CVE-2025-6101

A vulnerability classified as critical has been found in letta-ai letta up to 0.4.1. Affected is the function functionmessage of the file letta/letta/interface.py. The manipulation of the argument functionname/functionargs leads to improper neutralization of directives in dynamically evaluated...

Eval Injection

Overview letta is a Create LLM agents with long-term memory and custom tools Affected versions of this package are vulnerable to Eval Injection via the functionmessage process. An attacker can execute arbitrary code by manipulating the functionname or functionargs arguments. Remediation There is ...

CVE-2024-29027

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 6.5.5 and 7.0.0-alpha.29, calling an invalid Parse Server Cloud Function name or Cloud Job name crashes the server and may allow for code injection, internal store manipulatio...

CVE-2021-26120

Smarty before 3.1.39 allows code injection via an unexpected function name after a function name= substring...

ReCopilot: Reverse Engineering Copilot in Binary Analysis

Binary analysis plays a pivotal role in security domains such as malware detection and vulnerability discovery, yet it remains labor-intensive and heavily reliant on expert knowledge. General-purpose large language models LLMs perform well in programming analysis on source code, while...

UBUNTU-CVE-2024-58100

In the Linux kernel, the following vulnerability has been resolved: bpf: check changespktdata property for extension programs When processing calls to global sub-programs, verifier decides whether to invalidate all packet pointers in current state depending on the changespktdata property of the...

An Empirical Study on the Effectiveness of Large Language Models for Binary Code Understanding

Binary code analysis plays a pivotal role in the field of software security and is widely used in tasks such as software maintenance, malware detection, software vulnerability discovery, patch analysis, etc. However, unlike source code, reverse engineers face significant challenges in understandi...

CVE-2025-28032

TOTOLINK A800R V4.1.2cu.5137B20200730, A810R V4.1.2cu.5182B20201026, A830R V4.1.2cu.5182B20201102, A950RG V4.1.2cu.5161B20200903, A3000RU V5.9c.5185B20201128, and A3100R V4.1.2cu.5247B20211129 contain a pre-auth buffer overflow vulnerability in the setNoticeCfg function through the IpForm paramet...

Malicious code in helper-function-name (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cf8d6cfb517715467379abc5d1adf9a80f10c786f6473f2d30c9961cba2445b3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

AZL-54804 CVE-2024-56657 affecting package kernel for versions less than 5.15.173.1-1

In the Linux kernel, the following vulnerability has been resolved: ALSA: control: Avoid WARN for symlink errors Using WARN for showing the error of symlink creations don't give more information than telling that something goes wrong, since the usual code path is a lregister callback from each...

CVE-2024-56657 ALSA: control: Avoid WARN() for symlink errors

In the Linux kernel, the following vulnerability has been resolved: ALSA: control: Avoid WARN for symlink errors Using WARN for showing the error of symlink creations don't give more information than telling that something goes wrong, since the usual code path is a lregister callback from each...

PT-2024-36966

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74 Description A vulnerability in the Linux kernel has been resolved, related to the ALSA control, where the use of WARN for showing symlink creation errors was downgraded to dev err to avoid confusing fuzzer...

VulnCheck KEV: CVE-2022-29078

The ejs aka Embedded JavaScript templates package 3.1.6 for Node.js allows server-side template injection in settingsview optionsoutputFunctionName. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command which is executed upon...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an information disclosure issue in the gpiodevicegetdesc function...

CVE-2024-26847

A flaw was found in the Linux Kernel. Wrong spelling in the RTAS function table can cause reverse lookups yo fail and warn 'unexpected failed lookup for token' due to function names being used for resetting TCE tables. Linux kernel errors are possible when lockdep is enabled or the RTAS tracepoin...

CVE-2024-26847

In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: use correct function name for resetting TCE tables The PAPR spec spells the function name as "ibm,reset-pe-dma-windows" but in practice firmware uses the singular form: "ibm,reset-pe-dma-window" in the device tree...

CVE-2024-26847

CVE-2024-26847 concerns the Linux kernel on POWER platforms where RTAS function names were spelled inconsistently. The PAPR-specified name is ibm,reset-pe-dma-windows, but firmware in practice used ibm,reset-pe-dma-window in the device tree. This mismatch caused reverse lookups (token -> name)...

CVE-2024-26847

In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: use correct function name for resetting TCE tables The PAPR spec spells the function name as "ibm,reset-pe-dma-windows" but in practice firmware uses the singular form: "ibm,reset-pe-dma-window" in the device tree...

Parse Server Injection Vulnerability

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. An injection vulnerability exists in Parse Server before 6.5.5, 7.0.0-alpha.29, which stems from the fact that a call to an invalid Parse Server Cloud Function name or Cloud Job name can cause...

chai (=4.0.0-canary.1), chai-project (=1.0.0) +2 more potentially affected by CVE-2023-43646 via get-func-name (>=1.0.0 <=2.0.0)

get-func-name NPM version =1.0.0, =1.0.1, =1.0.0, =1.0.4 Source cves: CVE-2023-43646 Source advisory: OSV:GHSA-4Q6P-R6V2-JVC5...