6819 matches found
ElkArte 1.1.0 Cross Site Scripting
A cross site scripting vulnerability exists in ElkArte Forum version 1.1.0. The vulnerability allows remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...
TestLink 1.9.13 SQL Injection
A SQL injection vulnerability exists in TestLink version 1.9.13. The vulnerability allows remote attackers to execute arbitrary SQL commands and potentially compromise the database. This issue is older research added to the archive...
WordPress Blubrry PowerPress 6.0 Cross Site Scripting
A cross site scripting vulnerability exists in Blubrry PowerPress WordPress Plugin version 6.0. The vulnerability allows remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...
SpiderFoot 2.7.1 Cross Site Scripting
Multiple reflected cross site scripting vulnerabilities exist in SpiderFoot version 2.7.1. The vulnerabilities allow remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...
HTMLy Cross Site Scripting
A cross site scripting vulnerability exists in HTMLy CMS. The vulnerability allows remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...
Yii Framework 2.0.9 Reflected Cross Site Scripting
A reflected cross site scripting vulnerability exists in Yii Framework version 2.0.9 and earlier versions before 2.0.14. The vulnerability exists in the error handler component. This issue is older research added to the archive...
Eventum 3.3.4 Open Redirection
An open redirection vulnerability exists in Eventum Issue Tracker version 3.3.4. The vulnerability allows remote attackers to redirect users to arbitrary external websites. This issue is older research added to the archive...
miniBB 3.1 Cross Site Scripting
A cross site scripting vulnerability exists in miniBB Forum version 3.1. The vulnerability allows remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...
TWiki 6.0.1 Cross Site Scripting
A cross site scripting vulnerability exists in TWiki version 6.0.1 via the QUERYSTRING parameter. The vulnerability allows remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...
FreshRSS 1.11.1 Cross Site Scripting
Multiple cross site scripting vulnerabilities exist in FreshRSS version 1.11.1. The vulnerabilities allow remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...
SOPlanning 1.41 SQL Injection
A SQL injection vulnerability exists in SOPlanning version 1.41. The vulnerability allows remote attackers to execute arbitrary SQL commands and potentially compromise the database. This issue is older research added to the archive...
Openbiz Cubi SQL Injection
Multiple SQL injection vulnerabilities exist in Openbiz Cubi. These vulnerabilities allow remote attackers to execute arbitrary SQL commands and potentially compromise the entire database. This issue is older research added to the archive...
Openbiz Cubi Cross Site Scripting
Multiple cross site scripting vulnerabilities exist in Openbiz Cubi. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...
TikiWiki 17.1 Cross Site Scripting
A cross site scripting vulnerability exists in TikiWiki CMS version 17.1. The vulnerability allows remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...
e107 2.0 Cross Site Scripting / SQL Injection
Multiple vulnerabilities including cross site scripting and SQL injection exist in e107 CMS version 2.0. These vulnerabilities allow remote attackers to execute malicious scripts and SQL commands. This issue is older research added to the archive...
OSSEC HIDS 4.0.0
OSSEC is a full platform to monitor and control your systems. It mixes together all the aspects of HIDS host-based intrusion detection, log monitoring and SIM/SIEM together in a simple, powerful and open source solution. This is the source code release...
IlchCMS 2.1.37 Cross Site Scripting
A cross site scripting vulnerability exists in IlchCMS version 2.1.37. The vulnerability allows remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...
SMCP: Secure Model Context Protocol
Agentic AI systems built around large language models LLMs are moving away from closed, single-model frameworks and toward open ecosystems that connect a variety of agents, external tools, and resources. The Model Context Protocol MCP has emerged as a standard to unify tool access, allowing agent...
To Defend against Cyber Attacks, We Must Teach AI Agents to Hack
For over a decade, cybersecurity has relied on human labor scarcity to limit attackers to high-value targets manually or generic automated attacks at scale. Building sophisticated exploits requires deep expertise and manual effort, leading defenders to assume adversaries cannot afford tailored...
Sleep Reveals the Nonce: Breaking ECDSA Using Sleep-Based Power Side-Channel Vulnerability
Security of Elliptic Curve Digital Signature Algorithm ECDSA depends on the secrecy of the per-signature nonce. Even partial nonce leakage can expose the long-term private key through lattice-based cryptanalysis. In this paper, we introduce a previously unexplored power side-channel vulnerability...
