Exploit for Improper Input Validation in Intel Ethernet_Diagnostics_Driver_Iqvw32.Sys

iqvw64e-privilege-escalation CVE-2015-2291 Local Privilege Esc...

Training-Free Watermarking for Autoregressive Image Generation

Invisible image watermarking can protect image ownership and prevent malicious misuse of visual generative models. However, existing generative watermarking methods are mainly designed for diffusion models while watermarking for autoregressive image generation models remains largely underexplored...

CVE-2025-46560 vLLM phi4mm: Quadratic Time Complexity in Input Token Processing​ leads to denial of service

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.8.0 and prior to 0.8.5 are affected by a critical performance vulnerability in the input preprocessing logic of the multimodal tokenizer. The code dynamically replaces placeholder tokens...

phi4mm: Quadratic Time Complexity in Input Token Processing​ leads to denial of service

Summary A critical performance vulnerability has been identified in the input preprocessing logic of the multimodal tokenizer. The code dynamically replaces placeholder tokens e.g., , with repeated tokens based on precomputed lengths. Due to ​​inefficient list concatenation operations​​, the...

GHSA-HG9J-64WP-M9PX Flarum Vulnerable to Session Hijacking via Authoritative Subdomain Cookie Overwrite

Summary A session hijacking vulnerability exists when an attacker-controlled authoritative subdomain under a parent domain e.g., subdomain.host.com sets cookies scoped to the parent domain .host.com. This allows session token replacement for applications hosted on sibling subdomains e.g.,...

CVE-2025-27794

Summary: CVE-2025-27794 affects Flarum versions prior to 1.8.10, where an attacker-controlled authoritative subdomain can set cookies for the parent domain, potentially enabling session hijacking on sibling subdomains. What is affected: Flarum core (pre-1.8.10) with cookies scoped to a parent dom...

[SECURITY] Fedora 40 Update: replacer-1.6-30.fc40

Maven plugin to replace tokens in a given file with a value. This plugin is also used to automatically generating PackageVersion.java in the FasterXML.com project...

InsightAppSec Advanced Authentication Settings: Token Replacement

There are many different ways to use InsightAppSec to authenticate to web apps, but sometimes you need to go deeper into the advanced settings to fully automate your logins, especially with API scanning. Today, we’ll cover one of those advanced settings: Token Replacement. InsightAppSec Token...

Ator - Authentication Token Obtain and Replace Extender

The plugin is created to help automated scanning using Burp in the following scenarios: 1. Access/Refresh token 2. Token replacement in XML,JSON body 3. Token replacement in cookies The above can be achieved using complex macro, session rules or Custom Extender in some scenarios. The rules become...

File (Field) Paths - Critical - Remote Code Execution - SA-CONTRIB-2018-056

This module enables you to automatically sort and rename your uploaded files using token based replacement patterns to maintain a nice clean filesystem. The module doesn't sufficiently sanitize the path while a new file is uploading, allowing a remote attacker to execute arbitrary PHP code. This...

Microsoft Windows 10: Replace a process level token

This policy setting determines which parent processes can replace the access token that is associated with a child process. Specifically, the Replace a process level token setting determines which user accounts can call the CreateProcessAsUser application programming interface API so that one...

Classic kernel vulnerabilities debugging notes-vulnerability warning-the black bar safety net

Foreword The kernel vulnerability for me has always been a bridge, remember two years ago, just contact binary vulnerability when, at the time today's protagonist has just appeared, when debugging this vulnerability when the whole heart is crashing, and recently I relive a bit of the vulnerabilit...