MC-271325-PoC

Status trailing-byte log amplification MC-271325 Unauthenti...

EUVD-2026-27233

An issue was discovered in the Shared Account Synchronization component of PaperCut MF version 25.0.4. The application allows administrative users to configure a source path for account data synchronization. Due to a lack of proper path validation and sanitization, an authenticated user with...

zero-click-exploit-analysis

Zero-Click, Old Tricks Anatomy of the 2025 WhatsApp–ImageIO z...

How Digital Annotations Are Replacing Paper Markups in Business

Digital Annotations replace paper markups in business, enabling real time collaboration, version control, and secure document workflows across teams...

A Cryptography Engineer’s Perspective on Quantum Computing Timelines

My position on the urgency of rolling out quantum-resistant cryptography has changed compared to just a few months ago. You might have heard this privately from me in the past weeks, but it’s time to signal and justify this change of mind publicly. There had been rumors for a while of expected an...

ESC/POS Printer Command Injector

This module exploits an unauthenticated ESC/POS command vulnerability in networked Epson-compatible printers. You can print a custom message, trigger the attached cash drawer, or cut the paper. Module Options msf use auxiliary/admin/printer/escpostcpcommandinjector msf...

Study Finds ROME AI Agent Attempted Cryptomining Without Instructions

A recent research paper describing the training of an experimental AI agent has started a discussion after the…...

Exploit for CVE-2010-2568

Zero Click Exploits Android, OSX, Linux, Windows, iOS, IoT, S...

CVE-2026-24903 OrcaStatLLM Researcher Stored Cross-Site Scripting (XSS) via Log Message Injection in Session Page

OrcaStatLLM Researcher is an LLM Based Research Paper Generator. A Stored Cross-Site Scripting XSS vulnerability was discovered in the Log Message in the Session Page in OrcaStatLLM-Researcher that allows attackers to inject and execute arbitrary JavaScript code in victims' browsers through...

OrcaStatLLM Researcher 跨站脚本漏洞

OrcaStatLLM Researcher is an open-source research paper generator based on large models, developed by AlgoNet Lab. OrcaStatLLM Researcher has a cross-site scripting vulnerability. This vulnerability arises from improper handling of malicious research topic inputs in the log messages of the sessio...

CVE-2025-14235

Buffer overflow in XPS font fpgm data processing on Small Office Multifunction Printers and Laser Printers which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. : Satera LBP670C Series/Satera MF750C Series firmware v06....

PT-2026-3192

Name of the Vulnerable Software and Affected Versions Canon Satera LBP670C Series/Satera MF750C Series firmware versions v06.02 and earlier Canon Color imageCLASS LBP630C/Color imageCLASS MF650C Series/imageCLASS LBP230 Series/imageCLASS X LBP1238 II/imageCLASS MF450 Series/imageCLASS X MF1238...

Exposing Vulnerabilities in Counterfeit Prevention Systems Utilizing Physically Unclonable Surface Features

Counterfeit products pose significant risks to public health and safety through infiltrating untrusted supply chains. Among numerous anti-counterfeiting techniques, leveraging inherent, unclonable microscopic irregularities of paper surfaces is an accurate and cost-effective solution. Prior work ...

CVE-2025-14203 code-projects Question Paper Generator selectquestionuser.php sql injection

A flaw has been found in code-projects Question Paper Generator up to 1.0. This vulnerability affects unknown code of the file /selectquestionuser.php. This manipulation of the argument subid causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and m...

CVE-2025-14203 code-projects Question Paper Generator selectquestionuser.php sql injection

A flaw has been found in code-projects Question Paper Generator up to 1.0. This vulnerability affects unknown code of the file /selectquestionuser.php. This manipulation of the argument subid causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and m...

CVE-2025-14203

CVE-2025-14203 affects Code-Projects Question Paper Generator up to version 1.0, with the vulnerability residing in the file /selectquestionuser.php. The root cause is improper handling/manipulation of the subid parameter, enabling SQL injection. This flaw allows remote exploitation, and an explo...

PT-2025-49417

A flaw has been found in code-projects Question Paper Generator up to 1.0. This vulnerability affects unknown code of the file /selectquestionuser.php. This manipulation of the argument subid causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and m...

Code-Projects Question Paper Generator SQL注入漏洞

Code-Projects Question Paper Generator is a Code-Projects open source question paper generation software. Code-Projects Question Paper Generator 1.0 and earlier versions have a SQL injection vulnerability that stems from improper handling of the parameter subid in the file /selectquestionuser.php...

Your Data Might Determine How Much You Pay for Eggs

A newly enacted New York law requires retailers to say whether your data influences the price of basic goods like a dozen eggs or toilet paper, but not how...

CVE-2025-13583

A weakness has been identified in code-projects Question Paper Generator 1.0. This affects an unknown part of the file /signupscript.php of the component POST Parameter Handler. Executing manipulation of the argument Fname can lead to sql injection. The attack can be executed remotely. The exploi...