CVE-2025-55133

In Agora Foundation Agora fall23-Alpha1 before b087490, there is XSS via topicName in client/agora/public/js/editorManager.js...

agora 跨站脚本漏洞

agora is a cloud-based learning and research platform open-sourced by the Agora Foundation. A cross-site scripting vulnerability exists in versions prior to agora fall23-Alpha1 b087490, which stems from the topicName parameter in editorManager.js being susceptible to cross-site scripting attacks...

Exploit for CVE-2025-8550

CVE-2025-8550 – atjiu pybbs XSS Exploit Description This...

pybbs 代码注入漏洞

pybbs is a community platform for Java development by iuiu individual developers. A code injection vulnerability exists in pybbs 6.0.0 and earlier versions, which stems from improper handling of the parameter Username in the file /admin/topic/list, which could lead to a cross-site scripting attac...

CVE-2025-50819

Directory traversal vulnerability in beiyuouo arxiv-daily thru 2025-05-06 commit fad168770b0e68aef3e5acfa16bb2e7a7765d687 when parsing the the topic.yml file in the generation logic in dailyarxiv.py...

arxiv-daily 路径遍历漏洞

arxiv-daily is an automated paper updater for OMAR Individual Developers. A security vulnerability exists in arxiv-daily version 2025-05-06, which stems from a directory traversal vulnerability when parsing the topic.yml file...

When and Where Do Data Poisons Attack Textual Inversion?

Poisoning attacks pose significant challenges to the robustness of diffusion models DMs. In this paper, we systematically analyze when and where poisoning attacks textual inversion TI, a widely used personalization technique for DMs. We first introduce Semantic Sensitivity Maps, a novel method fo...

Exploit for SQL Injection in Phpgurukul Student_Result_Management_System

PoCVulDb PoC of CVEs 4m3rr0r CVE-2025-7534https://github.c...

CVE-2025-29756

SunGrow's back end users system iSolarCloud https://isolarcloud.com uses an MQTT service to transport data from the user's connected devices to the user's web browser. The MQTT server however did not have sufficient restrictions in place to limit the topics that a user could subscribe to. While t...

CVE-2025-29756

SunGrow's back end users system iSolarCloud https://isolarcloud.com uses an MQTT service to transport data from the user's connected devices to the user's web browser. The MQTT server however did not have sufficient restrictions in place to limit the topics that a user could subscribe to. While...

CVE-2025-29756 MQTT implementation in Sungrow iSolarCloud allowed users to subscribe to all data of all connected inverters

SunGrow's back end users system iSolarCloud https://isolarcloud.com uses an MQTT service to transport data from the user's connected devices to the user's web browser. The MQTT server however did not have sufficient restrictions in place to limit the topics that a user could subscribe to. While...

CVE-2025-48062

Technical details about CVE-2025-48062 are not publicly disclosed in the provided documents. Monitor for updates from official sources.

CVE-2025-48062 Discourse vulnerable to HTML injection when inviting to topic via email

Discourse is an open-source discussion platform. Prior to version 3.4.4 of the stable branch, version 3.5.0.beta5 of the beta branch, and version 3.5.0.beta6-dev of the tests-passed branch, certain invites via email may result in HTML injection in the email body if the topic title includes HTML...

VulnCheck KEV: CVE-2021-24827

The Asgaros Forum WordPress plugin before 1.15.13 does not validate and escape user input when subscribing to a topic before using it in a SQL statement, leading to an unauthenticated SQL injection issue...

The Feasibility of Topic-Based Watermarking on Academic Peer Reviews

Large language models LLMs are increasingly integrated into academic workflows, with many conferences and journals permitting their use for tasks such as language refinement and literature summarization. However, their use in peer review remains prohibited due to concerns around confidentiality...

CVE-2025-27804

Several OS command injection vulnerabilities exist in the device firmware in the /var/salia/mqtt.php script. By publishing a specially crafted message to a certain MQTT topic arbitrary OS commands can be executed with root permissions...

CVE-2024-33122

Roothub v2.6 was discovered to contain a SQL injection vulnerability via the topic parameter in the list function...

CVE-2024-50695

SunGrow WiNet-SV200.001.00.P027 and earlier versions is vulnerable to stack-based buffer overflow when parsing MQTT messages, due to missing MQTT topic bounds checks...

CVE-2023-5223

A vulnerability, which was classified as critical, has been found in HimitZH HOJ up to 4.6-9a65e3f. This issue affects some unknown processing of the component Topic Handler. The manipulation leads to sandbox issue. The attack may be initiated remotely. The exploit has been disclosed to the publi...

CVE-2023-38685

Discourse is an open source discussion platform. Prior to version 3.0.6 of the stable branch and version 3.1.0.beta7 of the beta and tests-passed branches, information about restricted-visibility topic tags could be obtained by unauthorized users. The issue is patched in version 3.0.6 of the stab...