Lucene search
K

335 matches found

OSV
OSV
added 2025/09/26 9:27 a.m.2 views

MAL-2025-47651 Malicious code in customer-preference (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/09/06 7:31 p.m.4 views

CVE-2025-32321

In isSafeIntent of AccountTypePreferenceLoader.java, there is a possible way to bypass an intent type check due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS6.9AI score0.00082EPSS
Exploits0References1
NVD
NVD
added 2025/09/04 7:15 p.m.5 views

CVE-2025-32345

In updateState of ContentProtectionTogglePreferenceController.java, there is a possible way for a secondary user to disable the primary user's deceptive app scanning setting due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges...

7.8CVSS0.00085EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/04 6:33 p.m.3 views

CVE-2025-32345

In updateState of ContentProtectionTogglePreferenceController.java, there is a possible way for a secondary user to disable the primary user's deceptive app scanning setting due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges...

6.3AI score0.00085EPSS
Exploits0References2
OSV
OSV
added 2025/09/04 6:15 p.m.5 views

CVE-2025-26435

In updateState of ContentProtectionTogglePreferenceController.java, there is a possible way for a secondary user to disable the primary user's deceptive app scanning setting due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges...

7.8CVSS5.9AI score0.00079EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/09/03 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2018-7563

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GLPI through 9.2.1. The application is affected by XSS in the query string to front/preference.php. An attacker is able to create a...

6.1CVSS7.1AI score0.01111EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2025/08/06 12:0 a.m.5 views

Prompt Injection Vulnerability of Consensus Generating Applications in Digital Democracy

Large Language Models LLMs are gaining traction as a method to generate consensus statements and aggregate preferences in digital democracy experiments. Yet, LLMs may introduce critical vulnerabilities in these systems. Here, we explore the impact of prompt-injection attacks targeting consensus...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/05 12:0 a.m.3 views

Attack the Messages, Not the Agents: a Multi-Round Adaptive Stealthy Tampering Framework for LLM-MAS

Large language model-based multi-agent systems LLM-MAS effectively accomplish complex and dynamic tasks through inter-agent communication, but this reliance introduces substantial safety vulnerabilities. Existing attack methods targeting LLM-MAS either compromise agent internals or rely on direct...

7.4AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/25 12:0 a.m.4 views

Rational Miner Behaviour, Protocol Stability, and Time Preference: an Austrian and Game-Theoretic Analysis of Bitcoin'S Incentive Environment

This paper integrates Austrian capital theory with repeated game theory to examine strategic miner behaviour under different institutional conditions in blockchain systems. It shows that when protocol rules are mutable, effective time preference rises, undermining rational long-term planning and...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/22 12:0 a.m.4 views

Smart-LLaMA-DPO: Reinforced Large Language Model for Explainable Smart Contract Vulnerability Detection

Smart contract vulnerability detection remains a major challenge in blockchain security. Existing vulnerability detection methods face two main issues: 1 Existing datasets lack comprehensive coverage and high-quality explanations for preference learning. 2 Large language models LLMs often struggl...

7.3AI score
Exploits0
OSV
OSV
added 2025/06/13 2:8 p.m.6 views

GHSA-JWR7-992G-68MH starcitizentools/citizen-skin allows stored XSS in preference menu heading messages

Summary Various preferences messages are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. Details The innerHtml of the label div is set to the textContent of the label, essentially unsanitizing the system messages:...

6.5CVSS7AI score0.0035EPSS
Exploits1References5
Snyk
Snyk
added 2025/06/13 2:8 p.m.1 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the addPortlet.polyfill.js process. An attacker can execute arbitrary HTML or JavaScript code in the context of a user's browser by editing preference menu heading messages that are rendered without proper...

8.5CVSS5.6AI score0.0035EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2025/06/13 2:8 p.m.13 views

starcitizentools/citizen-skin allows stored XSS in preference menu heading messages

Summary Various preferences messages are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. Details The innerHtml of the label div is set to the textContent of the label, essentially unsanitizing the system messages:...

6.5CVSS6.4AI score0.0035EPSS
Exploits1References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 6:6 a.m.3 views

CVE-2023-21016

In AccountTypePreference of AccountTypePreference.java, there is a possible way to mislead the user about accounts installed on the device due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed fo...

5.5CVSS6AI score0.00089EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:4 a.m.4 views

CVE-2023-29733

The Lock Master app 2.2.4 for Android allows unauthorized apps to modify the values in its SharedPreference files. These files hold data that affects many app functions. Malicious modifications by unauthorized apps can cause security issues, such as functionality manipulation, resulting in a seve...

7.8CVSS7.2AI score0.00341EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:2 p.m.6 views

CVE-2021-30972

This issue was addressed with improved checks. This issue is fixed in Security Update 2022-001 Catalina, macOS Big Sur 11.6.3. A malicious application may be able to bypass certain Privacy preferences...

5.5CVSS5.8AI score0.00316EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:18 a.m.10 views

CVE-2011-1652

The default configuration of Microsoft Windows 7 immediately prefers a new IPv6 and DHCPv6 service over a currently used IPv4 and DHCPv4 service upon receipt of an IPv6 Router Advertisement RA, and does not provide an option to ignore an unexpected RA, which allows remote attackers to conduct...

5CVSS6.7AI score0.12329EPSS
Exploits1References1
Packet Storm News
Packet Storm News
added 2025/05/16 12:0 a.m.3 views

MPMA: Preference Manipulation Attack against Model Context Protocol

Model Context Protocol MCP standardizes interface mapping for large language models LLMs to access external data and tools, which revolutionizes the paradigm of tool selection and facilitates the rapid expansion of the LLM agent tool ecosystem. However, as the MCP is increasingly adopted,...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/13 12:0 a.m.1 views

Improved Algorithms for Differentially Private Language Model Alignment

Language model alignment is crucial for ensuring that large language models LLMs align with human preferences, yet it often involves sensitive user data, raising significant privacy concerns. While prior work has integrated differential privacy DP with alignment techniques, their performance...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/04/23 12:0 a.m.4 views

Private Federated Learning Using Preference-Optimized Synthetic Data

In practical settings, differentially private Federated learning DP-FL is the dominant method for training models from private, on-device client data. Recent work has suggested that DP-FL may be enhanced or outperformed by methods that use DP synthetic data Wu et al., 2024; Hou et al., 2024. The...

6.8AI score
Exploits0
Rows per page
Query Builder