Google Takes Down Influence Campaigns Tied to China, Indonesia, and Russia
Google has revealed that it took down 1,320 YouTube channels and 1,177 Blogger blogs as part of a coordinated influence operation connected to the People's Republic of China (PRC). "The coordinated inauthentic network uploaded content in Chinese and English about China and U.S. foreign affairs,"...
7AI Score
Bypassing 2FA with phishing and OTP bots
Introduction Two-factor authentication (2FA) is a security feature we have come to expect as standard by 2024. Most of today's websites offer some form of it, and some of them won't even let you use their service until you enable 2FA. Individual countries have adopted laws that require certain...
7.2AI Score
Improper Enforcement Of Behavioral Workflow
aimeos/ai-client-html is vulnerable to Improper enforcement of behavioral workflow. The vulnerability is due to an issue where digital downloads sold in online shops can be accessed without valid payment, for instance, if the payment process fails. This could allow attackers to obtain digital...
6.9AI Score
lunary-ai/lunary Access Control Vulnerability in Prompt Variation Management
In lunary-ai/lunary version 1.2.13, an insufficient granularity of access control vulnerability allows users to create, update, get, and delete prompt variations for datasets not owned by their organization. This issue arises due to the application not properly validating the ownership of dataset.....
8.1CVSS
6.8AI Score
0.001EPSS
lunary-ai/lunary Access Control Vulnerability in Prompt Variation Management
In lunary-ai/lunary version 1.2.13, an insufficient granularity of access control vulnerability allows users to create, update, get, and delete prompt variations for datasets not owned by their organization. This issue arises due to the application not properly validating the ownership of dataset.....
8.1CVSS
6.8AI Score
0.001EPSS
Langflow through 0.6.19 allows remote code execution if untrusted users are able to reach the "POST /api/v1/custom_component" endpoint and provide a Python...
0.001EPSS
This Week in Spring - June 11th, 2024
This Week in Spring - June 10th, 2024 Hi, Spring fans! Welcome to another installment of This Week in Spring! I'm in Paris, France, to talk to organizations using and working with Spring. Then, next week, it's off to Krakow, Poland, for the amazing Devoxx PL event! I can't wait. If you're around,.....
7AI Score
Langflow through 0.6.19 allows remote code execution if untrusted users are able to reach the "POST /api/v1/custom_component" endpoint and provide a Python...
7.8AI Score
0.001EPSS
In lunary-ai/lunary version 1.2.13, an insufficient granularity of access control vulnerability allows users to create, update, get, and delete prompt variations for datasets not owned by their organization. This issue arises due to the application not properly validating the ownership of dataset.....
8.1CVSS
0.001EPSS
In lunary-ai/lunary version 1.2.13, an insufficient granularity of access control vulnerability allows users to create, update, get, and delete prompt variations for datasets not owned by their organization. This issue arises due to the application not properly validating the ownership of dataset.....
8.1CVSS
9.2AI Score
0.001EPSS
CVE-2024-5389 Insufficient Access Control in lunary-ai/lunary
In lunary-ai/lunary version 1.2.13, an insufficient granularity of access control vulnerability allows users to create, update, get, and delete prompt variations for datasets not owned by their organization. This issue arises due to the application not properly validating the ownership of dataset.....
9.3CVSS
0.001EPSS
CVE-2024-5389 Insufficient Access Control in lunary-ai/lunary
In lunary-ai/lunary version 1.2.13, an insufficient granularity of access control vulnerability allows users to create, update, get, and delete prompt variations for datasets not owned by their organization. This issue arises due to the application not properly validating the ownership of dataset.....
9.3CVSS
6.8AI Score
0.001EPSS
Missing Authorization vulnerability in AutoWriter AI Post Generator | AutoWriter.This issue affects AI Post Generator | AutoWriter: from n/a through...
8.8CVSS
0.001EPSS
Missing Authorization vulnerability in AutoWriter AI Post Generator | AutoWriter.This issue affects AI Post Generator | AutoWriter: from n/a through...
8.8CVSS
5.5AI Score
0.001EPSS
Missing Authorization vulnerability in AutoWriter AI Post Generator | AutoWriter.This issue affects AI Post Generator | AutoWriter: from n/a through...
5.4CVSS
0.001EPSS
Missing Authorization vulnerability in AutoWriter AI Post Generator | AutoWriter.This issue affects AI Post Generator | AutoWriter: from n/a through...
5.4CVSS
7AI Score
0.001EPSS
Missing Authorization vulnerability in CodeRevolution Aiomatic.This issue affects Aiomatic: from n/a through...
