CVE-2025-10346

CVE-2025-10346 affects Perfex CRM v3.2.1 with a stored HTML injection in the knowledge_base/article endpoint. The vulnerability arises from insufficient input validation of the subject parameter, allowing an attacker to inject arbitrary HTML via a POST request. Multiple sources corroborate this: ...

PT-2025-39835

Name of the Vulnerable Software and Affected Versions VMware Tools for Windows affected versions not specified Description VMware Tools contains an improper authorisation issue related to how it manages user access controls. A malicious actor with non-administrative privileges on a guest virtual...

PT-2025-39819

Name of the Vulnerable Software and Affected Versions Perfex CRM version 3.2.1 Description A stored HTML injection issue exists due to insufficient validation of user-supplied data. The issue is triggered by sending a POST request with malicious content in the subject parameter to the ''/knoewled...

Perfex CRM 跨站脚本漏洞

Perfex CRM is a customer relationship management software from Perfex CRM open source. It is used to manage customers, projects and create invoices in the cloud. A cross-site scripting vulnerability exists in Perfex CRM version 3.2.1, which stems from insufficient validation of user input for the...

Uncovering Vulnerabilities of LLM-Assisted Cyber Threat Intelligence

Large Language Models LLMs are intensively used to assist security analysts in counteracting the rapid exploitation of cyber threats, wherein LLMs offer cyber threat intelligence CTI to support vulnerability assessment and incident response. While recent work has shown that LLMs can support a wid...

The Impact of Audio Watermarking on Audio Anti-Spoofing Countermeasures

This paper presents the first study on the impact of audio watermarking on spoofing countermeasures. While anti-spoofing systems are essential for securing speech-based applications, the influence of widely used audio watermarking, originally designed for copyright protection, remains largely...

Security Bulletin: Multiple Vulnerabilities in Java affecting IBM Knowledge Catalog and IBM Match 360 On Cloud Pak for Data

Summary Lineage, an internal component of IBM Knowledge Catalog, and the IBM Match 360 component within IBM Cloud Pak for Data are impacted by vulnerabilities in Java. These vulnerabilities have now addressed. Vulnerability Details CVEID:CVE-2025-50059 DESCRIPTION: Vulnerability in the Oracle Jav...

How Far Are We? an Empirical Analysis of Current Vulnerability Localization Approaches

Open-source software vulnerability patch detection is a critical component for maintaining software security and ensuring software supply chain integrity. Traditional manual detection methods face significant scalability challenges when processing large volumes of commit histories, while being...

MAL-2025-47327 Malicious code in mcp-knowledge-graph (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7e385978fdd606a1cfafadbcf800ed35523992d9a683305fcca51a6f12ea8b0f Any computer that has this package installed or running should be considered fully compromised. All...

MAL-2025-47326 Malicious code in mcp-knowledge-base (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d4724282166039be3118847ca134f1f7cabc4997246050c1b2a195ad521ed995 Any computer that has this package installed or running should be considered fully compromised. All...

Malicious code in mcp-knowledge-base (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d4724282166039be3118847ca134f1f7cabc4997246050c1b2a195ad521ed995 Any computer that has this package installed or running should be considered fully compromised. All...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

offensiveinterview

It is an offensive tool for penetration testing and red teaming. The repository contains a collection of interview questions to screen offensive red team/pentest candidates, categorized into open-ended, knowledge-based, and scenario-based questions. The questions cover various topics such as...

Microsoft Office 2016 RCE Vulnerability (KB5002576)

This host is missing an critical security update according to Microsoft KB5002576 SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

2025-09 Cumulative Update for Windows Server 2019 for x64-based Systems (KB5065428)

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article...

2025-09 Cumulative Update for Windows 10 Version 22H2 for x64-based Systems (KB5065429)

Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer...

2025-09 Dynamic Cumulative Update for Windows 10 Version 21H2 for x64-based Systems (KB5065429)

ComponentUpdate: A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft...

2025-09 Cumulative security Hotpatch for Azure Stack HCI, version 21H2 and Windows Server 2022 Datacenter: Azure Edition for x64-based Systems (KB5065306)

Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information...

2025-09 Dynamic Cumulative Update for Windows 10 Version 22H2 for ARM64-based Systems (KB5065429)

ComponentUpdate: A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft...