Apple Vision Pro Vulnerability Exposed Virtual Keyboard Inputs to Attackers

Details have emerged about a now-patched security flaw impacting Apple's Vision Pro mixed reality headset that, if successfully exploited, could allow malicious attackers to infer data entered on the device's virtual keyboard. The attack, dubbed GAZEploit, has been assigned the CVE identifier...

Exploit for Code Injection in Sqlpad

CVE-2022-0944 Proof of concept exploit for SQLPad RCE CVE-2...

CVE-2024-25270

An issue in Mirapolis LMS 4.6.XX allows authenticated users to exploit an Insecure Direct Object Reference IDOR vulnerability by manipulating the ID parameter and increment STEP parameter, leading to the exposure of sensitive user data...

VulnCheck KEV: CVE-2024-8522

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'conlyfields' parameter of the /wp-json/learnpress/v1/courses REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of...

Mirapolis LMS 安全漏洞

Mirapolis LMS is a modern distance learning management system from Mirapolis. A security vulnerability exists in Mirapolis LMS 4.6.XX that stems from an insecure direct object reference IDOR that allows an authenticated user to expose sensitive user data by manipulating the ID parameter and...

CBL Mariner 2.0 Security Update: tensorflow (CVE-2023-33976)

The version of tensorflow installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-33976 advisory. - TensorFlow is an end-to-end open source platform for machine learning. arrayops.upperbound causes a...

Evaluating the Effectiveness of Reward Modeling of Generative AI Systems

New research evaluating the effectiveness of reward modeling during Reinforcement Learning from Human Feedback RLHF: "SEAL: Systematic Error Analysis for Value ALignment." The paper introduces quantitative metrics for evaluating the effectiveness of modeling and aligning human values: Abstract:...

KB5042215 - Description of the security update for SQL Server 2017 CU31: September 10, 2024

KB5042215 - Description of the security update for SQL Server 2017 CU31: September 10, 2024 Summary Known issues in this update Improvements and fixes included in this update How to obtain and install the update How to obtain or download the latest cumulative update package for Linux More...

CVE-2024-8585

Orca HCM from LEARNING DIGITA does not properly restrict a specific parameter of the file download functionality, allowing a remote attacker with regular privileges to download arbitrary system files...

CVE-2024-8585

Orca HCM from LEARNING DIGITA does not properly restrict a specific parameter of the file download functionality, allowing a remote attacker with regular privileges to download arbitrary system files...

CVE-2024-8584

Orca HCM from LEARNING DIGITAL has an Missing Authentication vulnerability, allowing unauthenticated remote attacker to exploit this functionality to create an account with administrator privilege and subsequently use it to log in...

CVE-2024-8584

Orca HCM from LEARNING DIGITAL has an Missing Authentication vulnerability, allowing unauthenticated remote attacker to exploit this functionality to create an account with administrator privilege and subsequently use it to log in...

CVE-2024-8585 LEARNING DIGITAL Orca HCM - Arbitrary File Download

Orca HCM from LEARNING DIGITA does not properly restrict a specific parameter of the file download functionality, allowing a remote attacker with regular privileges to download arbitrary system files...

CVE-2024-8584

CVE-2024-8584 affects Orca HCM by LEARNING DIGITAL and is described as a Missing Authentication vulnerability that allows an unauthenticated remote attacker to create an administrator account and log in. CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (base score 9.8) indicates a critical imp...

Learning Digital Orca HCM 访问控制错误漏洞

Learning Digital Orca HCM is a digital learning platform from China-based Learning Digital. An access control error vulnerability exists in Learning Digital Orca HCM prior to version 11.0, which arises from improperly restricting access to a specific feature, which could allow an unauthenticated,...

Division By Zero Error

TensorFlow is vulnerable to a division by zero error. The vulnerability is due to insufficient handling of cases where the input's fourth dimension is zero in the DepthwiseConv TFLite operator, which can allows to execution issues or crashes in machine learning models...

CVE-2024-43773

SQL Injection in download class learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote attackers to execute arbitrary SQL commands via the cstr parameter...

CVE-2024-43775 Huachu Easytest Online Learning Test Platform - SQL Injection

SQL Injection in search course titles function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the search parameter...

CVE-2024-43774 Huachu Easytest Online Learning Test Platform - SQL Injection

SQL Injection in download personal learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the uid parameter...

CVE-2024-43773 Huachu Easytest Online Learning Test Platform - SQL Injection

SQL Injection in download class learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote attackers to execute arbitrary SQL commands via the cstr parameter...