CVE-2025-4988

A stored Cross-site Scripting XSS vulnerability affecting Results Analytics in Multidisciplinary Optimization Engineer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...

SUSE-SU-2025:01787-1 Security update for bind

This update for bind fixes the following issues: Update to version 9.20.9. - Security issues fixed: CVE-2025-40775: denial-of-service due to assertion failure caused by the processing of a NS message with an invalid TSIG bsc1243361. CVE-2024-12705: CPU and memory exhaustion due to DNS-over-HTTPS...

CVE-2025-4988

A stored Cross-site Scripting XSS vulnerability affecting Results Analytics in Multidisciplinary Optimization Engineer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2025-4988 Stored Cross-site Scripting (XSS) vulnerability affecting Results Analytics in Multidisciplinary Optimization Engineer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x

A stored Cross-site Scripting XSS vulnerability affecting Results Analytics in Multidisciplinary Optimization Engineer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2025-4988

CVE-2025-4988 is a stored XSS vulnerability affecting Dassault Systèmes’ Multidisciplinary Optimization Engineer (Results Analytics) for 3DEXPERIENCE R2022x through R2024x. The issue enables an attacker to cause arbitrary script execution in a user’s browser session via stored payloads in Results...

CVE-2025-4988 Stored Cross-site Scripting (XSS) vulnerability affecting Results Analytics in Multidisciplinary Optimization Engineer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x

A stored Cross-site Scripting XSS vulnerability affecting Results Analytics in Multidisciplinary Optimization Engineer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...

Dassault Systèmes Multidisciplinary Optimization Engineer 跨站脚本漏洞

Dassault Systèmes Multidisciplinary Optimization Engineer is a software toolkit consisting of multiple applications from Dassault Systèmes France. A cross-site scripting vulnerability exists in Dassault Systèmes Multidisciplinary Optimization Engineer 3DEXPERIENCE R2022x through 3DEXPERIENCE R202...

PT-2025-23301 · Dsm · Multidisciplinary Optimization Engineer

Name of the Vulnerable Software and Affected Versions: Multidisciplinary Optimization Engineer versions 3DEXPERIENCE R2022x through 3DEXPERIENCE R2024x Description: A stored Cross-site Scripting XSS vulnerability affects Results Analytics in Multidisciplinary Optimization Engineer, allowing an...

Disrupting Vision-Language Model-Driven Navigation Services Via Adversarial Object Fusion

We present Adversarial Object Fusion AdvOF, a novel attack framework targeting vision-and-language navigation VLN agents in service-oriented environments by generating adversarial 3D objects. While foundational models like Large Language Models LLMs and Vision Language Models VLMs have enhanced...

VulBinLLM: LLM-Powered Vulnerability Detection for Stripped Binaries

Recognizing vulnerabilities in stripped binary files presents a significant challenge in software security. Although some progress has been made in generating human-readable information from decompiled binary files with Large Language Models LLMs, effectively and scalably detecting vulnerabilitie...

AdInject: Real-World Black-Box Attacks on Web Agents Via Advertising Delivery

Vision-Language Model VLM based Web Agents represent a significant step towards automating complex tasks by simulating human-like interaction with websites. However, their deployment in uncontrolled web environments introduces significant security vulnerabilities. Existing research on adversarial...

Uncovering Black-Hat SEO Based Fake E-Commerce Scam Groups from Their Redirectors and Websites

While law enforcements agencies and cybercrime researchers are working hard, fake E-commerce scam is still a big threat to Internet users. One of the major techniques to victimize users is luring them by black-hat search-engine-optimization SEO; making search engines display their lure pages as i...

Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 128.10.1 ESR. MFSA 2025-37 bsc1243303 CVE-2025-4918: Out-of-bounds access when resolving Promise objects CVE-2025-4919: Out-of-bounds access when optimizing linear sums Patch Instructions: To...

CPA-RAG:Covert Poisoning Attacks on Retrieval-Augmented Generation in Large Language Models

Retrieval-Augmented Generation RAG enhances large language models LLMs by incorporating external knowledge, but its openness introduces vulnerabilities that can be exploited by poisoning attacks. Existing poisoning methods for RAG systems have limitations, such as poor generalization and lack of...

Fedora: Security Advisory (FEDORA-2025-d191ee2f9a)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Semantic-Preserving Adversarial Attacks on LLMs: an Adaptive Greedy Binary Search Approach

Large Language Models LLMs increasingly rely on automatic prompt engineering in graphical user interfaces GUIs to refine user inputs and enhance response accuracy. However, the diversity of user requirements often leads to unintended misinterpretations, where automated optimizations distort...

CVE-2024-8800

The RabbitLoader – Website Speed Optimization for improving Core Web Vital metrics with Cache, Image Optimization, and more plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and...

CVE-2024-3855

In certain cases the JIT incorrectly optimized MSubstr operations, which led to out-of-bounds reads. This vulnerability affects Firefox 125...

CVE-2024-1334

The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the enableOptimization function. This makes it possible for unauthenticated attackers to...

CVE-2024-0983

The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the enableOptimization function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with...