AgentRedBench: Dynamic Redteaming and Integration-Aware Defense for LLM Agents over SaaS Integrations

Indirect prompt injection in tool-use agents is a concrete production threat: LLM agents read from integrations third-party services such as Gmail, Salesforce, or Jira accessed through tool calls whose response content the user neither writes nor controls. Existing benchmarks under-measure the...

Cross-site Scripting (XSS)

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Cross-site Scripting XSS in the sanitizeResponseContent process. An attacker can execute arbitrary JavaScript in the browser of another user by crafting a malicious model description containing a markdown lin...

PT-2026-28141

Name of the Vulnerable Software and Affected Versions OpenEMR versions prior to 8.0.0.3 Description OpenEMR is an electronic health records and medical practice management application. Prior to version 8.0.0.3, the title POST parameter is reflected in a JSON response created using json encode. Du...

EUVD-2022-5830

Malicious code in bioql PyPI...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Response Content-Type parameter. An attacker can execute arbitrary scripts in the context of the victim's browser session by manipulating the content type of responses. PoC...

Important: Red Hat Security Advisory: squid:4 security update

An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this...

Important: Red Hat Security Advisory: squid security update

An update for squid is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

CrowdStrike Reveals Root Cause of Global System Outages

Cybersecurity company CrowdStrike has published its root cause analysis detailing the Falcon Sensor software update crash that crippled millions of Windows devices globally. The "Channel File 291" incident, as originally highlighted in its Preliminary Post Incident Review PIR, has been traced bac...

CrowdStrike Explains Friday Incident Crashing Millions of Windows Devices

Cybersecurity firm CrowdStrike on Wednesday blamed an issue in its validation system for causing millions of Windows devices to crash as part of a widespread outage late last week. "On Friday, July 19, 2024 at 04:09 UTC, as part of regular operations, CrowdStrike released a content configuration...

Low: perl-HTTP-Daemon

Issue Overview: HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which could potentially be exploited to gain privileged access to APIs or poison intermediate caches. It is uncertain how large the risks are, most Perl based...

K05391775: The BIG-IP ASM system may not properly perform attack signature checks

Security Advisory Description The BIG-IP ASM system may not properly perform attack signature checks on request and response content. This issue occurs when all of the following conditions are met: Your system is running BIG-IP 13.1.x. BIG-IP systems running 14.1.x and later are not affected. A...

CVE-2021-21424: Prevent user enumeration via response content in authentication mechanisms

More info at https://symfony.com/cve-2021-21424...

CVE-2021-21424: Prevent user enumeration via response content in authentication mechanisms

More info at https://symfony.com/cve-2021-21424...

CVE-2021-21424: Prevent user enumeration via response content in authentication mechanisms

More info at https://symfony.com/cve-2021-21424...

Netsia SEBA+ 0.16.1 Authentcation Bypass / Add Root User

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Netsia SEBA+ %q This module exploits an authentication bypass in Netsia SEBA+, triggered by add new root/admin user. HTTP requests made to the...

CVE-2020-5255: Prevent cache poisoning via a Response Content-Type header

More info at https://symfony.com/cve-2020-5255...

CVE-2018-16307

An "Out-of-band resource load" issue was discovered on Xiaomi MIWiFi Xiaomi55DD Version 2.8.50 devices. It is possible to induce the application to retrieve the contents of an arbitrary external URL and return those contents in its own response. If a domain name containing a random string is used...

Python Multi Threaded Tor Proxy: pyMultitor

Python Multi Threaded Tor Proxy Installation Prerequisites Python 2.7+. A C compiler, Python headers, etc. are needed to compile several dependencies. On Ubuntu, sudo apt-get install -y build-essential libssl-dev python-setuptools python-pip python-wheel python-dev On Fedora, sudo dnf install -y...