34557 matches found
GHSA-X93P-W2CH-FG67 Ibexa User Bundle is missing password change validation
Impact The vulnerability is in the password change dialog in the back office. During the transition from v4 to v5 a mistake was made in the validation code which caused the validation of the previous password to not run as expected. This made it possible for a logged in user to change password in...
Privacy Practices of Browser Agents
This paper presents a systematic evaluation of the privacy behaviors and attributes of eight recent, popular browser agents. Browser agents are software that automate Web browsing using large language models and ancillary tooling. However, the automated capabilities that make browser agents...
Exploit for Deserialization of Untrusted Data in Facebook React
‼️ CVE-2025-55182 Pwn React2Shell RCE Exploit with Interactive...
security-research
Security Research This project hosts security advisories and...
An Empirical Study on the Security Vulnerabilities of GPTs
Equipped with various tools and knowledge, GPTs, one kind of customized AI agents based on OpenAI's large language models, have illustrated great potential in many fields, such as writing, research, and programming. Today, the number of GPTs has reached three millions, with the range of specific...
Effective Command-Line Interface Fuzzing with Path-Aware Large Language Model Orchestration
Command-line interface CLI fuzzing tests programs by mutating both command-line options and input file contents, thus enabling discovery of vulnerabilities that only manifest under specific option-input combinations. Prior works of CLI fuzzing face the challenges of generating semantics-rich opti...
security-research-reports
security-research-reports...
EUVD-2025-117123
Malicious code in responsible-bronze-sole npm...
Malicious code in responsible-bronze-sole (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 478321554144be69d7f8d6708d8b4a9e4a22186aeb47f821a209a9b0a9a7d4b4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-117122
Malicious code in responsible-harlequin-beaver npm...
Malicious code in responsible-harlequin-beaver (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b00748c3d2042e9b9898bd60ffeca3a9aac108a888ce82ab243cb07f27cdeed9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-102663
Malicious code in responsibleferretz3n npm...
EUVD-2025-95444
Malicious code in responsiblecricketz3n npm...
EUVD-2025-78423
Malicious code in responsiblecicadaz3n npm...
MAL-2025-107973 Malicious code in responsible_cicada_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12c86d2bb6e99db57b63ea471d3477efb7f0e690daaec22fcd3d6c516f160fa6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-78425
Malicious code in responsibleaardwolfz3n npm...
EUVD-2025-80717
Malicious code in responsiblehawk0xrequest npm...
EUVD-2025-68285
Malicious code in responsibleamphibianz3n npm...
EUVD-2025-73953
Malicious code in responsibletapirz3n npm...
EUVD-2025-73957
Malicious code in responsiblechinchillaz3n npm...