CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Packet Storm News•added 2025/10/21 12:0 a.m.•8 views

CLASP: Cost-Optimized LLM-Based Agentic System for Phishing Detection

Phishing websites remain a significant cybersecurity threat, necessitating accurate and cost-effective detection mechanisms. In this paper, we present CLASP, a novel system that effectively identifies phishing websites by leveraging multiple intelligent agents, built using large language models...

6.8AI score

OSV•added 2025/10/20 4:12 p.m.•0 views

SUSE-SU-2025:20867-1 Security update for openssl-3

This update for openssl-3 fixes the following issues: - CVE-2025-9230: Fix out-of-bounds read & write in RFC 3211 KEK unwrap bsc1250232 - Disable LTO for userspace livepatching jscPED-13245...

7.5CVSS6.5AI score0.00037EPSS

CVE•added 2025/10/18 6:42 a.m.•7 views

CVE-2025-11519

The CVE concerns the Optimole WordPress plugin (image optimization service) up to version 4.1.0, where an Insecure Direct Object Reference exists through the /wp-json/optml/v1/move_image REST endpoint due to missing validation of a user-controlled key. This allows authenticated attackers with Aut...

4.3CVSS5.3AI score0.00034EPSS

Cvelist•added 2025/10/18 6:42 a.m.•6 views

CVE-2025-11519 Image optimization service by Optimole <= 4.1.0 - Insecure Direct Object Reference to Authenticated (Author+) Media Offload

The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the /wp-json/optml/v1/moveimage REST API endpoint due to missing validation on a user...

4.3CVSS0.00034EPSS

Malwarebytes•added 2025/10/17 8:10 a.m.•5 views

Under the engineering hood: Why Malwarebytes chose WordPress as its CMS

It might surprise some that a security company would choose WordPress as the backbone of its digital content operations. After all, WordPress is often associated with open-source plugins, community themes, and a wide range of deployment practices—some stronger than others. But that perception...

Securelist•added 2025/10/17 7:0 a.m.•5 views

SEO spam and hidden links: how to protect your website and your reputation

When analyzing the content of websites in an attempt to determine what category it belongs to, we sometimes get an utterly unexpected result. It could be the official page of a metal structures manufacturer or online flower shop, or, say, a law firm website, with completely neutral content, but o...

7.8AI score

Akamai Blog•added 2025/10/16 12:0 p.m.•3 views

How to Get Started with NVIDIA cuOpt

A simple guide to get started with cuOpt, an open source, GPU-accelerated solver for decision optimization...

Packet Storm News•added 2025/10/16 12:0 a.m.•5 views

A Novel GPT-Based Framework for Anomaly Detection in System Logs

Identification of anomalous events within system logs constitutes a pivotal element within the frame- work of cybersecurity defense strategies. However, this process faces numerous challenges, including the management of substantial data volumes, the distribution of anomalies, and the precision o...

6.8AI score

Packet Storm News•added 2025/10/15 12:0 a.m.•5 views

Injection, Attack and Erasure: Revocable Backdoor Attacks Via Machine Unlearning

Backdoor attacks pose a persistent security risk to deep neural networks DNNs due to their stealth and durability. While recent research has explored leveraging model unlearning mechanisms to enhance backdoor concealment, existing attack strategies still leave persistent traces that may be detect...

7.1AI score

IBM Security Bulletins•added 2025/10/10 6:34 a.m.•4 views

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing - Apache Commons HttpClient before 4.2.3 allows man-in-the-middle attack

Summary Apache Commons HttpClient before 4.2.3 allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. Following IBM® Engineering Lifecycle Management product is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Lifecycle...

5.8CVSS6.7AI score0.01248EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2025/10/09 2:41 p.m.•5 views

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing - Improper Access Control vulnerability in Apache Commons

Summary Apache Commons BeanUtils: PropertyUtilsBean Does Not Suppresses An Enum's DeclaredClass Property By Default. Following IBM® Engineering Lifecycle Management product is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Lifecycle Optimization - Publishing...

8.8CVSS9.1AI score0.00258EPSS

Exploits1Affected Software1

Akamai Blog•added 2025/10/09 6:0 a.m.•2 views

Linode Kubernetes Engine Optimization: Save on Compute, Storage, and Networking

...

Packet Storm News•added 2025/10/08 12:0 a.m.•5 views

Are LLMs Reliable Rankers? Rank Manipulation Via Two-Stage Token Optimization

Large language models LLMs are increasingly used as rerankers in information retrieval, yet their ranking behavior can be steered by small, natural-sounding prompts. To expose this vulnerability, we present Rank Anything First RAF, a two-stage token optimization method that crafts concise textual...