Assessing the Software Security Comprehension of Large Language Models

Large language models LLMs are increasingly used in software development, but their level of software security expertise remains unclear. This work systematically evaluates the security comprehension of five leading LLMs: GPT-4o-Mini, GPT-5-Mini, Gemini-2.5-Flash, Llama-3.1, and Qwen-2.5, using...

Passwd: A walkthrough of the Google Workspace Password Manager

Passwd is designed specifically for organizations operating within Google Workspace. Rather than competing as a general consumer password manager, its purpose is narrow, and business-focused: secure credential storage, controlled sharing, and seamless Workspace integration. The platform emphasize...

CVE-2025-13427

An authentication bypass vulnerability in Google Cloud Dialogflow CX Messenger allowed unauthenticated users to interact with restricted chat agents, gaining access to the agents' knowledge and the ability to trigger their intents, by manipulating initialization parameters or crafting specific AP...

WordPress BWL Knowledge Base Manager plugin <= 1.6.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin BWL Knowledge Base Manager versions = 1.6.3...

DREAM: Dynamic Red-Teaming across Environments for AI Models

Large Language Models LLMs are increasingly used in agentic systems, where their interactions with diverse tools and environments create complex, multi-stage safety challenges. However, existing benchmarks mostly rely on static, single-turn assessments that miss vulnerabilities from adaptive,...

CVE-2025-13427

An authentication bypass vulnerability in Google Cloud Dialogflow CX Messenger allowed unauthenticated users to interact with restricted chat agents, gaining access to the agents' knowledge and the ability to trigger their intents, by manipulating initialization parameters or crafting specific AP...

PT-2025-52356

Name of the Vulnerable Software and Affected Versions Google Cloud Dialogflow CX Messenger versions prior to August 20th, 2025 Description An authentication bypass issue in Google Cloud Dialogflow CX Messenger permitted unauthorized users to interact with restricted chat agents. This allowed acce...

CVE-2025-64520

GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.21, an unauthorized user with an API access can read all knowledge base entries. Users should upgrade to 10.0.21 to receive a patch...

Security Bulletin: Multiple Vulnerabilities in Java affecting IBM Knowledge Catalog and IBM Match 360 On Cloud Pak for Data

Summary Lineage, an internal component of IBM Knowledge Catalog, and the IBM Match 360 component within IBM Cloud Pak for Data are impacted by vulnerabilities in Java. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-53057 DESCRIPTION: An unspecified vulnerability i...

CVE-2025-64520

GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.21, an unauthorized user with an API access can read all knowledge base entries. Users should upgrade to 10.0.21 to receive a patch...

UBUNTU-CVE-2025-64520

GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.21, an unauthorized user with an API access can read all knowledge base entries. Users should upgrade to 10.0.21 to receive a patch...

CVE-2025-64520 GLPI vulnerable to unauthorized access to restricted Knowledge Base items through the API

GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.21, an unauthorized user with an API access can read all knowledge base entries. Users should upgrade to 10.0.21 to receive a patch...

EUVD-2025-203855

GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.21, an unauthorized user with an API access can read all knowledge base entries. Users should upgrade to 10.0.21 to receive a patch...

CVE-2025-64520 GLPI vulnerable to unauthorized access to restricted Knowledge Base items through the API

GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.21, an unauthorized user with an API access can read all knowledge base entries. Users should upgrade to 10.0.21 to receive a patch...

CVE-2025-64520

GLPI CVE-2025-64520 affects versions 9.1.0 up to (but not including) 10.0.21, where an unauthorized API user can read all knowledge base entries. Root cause: insufficient API authorization. Impact: confidentiality high; integrity/availability not affected per disclosure. Remediation: upgrade to 1...

CVE-2025-64520 GLPI vulnerable to unauthorized access to restricted Knowledge Base items through the API

GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.21, an unauthorized user with an API access can read all knowledge base entries. Users should upgrade to 10.0.21 to receive a patch...

GLPI 安全漏洞

GLPI is an open source IT and asset management software from GLPI Open Source. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...

PT-2025-51790

Name of the Vulnerable Software and Affected Versions GLPI versions 9.1.0 through 10.0.20 Description An unauthorized user with API access can read all knowledge base entries. The issue affects GLPI versions 9.1.0 and prior to 10.0.21. The affected API allows unauthorized access to knowledge base...

MaxKB 竞争条件问题漏洞

MaxKB is a 1Panel-dev open source open source knowledge base question and answer system based on a large language model and RAG. A competitive condition issue vulnerability exists in MaxKB 2.3.1 and earlier versions, which stems from a tool module that allows an attacker to escape the sandbox...

CVE-2025-64447

A reliance on cookies without validation and integrity checking vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an unauthenticated attacker to execute...