4.3CVSS
0.0004EPSS
Missing Authorization vulnerability in CodeRevolution Aiomatic.This issue affects Aiomatic: from n/a through...
4.3CVSS
4.7AI Score
0.0004EPSS
CVE-2024-34435 WordPress Aiomatic plugin <= 1.9.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in CodeRevolution Aiomatic.This issue affects Aiomatic: from n/a through...
4.3CVSS
0.0004EPSS
CVE-2024-34435 WordPress Aiomatic plugin <= 1.9.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in CodeRevolution Aiomatic.This issue affects Aiomatic: from n/a through...
4.3CVSS
6.9AI Score
0.0004EPSS
Missing Authorization vulnerability in DELUCKS GmbH DELUCKS SEO.This issue affects DELUCKS SEO: from n/a through...
5.3CVSS
5.3AI Score
0.0004EPSS
Missing Authorization vulnerability in DELUCKS GmbH DELUCKS SEO.This issue affects DELUCKS SEO: from n/a through...
5.3CVSS
0.0004EPSS
CVE-2024-30538 WordPress DELUCKS SEO plugin <= 2.5.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in DELUCKS GmbH DELUCKS SEO.This issue affects DELUCKS SEO: from n/a through...
5.3CVSS
0.0004EPSS
lunary-ai/lunary allows users unauthorized access to projects
In lunary-ai/lunary version v1.2.13, an improper authorization vulnerability exists that allows unauthorized users to access and manipulate projects within an organization they should not have access to. Specifically, the vulnerability is located in the checkProjectAccess method within the...
9.8CVSS
9.4AI Score
0.0004EPSS
lunary-ai/lunary allows users unauthorized access to projects
In lunary-ai/lunary version v1.2.13, an improper authorization vulnerability exists that allows unauthorized users to access and manipulate projects within an organization they should not have access to. Specifically, the vulnerability is located in the checkProjectAccess method within the...
9.8CVSS
6.8AI Score
0.0004EPSS
In lunary-ai/lunary version v1.2.13, an improper authorization vulnerability exists that allows unauthorized users to access and manipulate projects within an organization they should not have access to. Specifically, the vulnerability is located in the checkProjectAccess method within the...
9.8CVSS
9.5AI Score
0.0004EPSS
In lunary-ai/lunary version v1.2.13, an improper authorization vulnerability exists that allows unauthorized users to access and manipulate projects within an organization they should not have access to. Specifically, the vulnerability is located in the checkProjectAccess method within the...
9.8CVSS
9.5AI Score
0.0004EPSS
In lunary-ai/lunary version v1.2.13, an improper authorization vulnerability exists that allows unauthorized users to access and manipulate projects within an organization they should not have access to. Specifically, the vulnerability is located in the checkProjectAccess method within the...
9.8CVSS
0.0004EPSS
CVE-2024-4146 Improper Authorization in lunary-ai/lunary
In lunary-ai/lunary version v1.2.13, an improper authorization vulnerability exists that allows unauthorized users to access and manipulate projects within an organization they should not have access to. Specifically, the vulnerability is located in the checkProjectAccess method within the...
9.8CVSS
0.0004EPSS
Microsoft Revamps Controversial AI-Powered Recall Feature Amid Privacy Concerns
Microsoft on Friday said it will disable its much-criticized artificial intelligence (AI)-powered Recall feature by default and make it an opt-in. Recall, currently in preview and coming exclusively to Copilot+ PCs on June 18, 2024, functions as an "explorable visual timeline" by capturing...
6.7AI Score
Microsoft Will Switch Off Recall by Default After Security Backlash
After weeks of withering criticism and exposed security flaws, Microsoft has vastly scaled back its ambitions for Recall, its AI-enabled silent recording feature, and added new privacy...
7.5AI Score
The AI Debate: Google's Guidelines, Meta's GDPR Dispute, Microsoft's Recall Backlash
Google is urging third-party Android app developers to incorporate generative artificial intelligence (GenAI) features in a responsible manner. The new guidance from the search and advertising giant is an effort to combat problematic content, including sexual content and hate speech, created...
7.2AI Score
Microsoft’s Recall Feature Is Even More Hackable Than You Thought
A new discovery that the AI-enabled feature’s historical data can be accessed even by hackers without administrator privileges only contributes to the growing sense that the feature is a “dumpster...
7.2AI Score
Fedora: Security Advisory for chromium (FEDORA-2024-bb52629e6c)
The remote host is missing an update for...
