CVE-2026-23522

CVE-2026-23522 affects LobeChat. Prior to version 2.0.0-next.193, the tRPC endpoint knowledgeBase.removeFilesFromKnowledgeBase lacks ownership verification because the userId filter in the DB query is commented out, enabling an authenticated user to delete files from other users’ knowledge bases ...

CrawlChat security vulnerability

CrawlChat is an open-source tool developed by CrawlChat that combines web scrapers with AI chatbots. Versions of CrawlChat prior to 0.0.8 contained security vulnerabilities. These vulnerabilities stemmed from the lack of permission checks in CrawlChat’s Discord bot, allowing non-managed server...

PT-2026-3503

Name of the Vulnerable Software and Affected Versions CrawlChat versions prior to 0.0.8 Description CrawlChat is a platform that converts technical documentation into intelligent chatbots. Before version 0.0.8, a missing permission check in the Discord bot component allowed users without...

PT-2026-3454

Name of the Vulnerable Software and Affected Versions LobeChat versions prior to 2.0.0-next.193 Description LobeChat is an open source chat application platform. Prior to version 2.0.0-next.193, the knowledgeBase.removeFilesFromKnowledgeBase tRPC endpoint allows authenticated users to delete file...

AI and the Corporate Capture of Knowledge

More than a decade after Aaron Swartz's death, the United States is still living inside the contradiction that destroyed him. Swartz believed that knowledge, especially publicly funded knowledge, should be freely accessible. Acting on that, he downloaded thousands of academic articles from the...

CVE-2025-64516

GLPI is a free asset and IT management software package. Prior to 10.0.21 and 11.0.3, an unauthorized user can access GLPI documents attached to any item ticket, asset, .... If the public FAQ is enabled, this unauthorized access can be performed by an anonymous user. This vulnerability is fixed i...

AmbShield: Enhancing Physical Layer Security with Ambient Backscatter Devices against Eavesdroppers

Passive eavesdropping compromises confidentiality in wireless networks, especially in resource-constrained environments where heavyweight cryptography is impractical. Physical layer security PLS exploits channel randomness and spatial selectivity to confine information to an intended receiver wit...

2026-01 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB5073723)

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article...

2026-01 Cumulative Update for Windows 10 Version 22H2 for ARM64-based Systems (KB5073724)

Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer...

2026-01 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5073457)

Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer...

KryptoPilot: An Open-World Knowledge-Augmented LLM Agent for Automated Cryptographic Exploitation

Capture-the-Flag CTF competitions play a central role in modern cybersecurity as a platform for training practitioners and evaluating offensive and defensive techniques derived from real-world vulnerabilities. Despite recent advances in large language models LLMs, existing LLM-based agents remain...

LINEture: Novel Signature Cryptosystem

We propose a novel digital signature cryptosystem that exploits the concept of the brute-force problem. To ensure the security of the cryptosystem, we employed several mechanisms: sharing a common secret for factorable permutations, associating permutations with the message being signed, and...

ZkRansomware: Proof-Of-Data Recoverability and Multi-Round Game Theoretic Modeling of Ransomware Decisions

Ransomware is still one of the most serious cybersecurity threats. Victims often pay but fail to regain access to their data, while also facing the danger of losing data privacy. These uncertainties heavily shape the attacker-victim dynamics in decision-making. In this paper, we introduce and...

CVE-2009-4192

Directory traversal vulnerability in dialog/filemanager.php in Interspire Knowledge Manager 5 allows remote attackers to read arbitrary files via a .. dot dot in the p parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2017-12647

XSS exists in Liferay Portal before 7.0 CE GA4 via a Knowledge Base article title...

CVE-2019-2660

Vulnerability in the Oracle Knowledge Management component of Oracle E-Business Suite subcomponent: Setup, Admin. Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker wi...

CVE-2021-2198

Vulnerability in the Oracle Knowledge Management product of Oracle E-Business Suite component: Setup, Admin. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracl...

Knowledge-Driven Multi-Turn Jailbreaking on Large Language Models

Large Language Models LLMs face a significant threat from multi-turn jailbreak attacks, where adversaries progressively steer conversations to elicit harmful outputs. However, the practical effectiveness of existing attacks is undermined by several critical limitations: they struggle to maintain ...

CurricuLLM: Designing Personalized and Workforce-Aligned Cybersecurity Curricula Using Fine-Tuned LLMs

The cybersecurity landscape is constantly evolving, driven by increased digitalization and new cybersecurity threats. Cybersecurity programs often fail to equip graduates with skills demanded by the workforce, particularly concerning recent developments in cybersecurity, as curriculum design is...

CVE-2026-22539

CVE-2026-22539 describes an information disclosure in OCPP v1.6 where service interactions occur without authentication, allowing an attacker with protocol knowledge to obtain charger information. Red Hat, NVD, CVE List and other sources corroborate that the issue affects Efacec QC charging posts...