456 matches found
Paper Werewolf Deploys PowerModul Implant in Targeted Cyberattacks on Russian Sectors
The threat actor known as Paper Werewolf has been observed exclusively targeting Russian entities with a new implant called PowerModul. The activity, which took place between July and December 2024, singled out organizations in the mass media, telecommunications, construction, government entities...
MD5 Hash Collision Causes Overwriting of Papers with the Same Title, Leading to Data Loss
Description The ArxivReader class in LlamaIndex is responsible for searching for papers on ArXiv, downloading them, and processing them for AI model training. The workflow of ArxivReader is as follows: 1. The user searches for a specific topic on ArXiv, retrieving a list of relevant papers. impor...
The vulnerability of PDF-XChange Editor’s PDF document viewing and editing software lies in the possibility of an operation going beyond the buffer in memory, allowing an attacker to execute arbitrary code.
The vulnerability of PDF document viewing and editing software PDF-XChange Editor lies in the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code using a specially created XPS file...
CVE-2022-1073
A vulnerability was found in Automatic Question Paper Generator 1.0. It has been declared as critical. An attack leads to privilege escalation. The attack can be launched remotely...
CVE-2024-12621
The Yumpu E-Paper publishing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'YUMPU' shortcode in all versions up to, and including, 3.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-12621 Yumpu E-Paper publishing <= 3.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Yumpu E-Paper publishing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'YUMPU' shortcode in all versions up to, and including, 3.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-12621 Yumpu E-Paper publishing <= 3.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Yumpu E-Paper publishing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'YUMPU' shortcode in all versions up to, and including, 3.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-12621
CVE-2024-12621 – Yumpu E-Paper publishing (WordPress) is a Stored XSS vulnerability in the Yumpu shortcode that affects all versions up to and including 3.0.8. Exploitation requires authenticated access at contributor level or higher, allowing injection of scripts that run when users view the pag...
PT-2025-1918 · WordPress · Yumpu E-Paper
Name of the Vulnerable Software and Affected Versions: Yumpu E-Paper publishing plugin for WordPress versions up to, and including, 3.0.8 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'YUMPU' shortcode due to insufficient input sanitization and output escaping ...
WordPress plugin Yumpu E-Paper publishing 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...
CVE-2024-13110
A vulnerability classified as problematic has been found in Beijing Yunfan Internet Technology Yunfan Learning Examination System 1.9.2. Affected is an unknown function of the file src/main/java/com/yf/exam/modules/paper/controller/PaperController.java, of the component Exam Answer Handler. The...
PT-2025-2008 · Beijing Yunfan Internet Technology · Yunfan Learning Examination System
Name of the Vulnerable Software and Affected Versions: Beijing Yunfan Internet Technology Yunfan Learning Examination System version 1.9.2 Description: A problematic issue has been found in the Beijing Yunfan Internet Technology Yunfan Learning Examination System. It affects an unknown function o...
Yunfan Learning Examination System 访问控制错误漏洞
Yunfan Learning Examination System is an examination application from China Yunfan Yunfan Company. An access control error vulnerability exists in Yunfan Learning Examination System version 1.9.2, which originates from an unknown function in file...
The Paper Passport Is Dying
Smartphones and face recognition are being combined to create new digital travel documents. The paper passport’s days are numbered—despite new privacy risks...
PT-2024-39754 · Papercut · Papercut Ng/Mf
Name of the Vulnerable Software and Affected Versions: PaperCut NG/MF affected versions not specified Description: A reflected cross-site scripting XSS issue exists, allowing specially crafted JavaScript payloads to be executed in the browser. This occurs when a user clicks on a malicious link...
Security Analysis of the MERGE Voting Protocol
Interesting analysis: An Internet Voting System Fatally Flawed in Creative New Ways. Abstract: The recently published "MERGE" protocol is designed to be used in the prototype CAC-vote system. The voting kiosk and protocol transmit votes over the internet and then transmit voter-verifiable paper...
PDF-XChange Editor 缓冲区错误漏洞
PDF-XChange Editor is a PDF editor software and PDF reader. PDF-XChange Editor XPS file parsing has an out-of-bounds read remote code execution vulnerability that can be exploited by an attacker to execute code in the context of the current process...
How Bitcoin’s digital signature feature facilitates Web3 adoption
Bitcoin is a pioneer in technological advancement and decentralization. As its creator states in the white paper, peer-to-peer…...
GHSA-CXWF-QC32-375F Decidim-Awesome has SQL injection in AdminAccountability
Vulnerability type: CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' Vendor: Decidim International Community Environment Has vendor confirmed: Yes Attack type: Remote Impact: Code Execution Escalation of Privileges Information Disclosure Affected component:...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection through the adminroleactions method of the papertrailversion.rb file. An attacker can manipulate SQL queries to disclose sensitive information, read and write files, or execute commands. Remediation Upgrade...