225 matches found
CVE-2025-51480
Path Traversal vulnerability in onnx.externaldatahelper.saveexternaldata in ONNX 1.17.0 allows attackers to overwrite arbitrary files by supplying crafted externaldata.location paths containing traversal sequences, bypassing intended directory restrictions...
The vulnerability of BitLocker’s data protection function in the Microsoft Windows operating system allows attackers to circumvent existing security restrictions.
The vulnerability of BitLocker’s data protection function in the Microsoft Windows operating system relates to the loading of unreliable external data alongside reliable data. Exploiting this vulnerability could allow an attacker to circumvent existing security restrictions...
The vulnerability of the software client service for Cisco WebEx Meetings allows a perpetrator to compromise the integrity of the protected information.
The vulnerability of Cisco Webex Meetings software client services relates to the loading of unreliable external data alongside reliable data. Exploiting this vulnerability allows a malicious actor to compromise the integrity of protected information...
The vulnerability of the UrlMon component in Windows operating systems allows attackers to circumvent existing security restrictions.
The vulnerability of the UrlMon component in Windows operating systems relates to the loading of unreliable external data alongside reliable data. Exploiting this vulnerability allows a malicious actor to circumvent existing security restrictions remotely...
Defending against Indirect Prompt Injection by Instruction Detection
The integration of Large Language Models LLMs with external sources is becoming increasingly common, with Retrieval-Augmented Generation RAG being a prominent example. However, this integration introduces vulnerabilities of Indirect Prompt Injection IPI attacks, where hidden instructions embedded...
Enhancing Vulnerability Reports with Automated and Augmented Description Summarization
Public vulnerability databases, such as the National Vulnerability Database NVD, document vulnerabilities and facilitate threat information sharing. However, they often suffer from short descriptions and outdated or insufficient information. In this paper, we introduce Zad, a system designed to...
The vulnerability of Microsoft Office, Word, and 365 Apps for Enterprise packages lies in the fact that they allow the loading of unreliable external data alongside reliable data. This allows attackers to circumvent existing security restrictions.
The vulnerability of Microsoft Office, Word, and 365 Apps for Enterprise packages lies in the loading of unreliable external data alongside reliable data. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions remotely...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via Service Call functionality. A user with sufficient privileges to create Kyverno policies can expose all data from a Kubernetes cluster using a malicious Kyverno policy that makes external service cal...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via Service Call functionality. A user with sufficient privileges to create Kyverno policies can expose all data from a Kubernetes cluster using a malicious Kyverno policy that makes external service cal...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via Service Call functionality. A user with sufficient privileges to create Kyverno policies can expose all data from a Kubernetes cluster using a malicious Kyverno policy that makes external service cal...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via Service Call functionality. A user with sufficient privileges to create Kyverno policies can expose all data from a Kubernetes cluster using a malicious Kyverno policy that makes external service cal...
HTTP Request Smuggling
Overview Affected versions of this package are vulnerable to HTTP Request Smuggling when processing queries. An attacker can smuggle another query packet into the connection stream by using a large, uncompressed malicious external data. Note: This is only exploitable if the attacker controls the...
SUSE CVE-2025-1386
When using the ch-go library, under a specific condition when the query includes a large, uncompressed malicious external data, it is possible for an attacker in control of such data to smuggle another query packet into the connection stream...
CVE-2025-1386
When using the ch-go library, under a specific condition when the query includes a large, uncompressed malicious external data, it is possible for an attacker in control of such data to smuggle another query packet into the connection stream...
CVE-2025-1386 Query smuggling in ch-go library
When using the ch-go library, under a specific condition when the query includes a large, uncompressed malicious external data, it is possible for an attacker in control of such data to smuggle another query packet into the connection stream...
CVE-2025-1386 Query smuggling in ch-go library
When using the ch-go library, under a specific condition when the query includes a large, uncompressed malicious external data, it is possible for an attacker in control of such data to smuggle another query packet into the connection stream...
CVE-2025-1386
CVE-2025-1386 concerns the ch-go library from github.com/ClickHouse/ch-go. The issue is a vulnerability in which, under a specific condition where a query includes large, uncompressed external data, an attacker who controls that data can smuggle another query packet into the same connection strea...
ClickHouse 环境问题漏洞
ClickHouse is a ClickHouse open source one of the fastest and most resource efficient open source databases for real-time applications and analytics. A security vulnerability exists in ClickHouse that originates when a query contains large uncompressed malicious external data, which allows an...
The vulnerability of the Untrusted Project Mode feature in the JetBrains WebStorm integrated development environment allows a hacker to execute arbitrary code.
The vulnerability of the Untrusted Project Mode feature in the JetBrains WebStorm integrated development environment involves loading unreliable external data alongside reliable data. Exploiting this vulnerability allows an attacker to execute arbitrary code...
GHSA-R4V4-W9PV-6FPH OpenStack Cinder, Glance, and Nova vulnerable to arbitrary file access
An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to...