Lucene search
K

1534 matches found

CVE
CVE
added 2026/03/16 8:32 a.m.25 views

CVE-2026-4229

CVE-2026-4229 affects vanna-ai vanna up to version 2.0.2, specifically the function remove_training_data in src/vanna/legacy/google/bigquery_vector.py. The underlying issue is a manipulation of the argument ID that enables SQL injection, permitting a remote attacker to exploit the vulnerability. ...

7.5CVSS6.8AI score0.00254EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.5 views

PT-2026-25639

Name of the Vulnerable Software and Affected Versions vanna-ai vanna versions up to 2.0.2 Description A flaw exists in the remove training data function within the src/vanna/legacy/google/bigquery vector.py file. Manipulation of the ID argument can lead to SQL injection. This issue can be exploit...

7.5CVSS6.9AI score0.00254EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.7 views

Vanna SQL注入漏洞

Vanna is a personalized AI SQL proxy from Vanna Inc. Versions of Vanna 2.0.2 and earlier had an SQL injection vulnerability. This vulnerability stemmed from improper handling of the parameter ID in the function removetrainingdata located in the file src/vanna/legacy/google/bigqueryvector.py. An S...

7.5CVSS7.1AI score0.00254EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/03/12 2:55 p.m.130 views

binary-exploitation

binary-exploitation A collection of binary exploitation...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/12 12:0 a.m.2 views

Automatic Attack Script Generation: A MDA Approach

It is widely recognized that practical exercises are crucial for teaching cybersecurity in higher education. However, their setup is not only expensive, time-consuming, and prone to numerous errors, but also requires technical and programming skills to create attack contexts and scripts. To...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/11 12:0 a.m.3 views

Enhancing Network Intrusion Detection Systems: A Multi-Layer Ensemble Approach to Mitigate Adversarial Attacks

Adversarial examples can represent a serious threat to machine learning ML algorithms. If used to manipulate the behaviour of ML-based Network Intrusion Detection Systems NIDS, they can jeopardize network security. In this work, we aim to mitigate such risks by increasing the robustness of NIDS...

5.8AI score
Exploits0
HackRead
HackRead
added 2026/03/10 2:10 p.m.6 views

Study Finds ROME AI Agent Attempted Cryptomining Without Instructions

A recent research paper describing the training of an experimental AI agent has started a discussion after the…...

5.8AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/03/05 5:0 p.m.8 views

Women’s History Month: Encouraging women in cybersecurity at every career stage

Women’s History Month—and International Women’s Day on March 8, 2026—always gives me pause for reflection. It’s a moment to think about how far we’ve come and think about who we choose to uplift as we look ahead. Throughout my career, I’ve been inspired by extraordinary women leaders—trailblazers...

6AI score
Exploits0
NVD
NVD
added 2026/02/27 1:16 p.m.6 views

CVE-2025-11252

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Signum Technology Promotion and Training Inc. Windesk.Fm allows SQL Injection. This issue affects windesk.Fm: before v2.3.4. NOTE: The vendor patched the vulnerability after the CVE was published...

9.8CVSS0.00388EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/27 12:32 p.m.5 views

CVE-2025-11252

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Signum Technology Promotion and Training Inc. Windesk.Fm allows SQL Injection. This issue affects windesk.Fm: before v2.3.4. NOTE: The vendor patched the vulnerability after the CVE was published...

9.8CVSS5.8AI score0.00388EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.7 views

PT-2026-22336

Name of the Vulnerable Software and Affected Versions Signum Technology Promotion and Training Inc. Windesk.Fm versions through 27022026 Description An issue exists in Windesk.Fm that allows for SQL Injection. The issue is due to improper neutralization of special elements used in an SQL command...

9.8CVSS6AI score0.00388EPSS
Exploits0References7
Packet Storm News
Packet Storm News
added 2026/02/26 12:0 a.m.4 views

ThreatFormer-IDS: Robust Transformer Intrusion Detection with Zero-Day Generalization and Explainable Attribution

Intrusion detection in IoT and industrial networks requires models that can detect rare attacks at low false-positive rates while remaining reliable under evolving traffic and limited labels. Existing IDS solutions often report strong in-distribution accuracy, but they may degrade when evaluated ...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/02/25 12:1 p.m.6 views

Poisoning AI Training Data

All it takes to poison AI training data is to create a website: I spent 20 minutes writing an article on my personal website titled "The best tech journalists at eating hot dogs." Every word is a lie. I claimed without evidence that competitive hot-dog-eating is a popular hobby among tech reporte...

5.6AI score
Exploits0
NVD
NVD
added 2026/02/19 12:16 p.m.9 views

CVE-2025-9953

Authorization Bypass Through User-Controlled SQL Primary Key vulnerability in DATABASE Software Training Consulting Ltd. Databank Accreditation Software allows SQL Injection. This issue affects Databank Accreditation Software: before 2026/04...

9.8CVSS0.00344EPSS
Exploits0References2
CVE
CVE
added 2026/02/19 11:55 a.m.16 views

CVE-2025-9953

CVE-2025-9953 affects Databank Accreditation Software from DATABASE Software Training Consulting Ltd. The issue is an Authorization Bypass Through User-Controlled SQL Primary Key that enables SQL Injection. According to the description, the vulnerability involves SQL Injection via a user-controll...

9.8CVSS5.9AI score0.00344EPSS
Exploits0References2
Malwarebytes
Malwarebytes
added 2026/02/19 11:16 a.m.8 views

Meta patents AI that could keep you posting from beyond the grave

Tech bros have been wanting to become immortal for years. Until they get there, their fallback might be continuing to post nonsense on social media from the afterlife. On December 30, 2025, Meta was granted US patent 12513102B2: Simulation of a user of a social networking system using a language...

5.5AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.10 views

PT-2026-20834

Name of the Vulnerable Software and Affected Versions Databank Accreditation Software versions prior to 2026/04 Description An authorization bypass exists due to a user-controlled SQL primary key flaw. This allows an attacker to perform SQL injection, which can be used to bypass authorization...

9.8CVSS5.8AI score0.00344EPSS
Exploits0References9
Packet Storm News
Packet Storm News
added 2026/02/15 12:0 a.m.11 views

From SFT to RL: Demystifying the Post-Training Pipeline for LLM-Based Vulnerability Detection

The integration of LLMs into vulnerability detection VD has shifted the field toward interpretable and context-aware analysis. While post-training methods have shown promise in general coding tasks, their systematic application to VD remains underexplored. In this paper, we present the first...

5.6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/11 11:30 a.m.6 views

Exposed Training Open the Door for Crypto-Mining in Fortune 500 Cloud Environments

Intentionally vulnerable training applications are widely used for security education, internal testing, and product demonstrations. Tools such as OWASP Juice Shop, DVWA, Hackazon, and bWAPP are designed to be insecure by default, making them useful for learning how common attack techniques work ...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/02/11 12:0 a.m.4 views

GoodVibe: Security-By-Vibe for LLM-Based Code Generation

Large language models LLMs are increasingly used for code generation in fast, informal development workflows, often referred to as vibe coding, where speed and convenience are prioritized, and security requirements are rarely made explicit. In this setting, models frequently produce functionally...

5.7AI score
Exploits0
Rows per page
Query Builder