EUVD-2023-2492

Malicious code in bioql PyPI...

EUVD-2024-1005

Malicious code in bioql PyPI...

EUVD-2022-7040

Malicious code in bioql PyPI...

EUVD-2025-20483

Malicious code in bioql PyPI...

EUVD-2023-0422

Malicious code in bioql PyPI...

EUVD-2023-41346

Malicious code in bioql PyPI...

EUVD-2022-6666

Malicious code in bioql PyPI...

EUVD-2022-39942

Malicious code in bioql PyPI...

EUVD-2022-29571

Malicious code in bioql PyPI...

EUVD-2021-29992

Malicious code in bioql PyPI...

External Data Extraction Attacks against Retrieval-Augmented Large Language Models

In recent years, RAG has emerged as a key paradigm for enhancing large language models LLMs. By integrating externally retrieved information, RAG alleviates issues like outdated knowledge and, crucially, insufficient domain expertise. While effective, RAG introduces new risks of external data...

CVE-2025-54811

OpenPLCV3 has a vulnerability in the enipThread function that occurs due to the lack of a return value. This leads to a crash when the server loop ends and execution hits an illegal ud2 instruction. This issue can be triggered remotely without authentication by starting the same server multiple...

SpecialFolderDatablock - Windows LNK File Special UNC Path NTLM Leak

This module creates a malicious Windows shortcut LNK file that specifies a special UNC path in SpecialFolderDatablock of Shell Link .LNK that can trigger an authentication attempt to a remote server. This can be used to harvest NTLM authentication credentials. When a victim browse to the location...

CVE-2025-9944 Professional Contact Form <= 1.0.0 - Cross-Site Request Forgery to Test Email Sending

The Professional Contact Form plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the watchforcontactformsubmit function. This makes it possible for unauthenticated attackers to trigg...

CVE-2025-9894

CVE-2025-9894 affects the Sync Feedly WordPress plugin (versions

CVE-2025-10778 Smartstore Gift Voucher confirm race condition

A vulnerability has been found in Smartstore up to 6.2.0. The affected element is an unknown function of the file /checkout/confirm/ of the component Gift Voucher Handler. The manipulation leads to race condition. The attack may be initiated remotely. The attack's complexity is rated as high. The...

Exploit for Improper Input Validation in Drupal

CVE-2018-7600 - Drupal 7 Remote Code Execution !Rusthttps:...

Temporal Logic-Based Multi-Vehicle Backdoor Attacks against Offline RL Agents in End-To-End Autonomous Driving

Assessing the safety of autonomous driving AD systems against security threats, particularly backdoor attacks, is a stepping stone for real-world deployment. However, existing works mainly focus on pixel-level triggers that are impractical to deploy in the real world. We address this gap by...

tracing/trigger: Fix to return error if failed to alloc snapshot

...

CVE-2025-10456 Bluetooth: Semi-Arbitrary ability to make the BLE Target send disconnection requests

A vulnerability was identified in the handling of Bluetooth Low Energy BLE fixed channels such as SMP or ATT. Specifically, an attacker could exploit a flaw that causes the BLE target i.e., the device under attack to attempt to disconnect a fixed channel, which is not allowed per the Bluetooth...