LLM-Based Vulnerable Code Augmentation: Generate or Refactor?

Vulnerability code-bases often suffer from severe imbalance, limiting the effectiveness of Deep Learning-based vulnerability classifiers. Data Augmentation could help solve this by mitigating the scarcity of under-represented CWEs. In this context, we investigate LLM-based augmentation for...

CVE-2025-32151 WordPress BuddyForms Plugin <= 2.9.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Themekraft BuddyForms buddyforms allows PHP Local File Inclusion.This issue affects BuddyForms: from n/a through = 2.9.0...

Sven gopeak masterlab code issue vulnerability

Sven gopeak masterlab is a Sven open source application. Provides simple and efficient , agile development based project management tools . Sven gopeak masterlab version 3.3.10 and earlier versions of the code problematic vulnerability , the vulnerability stems from app/ctrl/admin/User.php...

Sven gopeak masterlab SQL Injection Vulnerability

Sven gopeak masterlab is a Sven open source application. Provide simple and efficient , agile development based project management tools . Sven gopeak masterlab version 3.3.10 and earlier versions of the SQL injection vulnerability , the vulnerability stems from app/ctrl/framework/Feature.php...

Sven gopeak masterlab code issue vulnerability

Sven gopeak masterlab is a Sven open source application. Provides simple and efficient , agile development based project management tools . Sven gopeak masterlab version 3.3.10 and earlier versions of the code problematic vulnerability , the vulnerability stems from app/ctrl/User.php...

Sven gopeak masterlab SQL Injection Vulnerability

Sven gopeak masterlab is a Sven open source application. Provide simple and efficient , agile development based project management tools . Sven gopeak masterlab version 3.3.10 and earlier versions of the SQL injection vulnerability , the vulnerability stems from app/ctrl/Framework.php sqlInject...

sven-heitkamp.de Improper Access Control vulnerability OBB-3780276

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

fahrschule-sven-lohmann.de Improper Access Control vulnerability OBB-3766930

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Vulnerability in core server (CVE-2022-2625)

Extension scripts replace objects not belonging to the extension Some extensions use CREATE OR REPLACE or CREATE IF NOT EXISTS commands. Some don't adhere to the documented rule to target only objects known to be extension members already. An attack requires permission to create non-temporary...

Thruk Cross-Site Scripting Vulnerability

Thruk is an open source multi-backend monitoring web interface from the personal developer Sven Nierlein of Germany. cross-site scripting vulnerability exists in Thruk 2.40-2, which stems from the system allowing the storage of XSS. no detailed vulnerability details are currently available...

Sven gopeak masterlab code issue vulnerability

Sven gopeak masterlab is a Sven open source application. Provides simple and efficient , agile development based project management tools . gopeak masterlab 2.1.5 A code issue vulnerability exists in the Upgrade.php source parameter...

Visual Studio CVE-2019-0728 Remote Code Execution

Description Microsoft Visual Studio is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the current-user. Failed exploit attempts will likely result in denial of service conditions. Mitigations Microsoft has not...

sven-volmering.de XSS vulnerability

Open Bug Bounty ID: OBB-226910 Description| Value ---|--- Affected Website:| sven-volmering.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

SVEN - Base64 encoded String, Corrupted files, External URLs vulnerabilities

HackApp vulnerability scanner discovered that application SVEN published at the 'play' market has multiple vulnerabilities...

[CVE-2015-1467] Fork CMS - SQL Injection in Version 3.8.5

CVE-2015-1467 Fork CMS - SQL Injection in Version 3.8.5 ---------------------------------------------------------------- Product Information: Software: Fork CMS Tested Version: 3.8.5, released on Wednesday 14 January 2015 Vulnerability Type: SQL Injection CWE-89 Download link to tested version:...

Fat Free CRM 0.13.5 Cross Site Request Forgery

CVE-2015-1585 Fat Free CRM - CSRF Vulnerability in Version 0.13.5 ---------------------------------------------------------------- Product Information: Software: Fat Free CRM Tested Version: 0.13.5, released 22.1.2015 with over 10.000 downloads Vulnerability Type: Cross-Site Request Forgery, CSRF...

Fork CMS 3.8.5 SQL Injection

CVE-2015-1467 Fork CMS - SQL Injection in Version 3.8.5 ---------------------------------------------------------------- Product Information: Software: Fork CMS Tested Version: 3.8.5, released on Wednesday 14 January 2015 Vulnerability Type: SQL Injection CWE-89 Download link to tested version:...

Fortigate Firewalls - CSRF Vulnerability

No description provided by source. Vulnerability ID: CVE-2013-1414 Vulnerability Type: CSRF Cross-Site Request Forgery Product: All Fortigate Firewalls Vendor: Fortinet http://www.fortinet.com Vulnerable Version: 4.3.13 & 5.0.2 Description ========== Because many functions are not protected by...

Oracle Linux 5 / 6 : Unbreakable Enterprise Kernel (ELSA-2013-2585)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2013-2585 advisory. - afkey: fix info leaks in notify messages Mathias Krause Orabug: 17837974 CVE-2013-2234 - drivers/cdrom/cdrom.c: use kzalloc for failing hardware...

Unbreakable Enterprise Kernel security update

kernel-uek 2.6.32-400.33.3uek - afkey: fix info leaks in notify messages Mathias Krause Orabug: 17837974 CVE-2013-2234 - drivers/cdrom/cdrom.c: use kzalloc for failing hardware Jonathan Salwan Orabug: 17837971 CVE-2013-2164 - fs/compatioctl.c: VIDEOSETSPUPALETTE missing error check Kees Cook...