PT-2025-44300

Name of the Vulnerable Software and Affected Versions Blu-Castle BCUM221E version 1.0.0P220507 Description A Cross-Site Request Forgery CSRF issue exists in the administrative web GUI. This can be exploited through various methods, including a crafted URL, loading an image, or using an...

Agentic AI Security: Threats, Defenses, Evaluation, and Open Challenges

Agentic AI systems powered by large language models LLMs and endowed with planning, tool use, memory, and autonomy, are emerging as powerful, flexible platforms for automation. Their ability to autonomously execute tasks across web, software, and physical environments creates new and amplified...

sql_injection_analyzer

sqlinjectionanalyzer This is a comprehensive educational t...

Security Bulletin: IBM Sterling Control Center is affected by a vulnerability in spring-security-core-6.4.5.jar (CVE-2025-41232)

Summary IBM Sterling Control Center is affected by a vulnerability CVE-2025-41232 in spring-security-core-6.4.5.jar. Vulnerability Details CVEID:CVE-2025-41232 DESCRIPTION: Spring Security Aspects may not correctly locate method security annotations on private methods. This can cause an...

Enhanced MLLM Black-Box Jailbreaking Attacks and Defenses

Multimodal large language models MLLMs comprise of both visual and textual modalities to process vision language tasks. However, MLLMs are vulnerable to security-related issues, such as jailbreak attacks that alter the model's input to induce unauthorized or harmful responses. The incorporation o...

Updated python-django packages fix a security vulnerability

An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate, QuerySet.alias, QuerySet.aggregate, and QuerySet.extra are subject to SQL injection in column aliases, when using a suitably crafted dictionary, with dictionary expansion, as the kwarg...

Exploit for Incorrect Comparison in Dynamic-Linq Linq

🐞 CVE-2023-32571 - System.Linq.Dynamic.Core Remote Code Execut...

Multimodal Safety Is Asymmetric: Cross-Modal Exploits Unlock Black-Box MLLMs Jailbreaks

Multimodal large language models MLLMs have demonstrated significant utility across diverse real-world applications. But MLLMs remain vulnerable to jailbreaks, where adversarial inputs can collapse their safety constraints and trigger unethical responses. In this work, we investigate jailbreaks i...

When Intelligence Fails: An Empirical Study on Why LLMs Struggle with Password Cracking

The remarkable capabilities of Large Language Models LLMs in natural language understanding and generation have sparked interest in their potential for cybersecurity applications, including password guessing. In this study, we conduct an empirical investigation into the efficacy of pre-trained LL...

CVE-2025-59278

Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally...

EUVD-2025-34458

Parse Javascript SDK vulnerable to prototype pollution in Parse.Object and internal APIs...

CVE-2025-62374

Parse Javascript SDK provides access to the powerful Parse Server backend from your JavaScript app. Prior to 7.0.0, injection of malicious payload allows attacker to remotely execute arbitrary code. ParseObject.fromJSON, ParseObject.pin, ParseObject.registerSubclass, ObjectStateMutations internal...

CVE-2025-62374

CVE-2025-62374 affects the Parse JavaScript SDK before 7.0.0. A malicious payload could be injected via several APIs, enabling remote code execution through components such as ParseObject.fromJSON, ParseObject.pin, ParseObject.registerSubclass, ObjectStateMutations (internal), and encode/decode (...

EUVD-2025-34271

Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally...

EUVD-2025-34369

Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally...

CVE-2025-59278

Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally...

CVE-2025-59278

Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally...

CVE-2025-59275

Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally...

CVE-2025-59277

Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally...

.NET 9.0 Update - October 14, 2025 (KB5068332)

.NET 9.0 Update - October 14, 2025 KB5068332 .NET 9.0 has been refreshed with the latest update as of October 14, 2025. This update contains security and non-security fixes. See the release notes for details about updated packages..NET 9.0 servicing updates are upgrades. The latest servicing upda...