PT-2024-37546 · Stitionai +1 · Devika +1

Name of the Vulnerable Software and Affected Versions: stitionai/devika main branch as of commit cdfb782b0e634b773b10963c8034dc9207ba1f9f stitionai/devika up to version 1.0 Description: The issue concerns a Local File Read LFI vulnerability by Prompt Injection. It is caused by the integration of...

Gen Z breakups tainted by login abuse for spying and stalking, research shows

Breaking up is hard to do, but for younger Americans today, ending a romantic relationship requires more than a heart-to-heart conversation—it could also require protection against follow-on invasions of online privacy and security. According to a new analysis of research released earlier this...

MAL-2024-7142 Malicious code in @zitterorg/corporis-sit (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5e36f0a98dd5c0f7365932cf4eb944a50b21c8387e6130233e4bdda963ea6a81 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

AI jailbreaks: What they are and how they can be mitigated

Generative AI systems are made up of multiple components that interact to provide a rich user experience between the human and the AI models. As part of a responsible AI approach, AI models are protected by layers of defense mechanisms to prevent the production of harmful content or being used to...

harm-lessindiana.org Cross Site Scripting vulnerability OBB-3904018

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

GHSA-W4X6-HH3X-WJRX Stale copy of the public suffix list

We have identified that this project contains an out-of-date version of the Public Suffix List https://publicsuffix.org/. We are carrying out research to identify the potential impacts of using old versions of the Public Suffix List, and we intend to publish our results in academic conferences an...

What Is The Cyber Kill Chain? Process & Model

Grasping the Fundamentals: A Study of the Cyber Harm Ladder Navigating the multifaceted universe of cybersecurity is similar to solving an evolving labyrinth. This world is awash with intricate principles and techniques; with the Cyber Harm Ladder gaining increasing focus in recent times. But, wh...

The vulnerability of the `_bfd_coff_read_string_table` function in the coffgen.c component of the GNU Binutils development environment allows a hacker to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the bfdcoffreadstringtable function in the coffgen.c component of the GNU Binutils development environment is related to the execution of operations outside the buffer. Exploiting this vulnerability allows an attacker to gain access to confidential data, compromise its...

Experts Warn of Severe Flaws Affecting Milesight Routers and Titan SFTP Servers

A severity flaw impacting industrial cellular routers from Milesight may have been actively exploited in real-world attacks, new findings from VulnCheck reveal. Tracked as CVE-2023-43261 CVSS score: 7.5, the vulnerability has been described as a case of information disclosure that affects UR5X,...

CVE-2023-4581

The Mozilla Foundation Security Advisory describes this flaw as: Excel .xll add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm...

CVE-2023-4581

Excel .xll add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm. This vulnerability affects Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2...

Attacker can profitable trade with the pool

Lines of code Vulnerability details Impact The swap invariant used is unstable with large pool reserves locked. An attacker can generate a profit by trading with the pool, hurting Liquidity Providers. Proof of Concept To find some vulernable configurations we fuzzed the swap function of the Prote...

GHSA-HF7J-XJ3W-87G4 1Panel arbitrary file write vulnerability

Summary An arbitrary file write vulnerability could lead to direct control of the server Details Arbitrary file creation In the api/v1/file.go file, there is a function called SaveContentthat,It recieves JSON data sent by users in the form of a POST request. And the lack of parameter filtering...

Ransomware groups claim responsibility for double-attack on Yamaha

Music giant Yamahas Canadian division has experienced a compromise on two different fronts, both related to ransomware. In an attack which has worrying echoes of the recent Estee Lauder attack, multiple attackers have claimed to breach the organisation. Yamaha Canada Music had the following to sa...

The vulnerability of the drm_mode_setcrtc() function in the drivers/gpu/drm/drm_crtc.c file of the DRM driver for the Astra Linux Special Edition operating system allows a hacker to gain access to confidential data, compromise its integrity, and cause service failure.

The vulnerability of the drmmodesetcrtc function in the drivers/gpu/drm/drmcrtc.c file of the DRM driver for the Astra Linux Special Edition operating system is related to access and manipulation of dynamically allocated uninitialized memory. Exploiting this vulnerability could allow an attacker ...

On the Catastrophic Risk of AI

Earlier this week, I signed on to a short group statement, coordinated by the Center for AI Safety: Mitigating the risk of extinction from AI should be a global priority alongside other societal-scale risks such as pandemics and nuclear war. The press coverage has been extensive, and surprising t...

Inadequate checks for comptroller in PoolRegistry#addMarket allows malicious comptrollers to be added

Lines of code Vulnerability details Impact Malicious comptrollers will be available in the protocol Proof of Concept The addMarket function only checks that the input.comptroller is not the 0 address, but does not check if the comptroller was actually created by the PoolRegistry contract. A...

ChiKoi v1.0 - SQL Injection

Title: ChiKoi-1.0 SQLi Author: nu11secur1ty Date: 01.12.2023 Vendor: https://chikoiquan.tanhongit.com/ Software: https://github.com/tanhongit/new-mvc-shop/releases/tag/v1.0 Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/tanhongit/2023/ChiKoi Description: The...

ChiKoi 1.0 SQL Injection

Title: ChiKoi-1.0 SQLi Author: nu11secur1ty Date: 01.12.2023 Vendor: https://chikoiquan.tanhongit.com/ Software: https://github.com/tanhongit/new-mvc-shop/releases/tag/v1.0 Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/tanhongit/2023/ChiKoi Description: The...

XSS via upload pdf file

Description Hi there, It's my pleasure to submit a report to you again to maintain the safety of the project.Most users can upload files in the module named 'Resources' .We can upload pdf files.But uploading malicious pdf files will cause xss vulnerability which will cause great harm to users of...