HACK NDSU: A Real-World Event to Promote Student Interest in Cybersecurity
Hack NDSU let students scan, probe, and hack North Dakota State University's campus network, under professionals' supervision, providing an aspirational experience, potentially motivating them to enter the field. This paper provides a blueprint for educational hacking events against production...
DuoLungo: Usability Study of Duo 2FA
Multi-Factor Authentication MFA enhances login security by requiring multiple authentication factors. Its adoption has increased in response to more frequent and sophisticated attacks. Duo is widely used by organizations including Fortune 500 companies and major educational institutions, yet its...
From Detection to Prevention: Explaining Security-Critical Code to Avoid Vulnerabilities
Security vulnerabilities often arise unintentionally during development due to a lack of security expertise and code complexity. Traditional tools, such as static and dynamic analysis, detect vulnerabilities only after they are introduced in code, leading to costly remediation. This work explores...
Jailbreaking LLMs Via Calibration
Safety alignment in Large Language Models LLMs often creates a systematic discrepancy between a model's aligned output and the underlying pre-aligned data distribution. We propose a framework in which the effect of safety alignment on next-token prediction is modeled as a systematic distortion of...
Zeek 8.0.6
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek ha...
Windows Registry Run Persistence
This Metasploit module is a Windows persistence module designed to maintain access to a compromised system after a successful exploitation and an active Meterpreter session has been obtained...
CISA: Assembling a Multi-Disciplinary Insider Threat Management Team
In CISA's continuing work to strengthen infrastructure security, the Assembling a Multi-Disciplinary Insider Threat Management Team infographic aims to enhance the awareness of critical infrastructure stakeholders regarding insider threats, the potential damage they can inflict, and the steps...
SpyDir: Spy Device Localization through Accurate Direction Finding
Hidden spy cameras have become a great privacy threat recently, as these low-cost, low-power, and small form-factor IoT devices can quietly monitor human activities in the indoor environment without generating any side-channel information. As such, it is difficult to detect and even more...
Secure Integrated Sensing and Communication against Communication and Sensing Eavesdropping
Sensing privacy and communication confidentiality play fundamentally different but interconnected roles in adversarial wireless environments. Capturing this interplay within a single physical-layer framework is particularly challenging in integrated sensing and communication ISAC systems, where t...
Evaluating Large Language Models for Security Bug Report Prediction
Early detection of security bug reports SBRs is critical for timely vulnerability mitigation. We present an evaluation of prompt-based engineering and fine-tuning approaches for predicting SBRs using Large Language Models LLMs. Our findings reveal a distinct trade-off between the two approaches...
ICA Foreign Threats to the 2020 US Federal Elections
This is the originally publicly disclosed government document titled Foreign Threats to the 2020 US Federal Elections. This document is a declassified version of a classified report. The analytic judgments outlined here are identical to those in the classified version, but this declassified...
Now You Hear Me: Audio Narrative Attacks against Large Audio-Language Models
Large audio-language models increasingly operate on raw speech inputs, enabling more seamless integration across domains such as voice assistants, education, and clinical triage. This transition, however, introduces a distinct class of vulnerabilities that remain largely uncharacterized. We exami...
Human-Centered Explainability in AI-Enhanced UI Security Interfaces: Designing Trustworthy Copilots for Cybersecurity Analysts
Artificial intelligence AI copilots are increasingly integrated into enterprise cybersecurity platforms to assist analysts in threat detection, triage, and remediation. However, the effectiveness of these systems depends not only on the accuracy of underlying models but also on the degree to whic...
WiFiPenTester: Advancing Wireless Ethical Hacking with Governed GenAI
Wireless ethical hacking relies heavily on skilled practitioners manually interpreting reconnaissance results and executing complex, time-sensitive sequences of commands to identify vulnerable targets, capture authentication handshakes, and assess password resilience; a process that is inherently...
Towards a Cognitive-Support Tool for Threat Hunters
Cybersecurity increasingly relies on threat hunters to proactively identify adversarial activity, yet the cognitive work underlying threat hunting remains underexplored or insufficiently supported by existing tools. Building on prior studies that examined how threat hunters construct and share...
Trojan-Resilient NTT: Protecting against Control Flow and Timing Faults on Reconfigurable Platforms
Number Theoretic Transform NTT is the most essential component for polynomial multiplications used in lattice-based Post-Quantum Cryptography PQC algorithms such as Kyber, Dilithium, NTRU etc. However, side-channel attacks SCA and hardware vulnerabilities in the form of hardware Trojans may alter...
