Everything You Wanted to Know about LLM-Based Vulnerability Detection but Were Afraid to Ask

Large Language Models are a promising tool for automated vulnerability detection, thanks to their success in code generation and repair. However, despite widespread adoption, a critical question remains: Are LLMs truly effective at detecting real-world vulnerabilities? Current evaluations, which...

MULTI-LF: a Unified Continuous Learning Framework for Real-Time DDoS Detection in Multi-Environment Networks

Detecting Distributed Denial of Service DDoS attacks in Multi-Environment M-En networks presents significant challenges due to diverse malicious traffic patterns and the evolving nature of cyber threats. Existing AI-based detection systems struggle to adapt to new attack strategies and lack...

X-Teaming: Multi-Turn Jailbreaks and Defenses with Adaptive Multi-Agents

Multi-turn interactions with language models LMs pose critical safety risks, as harmful intent can be strategically spread across exchanges. Yet, the vast majority of prior work has focused on single-turn safety, while adaptability and diversity remain among the key challenges of multi-turn...

CVE-2024-10272

lunary-ai/lunary is vulnerable to broken access control in the latest version. An attacker can view the content of any dataset without any kind of authorization by sending a GET request to the /v1/datasets endpoint without a valid authorization token...

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview gluoncv is a Gluon CV Toolkit Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip via the fromcsv function in ImageClassificationDataset. An attacker can overwrite files on the victim's system by using this function to extract maliciou...

PYSEC-2025-93

gaizhenbiao/chuanhuchatgpt version git d4ec6a3 is affected by a local file inclusion vulnerability due to the use of the gradio component gr.JSON, which has a known issue CVE-2024-4941. This vulnerability allows unauthenticated users to access arbitrary files on the server by uploading a speciall...

CVE-2024-10707

gaizhenbiao/chuanhuchatgpt version git d4ec6a3 is affected by a local file inclusion vulnerability due to the use of the gradio component gr.JSON, which has a known issue CVE-2024-4941. This vulnerability allows unauthenticated users to access arbitrary files on the server by uploading a speciall...

PYSEC-2025-93

gaizhenbiao/chuanhuchatgpt version git d4ec6a3 is affected by a local file inclusion vulnerability due to the use of the gradio component gr.JSON, which has a known issue CVE-2024-4941. This vulnerability allows unauthenticated users to access arbitrary files on the server by uploading a speciall...

CVE-2024-10272

lunary-ai/lunary is vulnerable to broken access control in the latest version. An attacker can view the content of any dataset without any kind of authorization by sending a GET request to the /v1/datasets endpoint without a valid authorization token...

CVE-2024-10272

lunary-ai/lunary is vulnerable to broken access control in the latest version. An attacker can view the content of any dataset without any kind of authorization by sending a GET request to the /v1/datasets endpoint without a valid authorization token...

CVE-2024-10272

The CVE-2024-10272 entry concerns lunary-ai/lunary with a broken access control flaw on the /v1/datasets endpoint. According to multiple sources, an attacker can view the content of any dataset without authorization by issuing a GET to /v1/datasets without a valid authorization token. The associa...

CVE-2024-12216

The CVE-2024-12216 issue affects dmlc/gluon-cv 0.10.0, specifically ImageClassificationDataset.from_csv(). The vulnerability arises because tar.gz files downloaded from URLs are extracted without proper sanitization, enabling TarSlip via path traversal or faked symlinks to overwrite arbitrary fil...

PT-2025-12033 · Lunary · Lunary

Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary version latest Description: The issue allows an attacker to view the content of any dataset without authorization by sending a GET request to the "/v1/datasets" endpoint without a valid authorization token. Recommendations: F...

PT-2025-12052

Name of the Vulnerable Software and Affected Versions: gaizhenbiao/chuanhuchatgpt version git d4ec6a3 Description: The issue is related to a local file inclusion vulnerability due to the use of the gradio component gr.JSON. This vulnerability allows unauthenticated users to access arbitrary files...

CVE-2025-1745

creationtimestamp| type| source ---|---|--- 2025-02-27 20:56:16+00:00| seen| https://t.me/cvedetector/19071 2025-08-22 14:52:22+00:00| seen| MISP/24306fae-b16b-4478-9297-d2973cdb583c...

CVE-2024-39272

A cross-site scripting xss vulnerability exists in the dataset upload functionality of ClearML Enterprise Server 3.22.5-1533. A specially crafted HTTP request can lead to an arbitrary html code. An attacker can send a series of HTTP requests to trigger this vulnerability...

CVE-2024-39272

A cross-site scripting xss vulnerability exists in the dataset upload functionality of ClearML Enterprise Server 3.22.5-1533. A specially crafted HTTP request can lead to an arbitrary html code. An attacker can send a series of HTTP requests to trigger this vulnerability...

CVE-2021-37650

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for tf.rawops.ExperimentalDatasetToTFRecord and tf.rawops.DatasetToTFRecord can trigger heap buffer overflow and segmentation fault. The implementation assumes that all records in the...

PT-2025-5836 · Unknown · Clearml Enterprise Server

Name of the Vulnerable Software and Affected Versions: ClearML Enterprise Server version 3.22.5-1533 Description: A cross-site scripting XSS issue exists in the dataset upload functionality. A specially crafted HTTP request can lead to arbitrary HTML code execution. An attacker can send a series ...

ClearML dataset upload XSS vulnerability

Talos Vulnerability Report TALOS-2024-2110 ClearML dataset upload XSS vulnerability February 6, 2025 CVE Number CVE-2024-39272 SUMMARY A cross-site scripting xss vulnerability exists in the dataset upload functionality of ClearML Enterprise Server 3.22.5-1533. A specially crafted HTTP request can...