290 matches found
WhatsUp Gold GetStatisticalMonitorList SQL Injection - Authentication Bypass
In WhatsUp Gold versions released before 2024.0.0, if the application is configured with only a single user, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password. id: CVE-2024-6671 info: name: WhatsUp Gold GetStatisticalMonitorList SQL Injectio...
Security Bulletin: IBM SPSS Modeler is affected by multiple vulnerabilities in IBM Semeru Runtime
Summary IBM SPSS Modeler is affected by multiple vulnerabilities in IBM Semeru Runtime. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2026-22016 DESCRIPTION: Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...
Bridging the Smart City Cybersecurity Data Gap through AI-Driven Synthetic Dataset Generation
Smart cities rely on interconnected cyber-physical systems that integrate sensors, IoT devices, cloud platforms, and AI-driven services and decision-making. While these systems enhance city services, they also introduce complex cybersecurity challenges due to their large attack surfaces,...
Set Shaping Theory As a Complementary Payload-Shaping Layer for Steganography
This paper studies the use of Set Shaping Theory SST as a reversible payload-shaping layer for least significant bit LSB image steganography. The proposal is not intended to replace existing steganographic methods or to compete with them as a new embedding scheme. Instead, SST is positioned as a...
编号撤回
R is a statistical computing software from The R Foundation. fe is a lightweight, embeddable ANSI C scripting language developed by rxi. This CVE number has been withdrawn...
[SECURITY] Fedora 43 Update: pspp-2.1.1-5.fc43
PSPP is a program for statistical analysis of sampled data. It interprets commands in the SPSS language and produces tabular output in ASCII, PostScript, or HTML format. PSPP development is ongoing. It already supports a large subset of SPSS's transformation language. Its statistical procedure...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from improper handling of the statistical report area when the number of queues changes. This could lead to...
编号撤回
“form” is a form state management program developed by TanStack. “R” is a statistical computing software provided by The R Foundation. This CVE number has been withdrawn...
Empowering Future Cybersecurity Leaders: Advancing Students through FINDS Education for Digital Forensic Excellence
The Forensics Investigations Network in Digital Sciences FINDS Research Center of Excellence CoE, funded by the U.S. Army Research Laboratory, advances Digital Forensic Engineering Education DFEE through an integrated research education framework for AI enabled cybersecurity workforce development...
Reverse CAPTCHA: Evaluating LLM Susceptibility to Invisible Unicode Instruction Injection
We introduce Reverse CAPTCHA, an evaluation framework that tests whether large language models follow invisible Unicode-encoded instructions embedded in otherwise normal-looking text. Unlike traditional CAPTCHAs that distinguish humans from machines, our benchmark exploits a capability gap: model...
Regular Expression Denial of Service (ReDoS) Detector
This Metasploit auxiliary module implements a scientific approach to detecting and validating ReDoS vulnerabilities in HTTP-based applications. It leverages context-aware payload generation, length progression testing, and statistical analysis to identify inefficient regular expressions that may...
Sparse Autoencoders Are Capable LLM Jailbreak Mitigators
Jailbreak attacks remain a persistent threat to large language model safety. We propose Context-Conditioned Delta Steering CC-Delta, an SAE-based defense that identifies jailbreak-relevant sparse features by comparing token-level representations of the same harmful request with and without...
Burp Suite 2025.12.4 Extension Advanced ReDoS Detector
This Burp Suite Java extension integrates an advanced timing-based ReDoS detection engine into Burp's Active Scanner. It automatically tests HTTP parameters using crafted payloads to identify exponential regex backtracking vulnerabilities. The extension performs warm-up requests, collects baselin...
EUVD-2026-4139
FastAPI Api Key has a timing side-channel in verifykey that allows statistical key validity detection...
CVE-2025-15168
A vulnerability was identified in itsourcecode Student Management System 1.0. Affected is an unknown function of the file /statistical.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used...
CVE-2025-15168
A vulnerability was identified in itsourcecode Student Management System 1.0. Affected is an unknown function of the file /statistical.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used...
CVE-2025-15168 itsourcecode Student Management System statistical.php sql injection
A vulnerability was identified in itsourcecode Student Management System 1.0. Affected is an unknown function of the file /statistical.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used...
CVE-2025-15168
The CVE-2025-15168 entry concerns itsourcecode Student Management System (SMS) 1.0. Affected is the function handling the ID parameter in /statistical.php, where manipulating ID enables an SQL injection. The issue allows remote exploitation and is corroborated by multiple sources noting a publicl...
itsourcecode Student Management System 安全漏洞
itsourcecode Student Management System is an open source student management system from itsourcecode. A security vulnerability exists in version 1.0 of itsourcecode Student Management System, which stems from an incorrect manipulation of the parameter ID in the file /statistical.php, which may le...
A Statistical Side-Channel Risk Model for Timing Variability in Lattice-Based Post-Quantum Cryptography
Timing side-channels are an important threat to cryptography that still needs to be addressed in implementations, and the advent of post-quantum cryptography raises this issue because the lattice-based schemes may produce secret-dependent timing variability with the help of complex arithmetic and...