RPP: A Certified Poisoned-Sample Detection Framework for Backdoor Attacks under Dataset Imbalance
Deep neural networks are highly susceptible to backdoor attacks, yet most defense methods to date rely on balanced data, overlooking the pervasive class imbalance in real-world scenarios that can amplify backdoor threats. This paper presents the first in-depth investigation of how the dataset...
Semantic-Aware Advanced Persistent Threat Detection Using Autoencoders on LLM-Encoded System Logs
Advanced Persistent Threats APTs are among the most challenging cyberattacks to detect. They are carried out by highly skilled attackers who carefully study their targets and operate in a stealthy, long-term manner. Because APTs exhibit "low-and-slow" behavior, traditional statistical methods and...
AEGIS: White-Box Attack Path Generation Using LLMs and Training Effectiveness Evaluation for Large-Scale Cyber Defence Exercises
Creating attack paths for cyber defence exercises requires substantial expert effort. Existing automation requires vulnerability graphs or exploit sets curated in advance, limiting where it can be applied. We present AEGIS, a system that generates attack paths using LLMs, white-box access, and...
Whispers of Wealth: Red-Teaming Google's Agent Payments Protocol Via Prompt Injection
Large language model LLM based agents are increasingly used to automate financial transactions, yet their reliance on contextual reasoning exposes payment systems to prompt-driven manipulation. The Agent Payments Protocol AP2 aims to secure agent-led purchases through cryptographically verifiable...
Semantics-Preserving Evasion of LLM Vulnerability Detectors
LLM-based vulnerability detectors are increasingly deployed in security-critical code review, yet their resilience to evasion under behavior-preserving edits remains poorly understood. We evaluate detection-time integrity under a semantics-preserving threat model by instantiating diverse...
The Semantic Trap: Do Fine-Tuned LLMs Learn Vulnerability Root Cause or Just Functional Pattern?
LLMs demonstrate promising performance in software vulnerability detection after fine-tuning. However, it remains unclear whether these gains reflect a genuine understanding of vulnerability root causes or merely an exploitation of functional patterns. In this paper, we identify a critical failur...
No More, No Less: Least-Privilege Language Models
Least privilege is a core security principle: grant each request only the minimum access needed to achieve its goal. Deployed language models almost never follow it, instead being exposed through a single API endpoint that serves all users and requests. This gap exists not because least privilege...
Rust and Go Directed Fuzzing with LibAFL-DiFuzz
In modern SSDLC, program analysis and automated testing are essential for minimizing vulnerabilities before software release, with fuzzing being a fast and widely used dynamic testing method. However, traditional coverage-guided fuzzing may be less effective in specific tasks like verifying stati...
PIDSMaker: Building and Evaluating Provenance-Based Intrusion Detection Systems
Recent provenance-based intrusion detection systems PIDSs have demonstrated strong potential for detecting advanced persistent threats APTs by applying machine learning to system provenance graphs. However, evaluating and comparing PIDSs remains difficult: prior work uses inconsistent preprocessi...
CERT.pl Energy Sector Incident 29 December
This is the official report from CERT.pl on the coordinated attacks against Poland's energy sector. These events affected both information systems IT and physical industrial equipment OT, which is rarely observed in attacks reported publicly to date...
Optimal Transport-Guided Adversarial Attacks on Graph Neural Network-Based Bot Detection
The rise of bot accounts on social media poses significant risks to public discourse. To address this threat, modern bot detectors increasingly rely on Graph Neural Networks GNNs. However, the effectiveness of these GNN-based detectors in real-world settings remains poorly understood. In practice...
Sifting the Noise: A Comparative Study of LLM Agents in Vulnerability False Positive Filtering
Static Application Security Testing SAST tools are essential for identifying software vulnerabilities, but they often produce a high volume of false positives FPs, imposing a substantial manual triage burden on developers. Recent advances in Large Language Model LLM agents offer a promising...
Okara: Detection and Attribution of TLS Man-In-The-Middle Vulnerabilities in Android Apps with Foundation Models
Transport Layer Security TLS is fundamental to secure online communication, yet vulnerabilities in certificate validation that enable Man-in-the-Middle MitM attacks remain a pervasive threat in Android apps. Existing detection tools are hampered by low-coverage UI interaction, costly...
From Similarity to Vulnerability: Key Collision Attack on LLM Semantic Caching
Semantic caching has emerged as a pivotal technique for scaling LLM applications, widely adopted by major providers including AWS and Microsoft. By utilizing semantic embedding vectors as cache keys, this mechanism effectively minimizes latency and redundant computation for semantically similar...