1534 matches found
CVE-2026-4229
CVE-2026-4229 affects vanna-ai vanna up to version 2.0.2, specifically the function remove_training_data in src/vanna/legacy/google/bigquery_vector.py. The underlying issue is a manipulation of the argument ID that enables SQL injection, permitting a remote attacker to exploit the vulnerability. ...
PT-2026-25639
Name of the Vulnerable Software and Affected Versions vanna-ai vanna versions up to 2.0.2 Description A flaw exists in the remove training data function within the src/vanna/legacy/google/bigquery vector.py file. Manipulation of the ID argument can lead to SQL injection. This issue can be exploit...
Vanna SQL注入漏洞
Vanna is a personalized AI SQL proxy from Vanna Inc. Versions of Vanna 2.0.2 and earlier had an SQL injection vulnerability. This vulnerability stemmed from improper handling of the parameter ID in the function removetrainingdata located in the file src/vanna/legacy/google/bigqueryvector.py. An S...
binary-exploitation
binary-exploitation A collection of binary exploitation...
Automatic Attack Script Generation: A MDA Approach
It is widely recognized that practical exercises are crucial for teaching cybersecurity in higher education. However, their setup is not only expensive, time-consuming, and prone to numerous errors, but also requires technical and programming skills to create attack contexts and scripts. To...
Enhancing Network Intrusion Detection Systems: A Multi-Layer Ensemble Approach to Mitigate Adversarial Attacks
Adversarial examples can represent a serious threat to machine learning ML algorithms. If used to manipulate the behaviour of ML-based Network Intrusion Detection Systems NIDS, they can jeopardize network security. In this work, we aim to mitigate such risks by increasing the robustness of NIDS...
Study Finds ROME AI Agent Attempted Cryptomining Without Instructions
A recent research paper describing the training of an experimental AI agent has started a discussion after the…...
Women’s History Month: Encouraging women in cybersecurity at every career stage
Women’s History Month—and International Women’s Day on March 8, 2026—always gives me pause for reflection. It’s a moment to think about how far we’ve come and think about who we choose to uplift as we look ahead. Throughout my career, I’ve been inspired by extraordinary women leaders—trailblazers...
CVE-2025-11252
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Signum Technology Promotion and Training Inc. Windesk.Fm allows SQL Injection. This issue affects windesk.Fm: before v2.3.4. NOTE: The vendor patched the vulnerability after the CVE was published...
CVE-2025-11252
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Signum Technology Promotion and Training Inc. Windesk.Fm allows SQL Injection. This issue affects windesk.Fm: before v2.3.4. NOTE: The vendor patched the vulnerability after the CVE was published...
PT-2026-22336
Name of the Vulnerable Software and Affected Versions Signum Technology Promotion and Training Inc. Windesk.Fm versions through 27022026 Description An issue exists in Windesk.Fm that allows for SQL Injection. The issue is due to improper neutralization of special elements used in an SQL command...
ThreatFormer-IDS: Robust Transformer Intrusion Detection with Zero-Day Generalization and Explainable Attribution
Intrusion detection in IoT and industrial networks requires models that can detect rare attacks at low false-positive rates while remaining reliable under evolving traffic and limited labels. Existing IDS solutions often report strong in-distribution accuracy, but they may degrade when evaluated ...
Poisoning AI Training Data
All it takes to poison AI training data is to create a website: I spent 20 minutes writing an article on my personal website titled "The best tech journalists at eating hot dogs." Every word is a lie. I claimed without evidence that competitive hot-dog-eating is a popular hobby among tech reporte...
CVE-2025-9953
Authorization Bypass Through User-Controlled SQL Primary Key vulnerability in DATABASE Software Training Consulting Ltd. Databank Accreditation Software allows SQL Injection. This issue affects Databank Accreditation Software: before 2026/04...
CVE-2025-9953
CVE-2025-9953 affects Databank Accreditation Software from DATABASE Software Training Consulting Ltd. The issue is an Authorization Bypass Through User-Controlled SQL Primary Key that enables SQL Injection. According to the description, the vulnerability involves SQL Injection via a user-controll...
Meta patents AI that could keep you posting from beyond the grave
Tech bros have been wanting to become immortal for years. Until they get there, their fallback might be continuing to post nonsense on social media from the afterlife. On December 30, 2025, Meta was granted US patent 12513102B2: Simulation of a user of a social networking system using a language...
PT-2026-20834
Name of the Vulnerable Software and Affected Versions Databank Accreditation Software versions prior to 2026/04 Description An authorization bypass exists due to a user-controlled SQL primary key flaw. This allows an attacker to perform SQL injection, which can be used to bypass authorization...
From SFT to RL: Demystifying the Post-Training Pipeline for LLM-Based Vulnerability Detection
The integration of LLMs into vulnerability detection VD has shifted the field toward interpretable and context-aware analysis. While post-training methods have shown promise in general coding tasks, their systematic application to VD remains underexplored. In this paper, we present the first...
Exposed Training Open the Door for Crypto-Mining in Fortune 500 Cloud Environments
Intentionally vulnerable training applications are widely used for security education, internal testing, and product demonstrations. Tools such as OWASP Juice Shop, DVWA, Hackazon, and bWAPP are designed to be insecure by default, making them useful for learning how common attack techniques work ...
GoodVibe: Security-By-Vibe for LLM-Based Code Generation
Large language models LLMs are increasingly used for code generation in fast, informal development workflows, often referred to as vibe coding, where speed and convenience are prioritized, and security requirements are rarely made explicit. In this setting, models frequently produce functionally...