157 matches found
CVE-2025-41017
Inadequate access control vulnerability in Davantis DDFUSION v6.177.7, which allows unauthorised actors to retrieve perspective parameters from security camera settings by accessing “/cameras//perspective”...
CVE-2025-41017
Davantis DDFUSION v6.177.7 contains an inadequate access control vulnerability that could allow unauthenticated actors to retrieve camera perspective parameters. The issue arises from insufficient access restrictions on the endpoint /cameras//perspective, potentially exposing security camera conf...
CVE-2025-41017 Multiple vulnerabilities in DFUSION by Davantis
Inadequate access control vulnerability in Davantis DDFUSION v6.177.7, which allows unauthorised actors to retrieve perspective parameters from security camera settings by accessing “/cameras//perspective”...
CVE-2025-41017 Multiple vulnerabilities in DFUSION by Davantis
Inadequate access control vulnerability in Davantis DDFUSION v6.177.7, which allows unauthorised actors to retrieve perspective parameters from security camera settings by accessing “/cameras//perspective”...
PT-2025-47904
Inadequate access control vulnerability in Davantis DDFUSION v6.177.7, which allows unauthorised actors to retrieve perspective parameters from security camera settings by accessing “/cameras//perspective”...
EUVD-2017-11962
Malware in sbrugna...
EUVD-2017-11949
Malware in sbrugna...
EUVD-2023-42871
Malicious code in bioql PyPI...
Why XSS still matters: MSRC’s perspective on a 25-year-old threat
Cross-Site Scripting XSS has been a known vulnerability class for two decades, yet it continues to surface in modern applications, including those built with the latest frameworks and cloud-native architectures. At Microsoft, we still receive a steady stream of XSS reports across our services, fr...
NeuroBreak: Unveil Internal Jailbreak Mechanisms in Large Language Models
In deployment and application, large language models LLMs typically undergo safety alignment to prevent illegal and unethical outputs. However, the continuous advancement of jailbreak attack techniques, designed to bypass safety mechanisms with adversarial prompts, has placed increasing pressure ...
CVE-2025-45765
ruby-jwt v3.0.0.beta1 was discovered to contain weak encryption. NOTE: the Supplier's perspective is "keysize is not something that is enforced by this library. Currently more recent versions of OpenSSL are enforcing some key sizes and those restrictions apply to the users of this gem also."...
AdvGrasp: Adversarial Attacks on Robotic Grasping from a Physical Perspective
Adversarial attacks on robotic grasping provide valuable insights into evaluating and improving the robustness of these systems. Unlike studies that focus solely on neural network predictions while overlooking the physical principles of grasping, this paper introduces AdvGrasp, a framework for...
DATABench: Evaluating Dataset Auditing in Deep Learning from an Adversarial Perspective
The widespread application of Deep Learning across diverse domains hinges critically on the quality and composition of training datasets. However, the common lack of disclosure regarding their usage raises significant privacy and copyright concerns. Dataset auditing techniques, which aim to...
Living Long Doing Pentests
Whitepaper called Living Long Doing Pentests. It discusses basic LLDP protocol fuzzing and usage from a pentester's point of view...
The Akamai Innovation Tour: A Journey in Perspective and Partnership
“What does innovation mean to you?” Read how one marketer answered that question after attending the 2025 Akamai Innovation Tour...
Bayesian Perspective on Memorization and Reconstruction
We introduce a new Bayesian perspective on the concept of data reconstruction, and leverage this viewpoint to propose a new security definition that, in certain settings, provably prevents reconstruction attacks. We use our paradigm to shed new light on one of the most notorious attacks in the...
CVE-2024-42531
Ezviz Internet PT Camera CS-CV246 D15655150 allows an unauthenticated host to access its live video stream by crafting a set of RTSP packets with a specific set of URLs that can be used to redirect the camera feed. NOTE: the vendor's perspective is that the Anonymous120386 sample code can establi...
CVE-2023-28850
Pimcore Perspective Editor provides an editor for Pimcore that allows users to add/remove/edit custom views and perspectives. This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other...
Advanced XSS Exploitation - Capturing User Local Storage Data
In this paper, the author teaches advanced persistent cross site scripting techniques that can be used to capture data from the client's local storage and send it to an external server. The paper is primarily focusing on a pentesting perspective but also discusses mitigations. Written in Brazilia...
The vulnerability of the VMware Aria Operations for Logs network log analysis tool arises due to the lack of security measures taken to protect the website structure. This allows attackers to escalate their privileges and execute arbitrary code.
The vulnerability of the VMware Aria Operations for Logs network log analysis tool is related to insecure management of privileges. Exploiting this vulnerability could allow a malicious actor, operating remotely, to perform certain operations from the perspective of a user administrating the syst...