CVE-2025-13469

CVE-2025-13469 affects Public Knowledge Project platforms PKP OJS/OMP/Ops (versions 3.3.0/3.4.0/3.5.0) where an attacker can trigger a cross-site scripting (XSS) by manipulating the argument manualInstructions in the file plugins/paymethod/manual/templates/paymentForm.tpl under the Payment Instru...

Public Knowledge Project Platform OJS/OMP/OPS 代码注入漏洞

Public Knowledge Project Platform OJS/OMP/OPS PKP Platform OJS/OMP/OPS is an open source publishing platform from Public Knowledge Project, Inc. A code injection vulnerability exists in Public Knowledge Project Platform OJS/OMP/OPS, which stems from an incorrect manipulation of parameter...

An Evaluation Framework for Network IDS/IPS Datasets: Leveraging MITRE ATT&CK and Industry Relevance Metrics

The performance of Machine Learning ML and Deep Learning DL-based Intrusion Detection and Prevention Systems IDS/IPS is critically dependent on the relevance and quality of the datasets used for training and evaluation. However, current AI model evaluation practices for developing IDS/IPS focus...

BackWeak: Backdooring Knowledge Distillation Simply with Weak Triggers and Fine-Tuning

Knowledge Distillation KD is essential for compressing large models, yet relying on pre-trained "teacher" models downloaded from third-party repositories introduces serious security risks -- most notably backdoor attacks. Existing KD backdoor methods are typically complex and computationally...

Retrofit: Continual Learning with Bounded Forgetting for Security Applications

Modern security analytics are increasingly powered by deep learning models, but their performance often degrades as threat landscapes evolve and data representations shift. While continual learning CL offers a promising paradigm to maintain model effectiveness, many approaches rely on full...

CVE-2025-64711

CVE-2025-64711 affects PrivateBin versions 1.7.7–2.0.3. A drag-and-drop filename containing HTML is rendered as HTML in the drag-and-drop helper, enabling self‑XSS in the victim’s session on macOS/Linux when file uploads are enabled. An attacker must entice the user to attach a maliciously named ...

CVE-2025-64711 PrivateBin vulnerable to malicious filename use for self-XSS / HTML injection locally for users

PrivateBin is an online pastebin where the server has zero knowledge of pasted data. Starting in version 1.7.7 and prior to version 2.0.3, dragging a file whose filename contains HTML is reflected verbatim into the page via the drag-and-drop helper, so any user who drops a crafted file on...

MaxKB 信息泄露漏洞

MaxKB is a 1Panel-dev open source open source knowledge base question and answer system based on a large language model and RAG. An information disclosure vulnerability exists in MaxKB versions prior to 2.3.1, which stems from the fact that users can obtain sensitive information via Python code i...

2025-11 Cumulative Update for Windows 10 Version 21H2 for ARM64-based Systems (KB5068781)

Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer...

2025-11 Cumulative Update for Windows 10 Version 22H2 for x64-based Systems (KB5068781)

Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer...

2025-11 Cumulative Update for Windows 10 Version 22H2 for ARM64-based Systems (KB5068781)

Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer...

2025-11 Cumulative Update for Windows Server 2016 for x64-based Systems (KB5068864)

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article...

2025-11 Dynamic Cumulative Update for Windows 10 Version 21H2 for x64-based Systems (KB5068781)

ComponentUpdate: A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft...

2025-11 Cumulative security Hotpatch for Azure Stack HCI, version 21H2 and Windows Server 2022 Datacenter: Azure Edition for x64-based Systems (KB5068840)

Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information...

CVE-2025-24862

Unrestricted upload of file with dangerous type for some IntelR CIP software before version WINDCA2.4.0.11001 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with a privileged user combined with a high complexity attack may enable data...

CVE-2025-24862

Unrestricted upload of file with dangerous type for some IntelR CIP software before version WINDCA2.4.0.11001 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with a privileged user combined with a high complexity attack may enable data...

KG-DF: A Black-Box Defense Framework against Jailbreak Attacks Based on Knowledge Graphs

With the widespread application of large language models LLMs in various fields, the security challenges they face have become increasingly prominent, especially the issue of jailbreak. These attacks induce the model to generate erroneous or uncontrolled outputs through crafted inputs, threatenin...

RAG-Targeted Adversarial Attack on LLM-Based Threat Detection and Mitigation Framework

The rapid expansion of the Internet of Things IoT is reshaping communication and operational practices across industries, but it also broadens the attack surface and increases susceptibility to security breaches. Artificial Intelligence has become a valuable solution in securing IoT networks, wit...

Large Language Models for Explainable Threat Intelligence

As cyber threats continue to grow in complexity, traditional security mechanisms struggle to keep up. Large language models LLMs offer significant potential in cybersecurity due to their advanced capabilities in text processing and generation. This paper explores the use of LLMs with...

Microsoft Fixes Long-Standing ‘Update and Shut Down’ Bug in Windows 11

Your Windows 11 PC will finally shut down! Learn about the KB5067036 update that fixes the decades-old restart glitch, plus new features like faster search and simpler update names...