LLM-Assisted Deanonymization

Turns out that LLMs are good at de-anonymization: We show that LLM agents can figure out who you are from your anonymous online posts. Across Hacker News, Reddit, LinkedIn, and anonymized interview transcripts, our method identifies users with high precision ­ and scales to tens of thousands of...

EUVD-2024-55078

Multiple parameters in register.php in PHPGurukul Student Record System 3.20 are vulnerable to SQL injection. These include: c-full, fname, mname,lname, gname, ocp, nation, mobno, email, board1, roll1, pyear1, board2, roll2, pyear2, sub1,marks1, sub2, course-short, income, category, ph, country,...

EUVD-2020-17806

Malware in sbrugna...

EUVD-2023-51348

Malicious code in bioql PyPI...

Code-Projects Food Ordering Review System 注入漏洞

Code-Projects Food Ordering Review System is a Code-Projects open source food ordering review system. An injection vulnerability exists in Code-Projects Food Ordering Review System version 1.0, which originates from SQL injection due to incorrect operation of the parameter occupation in the file...

Malicious code in ent-widget-occupation (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8ea664a8546797ec435ec8725f1fce33acd75fc620565baa7327765abaf9ea08 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2023-47216

in OpenHarmony v3.2.2 and prior versions allow a local attacker cause DOS through occupy all resources...

Design/Logic Flaw

in OpenHarmony v3.2.2 and prior versions allow a local attacker cause DOS through occupy all resources...

Russia Is Taking Over Ukraine’s Internet

In occupied Ukraine, people’s internet is being routed to Russia—and subjected to its powerful censorship and surveillance machine...

CVE-2022-1473

Summary: CVE-2022-1473 concerns a bug in the OPENSSL_LH_flush() function in OpenSSL 3.0 that breaks reuse of memory for removed hash table entries, used when decoding certificates or keys, leading to unbounded memory growth and potential DoS in long-lived processes (e.g., TLS clients/servers). Wh...

U.S. Dept Of Defense: Exposure of Private Personal Information to an Unauthorized Actor - PII and soldier data (mos, schools, and speciality training)

The vulnerability exposed private personal information of soldiers, including their last four digits of Social Security number, home of record, military occupation specialty, and school records, to unauthorized users on the https://█████████/SelfService/home/selfservice website. The vulnerability...

CVE-2021-22569

An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated...

CVE-2021-44937

glFusion CMS v1.7.9 is affected by an arbitrary user registration vulnerability in /publichtml/users.php. An attacker can register with the mailbox of any user. When users want to register, they will find that the mailbox has been occupied...

CVE-2021-44937

glFusion CMS v1.7.9 is affected by an arbitrary user registration vulnerability in /publichtml/users.php. An attacker can register with the mailbox of any user. When users want to register, they will find that the mailbox has been occupied...

Design/Logic Flaw

glFusion CMS v1.7.9 is affected by an arbitrary user registration vulnerability in /publichtml/users.php. An attacker can register with the mailbox of any user. When users want to register, they will find that the mailbox has been occupied...

CVE-2021-44937

glFusion CMS v1.7.9 is affected by an arbitrary user registration vulnerability in /publichtml/users.php. An attacker can register with the mailbox of any user. When users want to register, they will find that the mailbox has been occupied...

Updated xstream packages fix security vulnerabilities

In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream CVE-2021-21341...

Stripo Inc: Bypass of #1047119: Missing Rate Limit while creating Plug-Ins at https://my.stripo.email/cabinet/plugins/

Summary: I have found a bypass for the report https://hackerone.com/reports/1047119 It seems that a proper fix was not issued therefore the issue still remains. Steps To Reproduce: 1. Create a Plug-In and capture the request. 1. Send this to Intruder 1. Follow the rest in the Video POC. POC Video...

vBulletin Cross-Site Scripting Vulnerability (CNVD-2020-50933)

vBulletin is a suite of forum programs that can be customized to suit your needs. A cross-site scripting vulnerability exists in the Admin CP in vBulletin 5.6.3. The vulnerability can be exploited by an attacker to conduct a cross-site scripting attack via the occupation title or description in t...

CVE-2020-25115

The Admin CP in vBulletin 5.6.3 allows XSS via an Occupation Title or Description to User Profile Field Manager...