Lucene search
K

12 matches found

Packet Storm News
Packet Storm News
added 2026/04/07 12:0 a.m.5 views

Swiss-Bench 003: Evaluating LLM Reliability and Adversarial Security for Swiss Regulatory Contexts

The deployment of large language models LLMs in Swiss financial and regulatory contexts demands empirical evidence of both production reliability and adversarial security, dimensions not jointly operationalized in existing Swiss-focused evaluation frameworks. This paper introduces Swiss-Bench 003...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/06 12:0 a.m.32 views

A Multi-Agent Framework for Automated Exploit Generation with Constraint-Guided Comprehension and Reflection

Open-source libraries are widely used in modern software development, introducing significant security vulnerabilities. While static analysis tools can identify potential vulnerabilities at scale, they often generate overwhelming reports with high false positive rates. Automated Exploit Generatio...

6.1AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-19740

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.0038EPSS
Exploits0References3
NVD
NVD
added 2025/07/02 4:15 p.m.8 views

CVE-2025-53358

kotaemon is an open-source RAG-based tool for document comprehension. From versions 0.10.6 and prior, in libs/ktem/ktem/index/file/ui.py, the indexfn method accepts both URLs and local file paths without validation. The pipeline streams these paths directly and stores them, enabling attackers to...

6.5CVSS0.0038EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/07/02 3:38 p.m.10 views

CVE-2025-53358 kotaemon Vulnerable to Path Traversal via Link Upload

kotaemon is an open-source RAG-based tool for document comprehension. From versions 0.10.6 and prior, in libs/ktem/ktem/index/file/ui.py, the indexfn method accepts both URLs and local file paths without validation. The pipeline streams these paths directly and stores them, enabling attackers to...

6.5CVSS0.0038EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/07/02 3:38 p.m.3 views

CVE-2025-53358 kotaemon Vulnerable to Path Traversal via Link Upload

kotaemon is an open-source RAG-based tool for document comprehension. From versions 0.10.6 and prior, in libs/ktem/ktem/index/file/ui.py, the indexfn method accepts both URLs and local file paths without validation. The pipeline streams these paths directly and stores them, enabling attackers to...

6.5CVSS6.9AI score0.0038EPSS
Exploits0References3
CVE
CVE
added 2025/07/02 3:38 p.m.21 views

CVE-2025-53358

Summary (CVE-2025-53358) : Kotaemon, an open‑source RAG-based document tool, is affected in versions up to 0.10.6. The function index_fn in libs/ktem/ktem/index/file/ui.py accepts both URLs and local file paths without validation, causing the pipeline to stream and store these paths. This enables...

6.5CVSS6.4AI score0.0038EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2025/05/26 12:0 a.m.5 views

Language of Network: a Generative Pre-Trained Model for Encrypted Traffic Comprehension

The increasing demand for privacy protection and security considerations leads to a significant rise in the proportion of encrypted network traffic. Since traffic content becomes unrecognizable after encryption, accurate analysis is challenging, making it difficult to classify applications and...

6.6AI score
Exploits0
The Hacker News
The Hacker News
added 2024/11/04 10:4 a.m.16 views

Google's AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine

Google said it discovered a zero-day vulnerability in the SQLite open-source database engine using its large language model LLM assisted framework called Big Sleep formerly Project Naptime. The tech giant described the development as the "first real-world vulnerability" uncovered using the...

7.9AI score
Exploits0
The Hacker News
The Hacker News
added 2024/06/24 3:3 p.m.45 views

Google Introduces Project Naptime for AI-Powered Vulnerability Research

Google has developed a new framework called Project Naptime that it says enables a large language model LLM to carry out vulnerability research with an aim to improve automated discovery approaches. "The Naptime architecture is centered around the interaction between an AI agent and a target...

8.3AI score
Exploits0
OSV
OSV
added 2022/05/10 8:4 a.m.41 views

RLSA-2022:1860 Moderate: maven:3.6 security and enhancement update

Maven is a software project management and comprehension tool. Based on the concept of a project object model POM, Maven can manage a project's build, reporting and documentation from a central piece of information. Security Fixes: apache-httpclient: incorrect handling of malformed authority...

5.3CVSS6AI score0.08665EPSS
Exploits1References3
ThreatPost
ThreatPost
added 2015/02/03 4:45 p.m.9 views

Google Trades Technicality for Brevity with New SSL Warning

Many users do not understand, let-alone listen to, browser-based SSL warnings. Google wants to change that and its newest browser warnings are based on years of interdisciplinary research about how human beings respond to warning signs. “Dissidents, drug dealers, and diplomats have one thing in...

6.6AI score
Exploits0References4
Rows per page
Query Builder