Lucene search
+L

456 matches found

The Hacker News
The Hacker News
added 2025/04/11 1:9 p.m.21 views

Paper Werewolf Deploys PowerModul Implant in Targeted Cyberattacks on Russian Sectors

The threat actor known as Paper Werewolf has been observed exclusively targeting Russian entities with a new implant called PowerModul. The activity, which took place between July and December 2024, singled out organizations in the mass media, telecommunications, construction, government entities...

7.3AI score
Exploits0
Huntr
Huntr
added 2025/03/07 1:35 p.m.6 views

MD5 Hash Collision Causes Overwriting of Papers with the Same Title, Leading to Data Loss

Description The ArxivReader class in LlamaIndex is responsible for searching for papers on ArXiv, downloading them, and processing them for AI model training. The workflow of ArxivReader is as follows: 1. The user searches for a specific topic on ArXiv, retrieving a list of relevant papers. impor...

5.3CVSS6.6AI score0.00281EPSS
Exploits1
BDU FSTEC
BDU FSTEC
added 2025/02/28 12:0 a.m.6 views

The vulnerability of PDF-XChange Editor’s PDF document viewing and editing software lies in the possibility of an operation going beyond the buffer in memory, allowing an attacker to execute arbitrary code.

The vulnerability of PDF document viewing and editing software PDF-XChange Editor lies in the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code using a specially created XPS file...

3.3CVSS6.6AI score0.0067EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/05 10:59 p.m.9 views

CVE-2022-1073

A vulnerability was found in Automatic Question Paper Generator 1.0. It has been declared as critical. An attack leads to privilege escalation. The attack can be launched remotely...

9.8CVSS6.8AI score0.00775EPSS
Exploits0References1
NVD
NVD
added 2025/01/09 11:15 a.m.29 views

CVE-2024-12621

The Yumpu E-Paper publishing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'YUMPU' shortcode in all versions up to, and including, 3.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00338EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/01/09 11:10 a.m.5 views

CVE-2024-12621 Yumpu E-Paper publishing <= 3.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Yumpu E-Paper publishing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'YUMPU' shortcode in all versions up to, and including, 3.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.00338EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/01/09 11:10 a.m.16 views

CVE-2024-12621 Yumpu E-Paper publishing <= 3.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Yumpu E-Paper publishing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'YUMPU' shortcode in all versions up to, and including, 3.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00338EPSS
Exploits0References4
CVE
CVE
added 2025/01/09 11:10 a.m.53 views

CVE-2024-12621

CVE-2024-12621 – Yumpu E-Paper publishing (WordPress) is a Stored XSS vulnerability in the Yumpu shortcode that affects all versions up to and including 3.0.8. Exploitation requires authenticated access at contributor level or higher, allowing injection of scripts that run when users view the pag...

6.4CVSS5.7AI score0.00338EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/01/09 12:0 a.m.6 views

PT-2025-1918 · WordPress · Yumpu E-Paper

Name of the Vulnerable Software and Affected Versions: Yumpu E-Paper publishing plugin for WordPress versions up to, and including, 3.0.8 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'YUMPU' shortcode due to insufficient input sanitization and output escaping ...

6.4CVSS6.2AI score0.00338EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/01/09 12:0 a.m.13 views

WordPress plugin Yumpu E-Paper publishing 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

6.4CVSS7.5AI score0.00338EPSS
Exploits0References3
OSV
OSV
added 2025/01/02 2:15 p.m.4 views

CVE-2024-13110

A vulnerability classified as problematic has been found in Beijing Yunfan Internet Technology Yunfan Learning Examination System 1.9.2. Affected is an unknown function of the file src/main/java/com/yf/exam/modules/paper/controller/PaperController.java, of the component Exam Answer Handler. The...

7.5CVSS4.9AI score0.00605EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/01/02 12:0 a.m.5 views

PT-2025-2008 · Beijing Yunfan Internet Technology · Yunfan Learning Examination System

Name of the Vulnerable Software and Affected Versions: Beijing Yunfan Internet Technology Yunfan Learning Examination System version 1.9.2 Description: A problematic issue has been found in the Beijing Yunfan Internet Technology Yunfan Learning Examination System. It affects an unknown function o...

5.3CVSS4.8AI score0.00605EPSS
Exploits1References8
CNNVD
CNNVD
added 2025/01/02 12:0 a.m.8 views

Yunfan Learning Examination System 访问控制错误漏洞

Yunfan Learning Examination System is an examination application from China Yunfan Yunfan Company. An access control error vulnerability exists in Yunfan Learning Examination System version 1.9.2, which originates from an unknown function in file...

7.5CVSS4.7AI score0.00605EPSS
Exploits1References5
Wired Threat Level
Wired Threat Level
added 2024/12/27 11:30 a.m.19 views

The Paper Passport Is Dying

Smartphones and face recognition are being combined to create new digital travel documents. The paper passport’s days are numbered—despite new privacy risks...

7.3AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/12/09 12:0 a.m.8 views

PT-2024-39754 · Papercut · Papercut Ng/Mf

Name of the Vulnerable Software and Affected Versions: PaperCut NG/MF affected versions not specified Description: A reflected cross-site scripting XSS issue exists, allowing specially crafted JavaScript payloads to be executed in the browser. This occurs when a user clicks on a malicious link...

6.3CVSS5.9AI score0.00225EPSS
Exploits0References7
Schneier on Security
Schneier on Security
added 2024/11/25 12:9 p.m.13 views

Security Analysis of the MERGE Voting Protocol

Interesting analysis: An Internet Voting System Fatally Flawed in Creative New Ways. Abstract: The recently published "MERGE" protocol is designed to be used in the prototype CAC-vote system. The voting kiosk and protocol transmit votes over the internet and then transmit voter-verifiable paper...

7.2AI score
Exploits0
CNNVD
CNNVD
added 2024/11/22 12:0 a.m.5 views

PDF-XChange Editor 缓冲区错误漏洞

PDF-XChange Editor is a PDF editor software and PDF reader. PDF-XChange Editor XPS file parsing has an out-of-bounds read remote code execution vulnerability that can be exploited by an attacker to execute code in the context of the current process...

7.8CVSS8.2AI score0.00283EPSS
Exploits0References1
HackRead
HackRead
added 2024/11/20 12:43 p.m.12 views

How Bitcoin’s digital signature feature facilitates Web3 adoption

Bitcoin is a pioneer in technological advancement and decentralization. As its creator states in the white paper, peer-to-peer…...

7.3AI score
Exploits0
OSV
OSV
added 2024/11/12 7:52 p.m.91 views

GHSA-CXWF-QC32-375F Decidim-Awesome has SQL injection in AdminAccountability

Vulnerability type: CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' Vendor: Decidim International Community Environment Has vendor confirmed: Yes Attack type: Remote Impact: Code Execution Escalation of Privileges Information Disclosure Affected component:...

9.3CVSS9.3AI score0.0066EPSS
Exploits0References6
Snyk
Snyk
added 2024/11/12 7:52 p.m.3 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection through the adminroleactions method of the papertrailversion.rb file. An attacker can manipulate SQL queries to disclose sensitive information, read and write files, or execute commands. Remediation Upgrade...

9.3CVSS7.8AI score0.0066EPSS
Exploits0References2
Rows per page
Query Builder