461 matches found
CVE-2025-8376
A vulnerability classified as critical has been found in code-projects Vehicle Management 1.0. Affected is an unknown function of the file /updatebal.php. The manipulation of the argument company leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed ...
CVE-2025-8322
creationtimestamp| type| source ---|---|--- 2025-07-30 07:07:27+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lv62qppgcw2l...
Exploit for CVE-2007-6750
ReconScan The purpose of this project is to develop scripts that can be useful in the pentesting workflow, be it for VulnHub VMs, CTFs, hands-on certificates, or real-world targets. The project currently consists of two major components: a script invoking and aggregating the results of existing...
curl: on the implications of permitting procedural culling
Good day. My name is Lorentso Youriévitch Bogdanov. It has come to my attention that you are in need of higher-quality code review. Rest assured that you are not alone in noticing a certain degree of brain-drain in this field. As you can perhaps imagine, the recent shortage of qualified hackers a...
GHSA-C4R9-R8FH-9VJ2
creationtimestamp| type| source ---|---|--- 2025-07-16 03:26:38+00:00| seen| https://gist.github.com/safer-bot/c2216b5d3e2d6726f802333827d83269 2025-07-16 03:58:10+00:00| seen| https://gist.github.com/safer-bot/f17dd9ec05eaa98cd94e7e32cd52f5f8 2025-07-16 05:00:07+00:00| seen|...
CVE-2025-50089
...
CVE-2025-50063
...
curl: HTTP Request Smuggling Vulnerability Analysis - cURL Security Report
HTTP Request Smuggling Vulnerability Report - cURL Summary: cURL does not explicitly reject HTTP requests that contain both Transfer-Encoding and Content-Length headers, which can lead to HTTP request smuggling vulnerabilities CWE-444 when the request passes through intermediary systems proxies,...
CVE-2025-47999
creationtimestamp| type| source ---|---|--- 2025-07-08 15:56:31+00:00| seen| https://www.thezdi.com/blog/2025/7/8/the-july-2025-security-update-review...
Exploit for Out-of-bounds Write in F5 Nginx
Disclosures Zero-day and N-day security vulnerability notes, analysis, and proof-of-concepts URL: https://github.com/badd1e/Disclosures List CVE-2009-2629: nginx http module Buffer Underflow Remote Code Execution Vulnerability Patch analysis, testcase, notes CVE-2013-0007: Microsoft XML Core...
CVE-2025-49321 WordPress Eventin plugin <= 4.0.28 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Arraytics Eventin wp-event-solution allows Reflected XSS.This issue affects Eventin: from n/a through = 4.0.28...
Towards Provable (In)Secure Model Weight Release Schemes
Recent secure weight release schemes claim to enable open-source model distribution while protecting model ownership and preventing misuse. However, these approaches lack rigorous security foundations and provide only informal security guarantees. Inspired by established works in cryptography, we...
LLM Embedding-Based Attribution (LEA): Quantifying Source Contributions to Generative Model'S Response for Vulnerability Analysis
Security vulnerabilities are rapidly increasing in frequency and complexity, creating a shifting threat landscape that challenges cybersecurity defenses. Large Language Models LLMs have been widely adopted for cybersecurity threat analysis. When querying LLMs, dealing with new, unseen...
chi Allows Host Header Injection which Leads to Open Redirect in RedirectSlashes
Summary The RedirectSlashes function in middleware/strip.go is vulnerable to host header injection which leads to open redirect. We consider this a lower-severity open redirect, as it can't be exploited from browsers or email clients requires manipulation of a Host header. Details The...
tidos-framework
The TIDoS Framework is an open-source, Python-based web application penetration testing framework. It is designed to cover various phases of a penetration test, including reconnaissance, scanning and enumeration, vulnerability analysis, and exploitation. The framework is built on top of the SQLit...
Ai-Driven Vulnerability Analysis in Smart Contracts: Trends, Challenges and Future Directions
Smart contracts, integral to blockchain ecosystems, enable decentralized applications to execute predefined operations without intermediaries. Their ability to enforce trustless interactions has made them a core component of platforms such as Ethereum. Vulnerabilities such as numerical overflows,...
Comprehensive Vulnerability Analysis Is Necessary for Trustworthy LLM-MAS
This paper argues that a comprehensive vulnerability analysis is essential for building trustworthy Large Language Model-based Multi-Agent Systems LLM-MAS. These systems, which consist of multiple LLM-powered agents working collaboratively, are increasingly deployed in high-stakes applications bu...
Potential Timing Side-Channel Vulnerability in vLLM’s Chunk-Based Prefix Caching
This issue arises from the prefix caching mechanism, which may expose the system to a timing side-channel attack. Description When a new prompt is processed, if the PageAttention mechanism finds a matching prefix chunk, the prefill process speeds up, which is reflected in the TTFT Time to First...
CVE-2025-0459
A vulnerability, which was classified as problematic, has been found in libretro RetroArch up to 1.19.1 on Windows. Affected by this issue is some unknown functionality in the library profapi.dll of the component Startup. The manipulation leads to untrusted search path. An attack has to be...
CVE-2024-52479
Cross-Site Request Forgery CSRF vulnerability in Astoundify Jobify jobify allows Cross Site Request Forgery.This issue affects Jobify: from n/a through 4.3.0...