.transsnet.store has a man-in-the-middle attack vulnerability, which may lead to code injection risks...

CVE-2025-2190

The mobile application com.transsnet.store has a man-in-the-middle attack vulnerability, which may lead to code injection risks...

CVE-2025-2190

CVE-2025-2190 affects the mobile app com.transsnet.store. Root cause per the CVE metadata is a man‑in‑the‑middle vulnerability that may enable code injection. CVSS v3.1 vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H with base score 8.1 (HIGH). Multiple connected feeds corroborate the issue; no expli...

Vulnerabilities fixed in Mattermost

Mattermost fixed vulnerabilities in versions 10.4.x, 9.11.x, 10.3.x, 10.2.x and 10.1.x. The vulnerabilities include failure to invalidate active sessions when converting to a bot, incorrect input validation during board patching and duplication, SQL injection attacks due to lack of prepared...

Roundcube Webmail 1.6.x < 1.6.7 Multiples Vulnerabilities

According to its self-reported version number, Roundcube Webmail is prior to 1.5.7 or 1.6.x prior to 1.6.7. Therefore, it may be affected by multiple vulnerabilities : - A Cross-Site Scripting XSS via SVG animate attributes. - A Cross-Site Scripting XSS via list columns from user preferences. - A...

Jenkins plugins Multiple Vulnerabilities (2024-11-13)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins Script Security Plugin 1367.vdf2fc45f229c and earlier, except 1365.1367.va3bb89f8a95b and 1362.1364.v4cf2dc5d8776, does not perform...

SUSE CVE-2006-3016

Unspecified vulnerability in session.c in PHP before 5.1.3 has unknown impact and attack vectors, related to "certain characters in session names," including special characters that are frequently associated with CRLF injection, SQL injection, cross-site scripting XSS, and HTTP response splitting...