Robustness Via Referencing: Defending against Prompt Injection Attacks by Referencing the Executed Instruction

Large language models LLMs have demonstrated impressive performance and have come to dominate the field of natural language processing NLP across various tasks. However, due to their strong instruction-following capabilities and inability to distinguish between instructions and data content, LLMs...

Did:Self a Registry-Less DID Method

We introduce did:self, a Decentralized Identifier DID method that does not depend on any trusted registry for storing the corresponding DID documents. Information for authenticating a did:self subject can be disseminated using any means and without making any security assumption about the deliver...

TriniMark: a Robust Generative Speech Watermarking Method for Trinity-Level Attribution

Whitepaper called TriniMark: A Robust Generative Speech Watermarking Method For Trinity-Level Attribution...

Exploit for Path Traversal in Zoneminder

CVE-2022-29806 ZoneMinder up to 1.36.12 Language privilege esc...

CVE-2025-3984 Apereo CAS Groovy Code RegisteredServiceSimpleFormController.java saveService code injection

A vulnerability was found in Apereo CAS 5.2.6 and classified as critical. Affected by this issue is the function saveService of the file cas-5.2.6\webapp-mgmt\cas-management-webapp-support\src\main\java\org\apereo\cas\mgmt\services\web\RegisteredServiceSimpleFormController.java of the component...

The vulnerability of the GetGateways method in the software for managing and monitoring remote devices in telemetry and telemechanics systems allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the GetGateways method in the software for managing and monitoring remote devices in telemetering and telemechanics systems is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to compromise the...

CVE-2025-43855

tRPC allows users to build & consume fully typesafe APIs without schemas or code generation. In versions starting from 11.0.0 to before 11.1.1, an unhandled error is thrown when validating invalid connectionParams which crashes a tRPC WebSocket server. This allows any unauthenticated user to cras...

CVE-2025-43855

CVE-2025-43855 affects tRPC 11 WebSocket servers (versions 11.0.0–11.1.0) where validating malformed connectionParams can throw an unhandled error, crashing the server. Any unauthenticated user can trigger this on WebSocket-enabled servers with a createContext method. The issue has been patched i...

RUSTSEC-2025-0038 Out of bounds access in public safe API

Rows::rowunchecked allows out of bounds access to the underlying buffer without sufficient checks. The arrow2 crate is no longer maintained, so there are no plans to fix this issue. Users are advised to migrate to the arrow crate, instead...

📄 AlegroCart 1.2.9 Cross Site Scripting

AlegroCart version 1.2.9 suffers from persistent and reflective cross site scripting vulnerabilities. Exploit Title: XSS via SVG Image Upload - alegrocartv1.2.9 Date: 04/2025 Exploit Author: Andrey Stoykov Version: 1.2.9 Tested on: Debian 12 Blog: https://msecureltd.blogspot.com/ XSS via SVG Imag...

uri: userinfo leakage in URI#join, URI#merge and URI#+

A flaw was found in the URI ruby gem package, where userinfo leakage can occur in the uri gem. The methods URIjoin, URImerge, and URI+ retained userinfo, such as user:password, even after the host is replaced. When generating a URL to a malicious host from a URL containing secret userinfo using...

Seeking Flat Minima over Diverse Surrogates for Improved Adversarial Transferability: a Theoretical Framework and Algorithmic Instantiation

Whitepaper called Seeking Flat Minima Over Diverse Surrogates For Improved Adversarial Transferability: A Theoretical Framework And Algorithmic Instantiation...

The vulnerability of the UpdateGateways method in the software for managing and monitoring remote devices in telemetering and telemechanics systems allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the UpdateGateways method in the software for managing and monitoring remote devices in telemetering and telemechanics systems is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker to compromise the...

The vulnerability of the UpdateUsers method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems, allowing a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the UpdateUsers method in software for managing and monitoring removed objects in telemetry and telemechanics systems is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker to compromise the confidentiality,...

The vulnerability of the CreateProject method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems, allowing a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the CreateProject method in the software for managing and monitoring removed objects in telemetry and telemechanics systems, such as the TeleControl Server Basic, is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a...

The vulnerability of the VerifyUser method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems of the TeleControl Server Basic allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the VerifyUser method in software for managing and monitoring deleted objects in telemetry and telemechanics systems related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker to compromise the confidentiality,...

PlayStation: Blu-ray Disc Java Sandbox Escape via two vulnerabilities

Two vulnerabilities in Blu-ray Disc Java bd-j related to the Inter-Xlet Communication Ixc implementation were discovered. The first vulnerability allowed invoking methods in privileged context by registering a remote object that implements an interface extending java.rmi.Remote. The second...

Charting the Uncharted: the Landscape of Monero Peer-To-Peer Network

The Monero blockchain enables anonymous transactions through advanced cryptography in its peer-to-peer network, which underpins decentralization, security, and trustless interactions. However, privacy measures obscure peer connections, complicating network analysis. This study proposes a method t...

Siemens TeleControl Server Basic SQL Injection Vulnerability (CNVD-2025-08363)

Siemens TeleControl Server Basic is an industrial remote controller from Siemens, Germany. Siemens TeleControl Server Basic suffers from an SQL injection vulnerability that originates from an SQL injection in the MigrateDatabase method, which can be exploited by an attacker to bypass authorizatio...

Siemens TeleControl Server Basic SQL Injection Vulnerability (CNVD-2025-08350)

Siemens TeleControl Server Basic is an industrial remote controller from Siemens, Germany. Siemens TeleControl Server Basic suffers from a SQL injection vulnerability that originates from a SQL injection in the internal method CreateProject, which can be exploited by an attacker to bypass...