6.4AI Score
0.0004EPSS
Fedora: Security Advisory for chromium (FEDORA-2024-4e0ea1c22e)
The remote host is missing an update for...
6.4AI Score
0.0004EPSS
Fedora: Security Advisory for qt5-qtxmlpatterns (FEDORA-2024-2e27372d4c)
The remote host is missing an update for...
6.8AI Score
0.0004EPSS
Fedora: Security Advisory for chromium (FEDORA-2024-151b368efb)
The remote host is missing an update for...
8.8CVSS
8.7AI Score
0.003EPSS
Fedora: Security Advisory for chromium (FEDORA-2024-b5dd623284)
The remote host is missing an update for...
8.8CVSS
8.7AI Score
0.003EPSS
Server-Side Request Forgery in langchain
A Server-Side Request Forgery (SSRF) vulnerability exists in the Web Research Retriever component of langchain-ai/langchain version 0.1.5. The vulnerability arises because the Web Research Retriever does not restrict requests to remote internet addresses, allowing it to reach local addresses. This....
4.8CVSS
7.5AI Score
0.0004EPSS
Denial of service in langchain-community
Denial of service in SitemapLoader Document Loader in the langchain-community package, affecting versions below 0.2.5. The parse_sitemap method, responsible for parsing sitemaps and extracting URLs, lacks a mechanism to prevent infinite recursion when a sitemap URL refers to the current sitemap...
4.2CVSS
4.3AI Score
0.0004EPSS
Server-Side Request Forgery in langchain
A Server-Side Request Forgery (SSRF) vulnerability exists in the Web Research Retriever component of langchain-ai/langchain version 0.1.5. The vulnerability arises because the Web Research Retriever does not restrict requests to remote internet addresses, allowing it to reach local addresses. This....
4.8CVSS
5.6AI Score
0.0004EPSS
Denial of service in langchain-community
Denial of service in SitemapLoader Document Loader in the langchain-community package, affecting versions below 0.2.5. The parse_sitemap method, responsible for parsing sitemaps and extracting URLs, lacks a mechanism to prevent infinite recursion when a sitemap URL refers to the current sitemap...
4.2CVSS
4.3AI Score
0.0004EPSS
New EmailGPT Flaw Puts User Data at Risk: Remove the Extension NOW
Synopsys warns of a new prompt injection hack involving a security vulnerability in EmailGPT, a popular AI...
7.7AI Score
A vulnerability in the PyTorch's torch.distributed.rpc framework, specifically in versions prior to 2.2.2, allows for remote code execution (RCE). The framework, which is used in distributed training scenarios, does not properly verify the functions being called during RPC (Remote Procedure Call).....
10CVSS
0.0004EPSS
A vulnerability in the PyTorch's torch.distributed.rpc framework, specifically in versions prior to 2.2.2, allows for remote code execution (RCE). The framework, which is used in distributed training scenarios, does not properly verify the functions being called during RPC (Remote Procedure Call).....
10CVSS
9.9AI Score
0.0004EPSS
A vulnerability in the PyTorch's torch.distributed.rpc framework, specifically in versions prior to 2.2.2, allows for remote code execution (RCE). The framework, which is used in distributed training scenarios, does not properly verify the functions being called during RPC (Remote Procedure Call).....
10CVSS
8.6AI Score
0.0004EPSS
A Server-Side Request Forgery (SSRF) vulnerability exists in the lunary-ai/lunary application, specifically within the endpoint '/auth/saml/tto/download-idp-xml'. The vulnerability arises due to the application's failure to validate user-supplied URLs before using them in server-side requests. An.....
8.6CVSS
6.9AI Score
0.0004EPSS
A Server-Side Request Forgery (SSRF) vulnerability exists in the lunary-ai/lunary application, specifically within the endpoint '/auth/saml/tto/download-idp-xml'. The vulnerability arises due to the application's failure to validate user-supplied URLs before using them in server-side requests. An.....
8.6CVSS
0.0004EPSS
A Cross-site Scripting (XSS) vulnerability exists in the SAML metadata endpoint /auth/saml/${org?.id}/metadata of lunary-ai/lunary version 1.2.7. The vulnerability arises due to the application's failure to escape or validate the orgId parameter supplied by the user before incorporating it into...
7.4CVSS
6.4AI Score
0.0004EPSS
A Cross-site Scripting (XSS) vulnerability exists in the SAML metadata endpoint /auth/saml/${org?.id}/metadata of lunary-ai/lunary version 1.2.7. The vulnerability arises due to the application's failure to escape or validate the orgId parameter supplied by the user before incorporating it into...
7.4CVSS
0.0004EPSS