UBUNTU-CVE-2025-64520

GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.21, an unauthorized user with an API access can read all knowledge base entries. Users should upgrade to 10.0.21 to receive a patch...

CVE-2025-64520 GLPI vulnerable to unauthorized access to restricted Knowledge Base items through the API

GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.21, an unauthorized user with an API access can read all knowledge base entries. Users should upgrade to 10.0.21 to receive a patch...

EUVD-2025-203855

GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.21, an unauthorized user with an API access can read all knowledge base entries. Users should upgrade to 10.0.21 to receive a patch...

CVE-2025-64520 GLPI vulnerable to unauthorized access to restricted Knowledge Base items through the API

GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.21, an unauthorized user with an API access can read all knowledge base entries. Users should upgrade to 10.0.21 to receive a patch...

CVE-2025-64520

GLPI CVE-2025-64520 affects versions 9.1.0 up to (but not including) 10.0.21, where an unauthorized API user can read all knowledge base entries. Root cause: insufficient API authorization. Impact: confidentiality high; integrity/availability not affected per disclosure. Remediation: upgrade to 1...

CVE-2025-64520 GLPI vulnerable to unauthorized access to restricted Knowledge Base items through the API

GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.21, an unauthorized user with an API access can read all knowledge base entries. Users should upgrade to 10.0.21 to receive a patch...

GLPI 安全漏洞

GLPI is an open source IT and asset management software from GLPI Open Source. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...

PT-2025-51790

Name of the Vulnerable Software and Affected Versions GLPI versions 9.1.0 through 10.0.20 Description An unauthorized user with API access can read all knowledge base entries. The issue affects GLPI versions 9.1.0 and prior to 10.0.21. The affected API allows unauthorized access to knowledge base...

MaxKB 竞争条件问题漏洞

MaxKB is a 1Panel-dev open source open source knowledge base question and answer system based on a large language model and RAG. A competitive condition issue vulnerability exists in MaxKB 2.3.1 and earlier versions, which stems from a tool module that allows an attacker to escape the sandbox...

CVE-2025-64447

A reliance on cookies without validation and integrity checking vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an unauthenticated attacker to execute...

2025-12 Cumulative Update for Windows 10 Version 1809 for x86-based Systems (KB5071544)

2025-12 Cumulative Update for Windows 10 Version 1809 for x86-based Systems KB5071544...

2025-12 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB5071544)

2025-12 Cumulative Update for Windows 10 Version 1809 for x64-based Systems KB5071544...

CVE-2025-64447

CVE-2025-64447 involves a cookie validation flaw in Fortinet FortiWeb. Affected products are FortiWeb 8.0.0–8.0.1, 7.6.0–7.6.5, 7.4.0–7.4.10, 7.2.0–7.2.11, and 7.0.0–7.0.11. The root cause is insufficient validation and integrity checking of cookies, allowing an unauthenticated attacker to perfor...

KLA90816 ACE vulnerability in Microsoft Copilot Plugin

A remote code execution vulnerability was found in Microsoft Copilot Studio. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories CVE-2025-64671 Related products GitHub-Copilot-Plugin CVE list CVE-2025-64671 critical KB list Solution Install necessary...

KLA90815 Multiple vulnerabilities in Microsoft Server Software

Multiple vulnerabilities were found in Microsoft Server Software. Malicious users can exploit these vulnerabilities to spoof user interface, gain privileges. Below is a complete list of vulnerabilities: 1. A spoofing vulnerability in Microsoft Exchange Server can be exploited remotely to spoof us...

Memos 安全漏洞

Memos is a Memos open source open source hosted meme center with knowledge management and social features. A security vulnerability exists in Memos version v0.25.2, which stems from improper access control of the Identity Provider service and could lead to account takeover or denial of service...

Galaxy Software Services Vitals ESP SQL注入漏洞

Galaxy Software Services Vitals ESP is a knowledge management system for office use by Galaxy Software Services China. Galaxy Software Services Vitals ESP suffers from a SQL injection vulnerability that stems from SQL command injection and could result in reading the contents of the database...

Galaxy Software Services Vitals ESP 安全漏洞

Galaxy Software Services Vitals ESP is a knowledge management system for office use by Galaxy Software Services China. A security vulnerability exists in Galaxy Software Services Vitals ESP that originates from absolute path traversal and could lead to arbitrary file reading...

The Road of Adaptive AI for Precision in Cybersecurity

Cybersecurity's evolving complexity presents unique challenges and opportunities for AI research and practice. This paper shares key lessons and insights from designing, building, and operating production-grade GenAI pipelines in cybersecurity, with a focus on the continual adaptation required to...

A Wolf in Sheep's Clothing: Bypassing Commercial LLM Guardrails Via Harmless Prompt Weaving and Adaptive Tree Search

Large language models LLMs remain vulnerable to jailbreak attacks that bypass safety guardrails to elicit harmful outputs. Existing approaches overwhelmingly operate within the prompt-optimization paradigm: whether through traditional algorithmic search or recent agent-based workflows, the...