EUVD-2023-35131

Improper buffer restrictions in IntelR Optimization for TensorFlow before version 2.13.0 may allow an authenticated user to potentially enable escalation of privilege via local access...

Exploit for CVE-2025-67303

ComfyUI Custom Node - AI Enhancement This is a custom node fo...

PT-2026-3196

Name of the Vulnerable Software and Affected Versions Process Optimization affected versions not specified Description An authenticated attacker with standard user privileges can modify Process Optimization project files, insert code, and potentially gain the privileges of a user who interacts wi...

MiracleLinux 8 : firefox-128.10.1-1.el8_10.ML.1 (AXSA:2025-9963:16)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-9963:16 advisory. firefox: Out-of-bounds access when resolving Promise objects CVE-2025-4918 firefox: Out-of-bounds access when optimizing linear sums CVE-2025-4919...

PT-2026-3197

Name of the Vulnerable Software and Affected Versions Process Optimization application suite affected versions not specified Description The Process Optimization application suite uses connection channels and protocols that are not encrypted by default. This could allow for data hijacking or...

SecureCAI: Injection-Resilient LLM Assistants for Cybersecurity Operations

Large Language Models have emerged as transformative tools for Security Operations Centers, enabling automated log analysis, phishing triage, and malware explanation; however, deployment in adversarial cybersecurity environments exposes critical vulnerabilities to prompt injection attacks where...

CVE-2021-41825

Verint Workforce Optimization WFO 15.2.5.1033 allows HTML injection via the /wfo/control/signin username parameter...

CVE-2022-0969

The Image optimization & Lazy Load by Optimole WordPress plugin before 3.3.2 does not sanitise and escape its "Lazyload background images for selectors" settings, which could allow high privilege users such as admin to perform Cross-Site scripting attacks even when the unfilteredhtml capability i...

CVE-2019-2183

In generateServicesMap of RegisteredServicesCache.java, there is a possible account protection bypass due to a caching optimization. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

CVE-2020-10437

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/optimize-database.php by adding a question mark ? followed by the payload...

CVE-2023-25706

Cross-Site Request Forgery CSRF vulnerability in Pagup WordPress Robots.Txt optimization plugin = 1.4.5 versions...

CVE-2023-45190

IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or...

CVE-2022-23628

OPA is an open source, general-purpose policy engine. Under certain conditions, pretty-printing an abstract syntax tree AST that contains synthetic nodes could change the logic of some statements by reordering array literals. Example of policies impacted are those that parse and compare web paths...

CVE-2024-41763

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

CVE-2024-41768

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause an unhandled SSL exception which could leave the connection in an unexpected or insecure state...

CVE-2024-39725

IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system...

CVE-2024-41767

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

NREL BEopt 代码问题漏洞

NREL BEopt is a residential building energy efficiency program calculator from the NREL organization in the United States. A code issue vulnerability exists in NREL BEopt version 2.8.0.0, which stems from an insecure library load that could lead to a DLL hijacking attack...

AZL-73506 CVE-2025-69227 affecting package python-aiohttp 3.6.2-3

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow for an infinite loop to occur when assert statements are bypassed, resulting in a DoS attack when processing a POST body. If optimizations are enabled -O or PYTHONOPTIMIZE=1, and the...

Security Bulletin: Multiple Vulnerabilities in IBM Event Processing

Summary IBM Event Processing was affected by multiple vulnerabilities. These are affecting the operator and frontend components. Vulnerability Details CVEID:CVE-2025-57752 DESCRIPTION: Next.js is a React framework for building full-stack web applications. In versions before 14.2.31 and from 15.0....