Researchers left AI agents alone in a virtual town and watched it all unravel

Tech leaders have spent the past year telling everyone that AI agents are about to run financial systems, file your tax returns, and quietly buy your groceries. Just leave them alone, the rhetoric goes; they'll handle it. But a New York startup left ten of them alone in a virtual town for two...

Pretraining Data Exposure in Large Language Models: A Survey of Membership Inference, Data Contamination, and Security Implications

Large Language Models LLMs have become the predominant paradigm in NLP, advancing both research and industry. As model sizes and pretraining data grow, concerns about Pretraining Data Exposure PDE increase due to the scale and opacity of training datasets. PDE refers to determining whether specif...

WordPress plugin Ninja Tables – Easy Data Table Builder 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Evolver 安全漏洞

Evolver is an intelligent agent-based self-evolution tool developed by EvoMap. Versions of Evolver prior to 1.69.3 contained security vulnerabilities. These vulnerabilities were caused by a prototype contamination issue in the email storage module, which could allow attackers to modify the behavi...

Robust Semi-Supervised Temporal Intrusion Detection for Adversarial Cloud Networks

Cloud networks increasingly rely on machine learning based Network Intrusion Detection Systems to defend against evolving cyber threats. However, real-world deployments are challenged by limited labeled data, non-stationary traffic, and adaptive adversaries. While semi-supervised learning can...

wolfSSL 安全漏洞

wolfSSL CyaSSL is a small, portable embedded SSL programming library developed by the American company wolfSSL, aimed at developers working with embedded systems. There is a security vulnerability in wolfSSL: when restoring sessions from the cache, pointers in serialized session data are not...

SUSE CVE-2026-33028

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui application is vulnerable to a Race Condition. Due to the complete absence of synchronization mechanisms Mutex and non-atomic file writes, concurrent requests lead to the severe corruption of the prima...

nginx-ui has Race Condition that Leads to Persistent Data Corruption and Service Collapse

Summary The nginx-ui application is vulnerable to a Race Condition. Due to the complete absence of synchronization mechanisms Mutex and non-atomic file writes, concurrent requests lead to the severe corruption of the primary configuration file app.ini. This vulnerability results in a persistent...

Effect `AsyncLocalStorage` context lost/contaminated inside Effect fibers under concurrent load with RPC

Versions - effect: 3.19.15 - @effect/rpc: 0.72.1 - @effect/platform: 0.94.2 - Node.js: v22.20.0 - Vercel runtime with Fluid compute - Next.js: 16 App Router - @clerk/nextjs: 6.x Root cause Effect's MixedScheduler batches fiber continuations and drains them inside a single microtask or timer...

elysia 安全漏洞

Elysia is an open-source framework developed by Elysia. Versions of Elysia prior to 1.4.27 contained security vulnerabilities. These vulnerabilities stemmed from the possibility that Elysia cookies could be contaminated by prototype pollution, which could lead to security issues...

Apollo Federation 安全漏洞

Apollo Federation is an architecture in the Apollo community that combines APIs into a unified graph through declarative methods. Vulnerabilities exist in versions of Apollo Federation before 2.9.6, 2.10.5, 2.11.6, 2.12.3, and 2.13.2. These vulnerabilities stem from vulnerabilities in the query...

capnproto 环境问题漏洞

Capnproto is an open-source Proto serialization/RPC system—including core tools and C++ libraries. Versions of Capnproto prior to 1.4.0 contained environmental vulnerabilities. These vulnerabilities stemmed from the conversion of negative Content-Length values into unsigned numbers, which could...

set-in 安全漏洞

set-in is a JavaScript library developed by Mikey personally. Versions of set-in 2.0.1 to 2.0.5 had security vulnerabilities due to insufficient input validation. These vulnerabilities could allow for attacks through specially crafted input that contaminated the Object.prototype prototype, leadin...

SandboxJS 安全漏洞

SandboxJS is a security assessment tool developed by nyariv’s individual developer. Versions of SandboxJS prior to 0.8.29 contained a security vulnerability. This vulnerability stemmed from the use of hasOwnProperty to mask objects in the sandbox, allowing sandbox escape and disabling the prototy...

CVE-2020-24722

An issue was discovered in the GAEN aka Google/Apple Exposure Notifications protocol through 2020-10-05, as used in COVID-19 applications on Android and iOS. The encrypted metadata block with a TX value lacks a checksum, allowing bitflipping to amplify a contamination attack. This can cause...

carbone 安全漏洞

carbone is a report generator open-sourced by CarboneIO. A security vulnerability exists in carbone that stems from improper manipulation of the Formatter Handler component in the lib/input.js file, which could lead to a prototype contamination attack...

apidoc-core 安全漏洞

apidoc-core is an open source parser library from apiDoc. A security vulnerability exists in apidoc-core version 0.2.0 and later versions, which stems from prototype contamination and could lead to a denial of service or unexpected behavior by a remote attacker who modifies JavaScript object...

tRPC 安全漏洞

tRPC is a TypeScript framework for building type-safe APIs from the tRPC community. A security vulnerability exists in tRPC versions prior to 10.45.3 and prior to 11.8.0, which stems from a prototype contamination in the formDataToObject function that could lead to authorization bypass or denial ...

vuetify 安全漏洞

vuetify is a material component framework for Vue open-sourced by vuetify Germany. A security vulnerability exists in vuetify version 2.2.0-beta.2 through versions prior to 3.0.0-alpha.10, which stems from a prototype contamination in the Preset configuration, which could result in contaminating...

elysia 安全漏洞

elysia is a framework of elysia open source. A security vulnerability exists in elysia versions 1.4.0 through 1.4.16, which stems from a prototype contamination in the mergeDeep function that could lead to remote code execution...