Lucene search
K

5 matches found

Packet Storm News
Packet Storm News
added 2026/04/05 12:0 a.m.6 views

LLM-Enabled Open-Source Systems in the Wild: An Empirical Study of Vulnerabilities in GitHub Security Advisories

Large language models LLMs are increasingly embedded in open-source software OSS ecosystems, creating complex interactions among natural language prompts, probabilistic model outputs, and execution-capable components. However, it remains unclear whether traditional vulnerability disclosure...

6AI score
Exploits0
OSV
OSV
added 2025/03/14 7:55 p.m.8 views

GHSA-R8GC-QC2C-C7VH Post-Quantum Secure Feldman's Verifiable Secret Sharing has Inadequate Fault Injection Countermeasures in `secure_redundant_execution`

Description: The secureredundantexecution function in feldmanvss.py attempts to mitigate fault injection attacks by executing a function multiple times and comparing results. However, several critical weaknesses exist: 1. Python's execution environment cannot guarantee true isolation between...

5.4CVSS6.7AI score0.00178EPSS
Exploits0References5
OSV
OSV
added 2024/11/18 11:48 p.m.8 views

GHSA-G85V-WF27-67XC Harden-Runner has a command injection weaknesses in `setup.ts` and `arc-runner.ts`

Summary Versions of step-security/harden-runner prior to v2.10.2 contain multiple command injection weaknesses via environment variables that could potentially be exploited under specific conditions. However, due to the current execution order of pre-steps in GitHub Actions and the placement of...

8.8CVSS6.8AI score0.02684EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2024/11/18 11:48 p.m.36 views

Harden-Runner has a command injection weaknesses in `setup.ts` and `arc-runner.ts`

Summary Versions of step-security/harden-runner prior to v2.10.2 contain multiple command injection weaknesses via environment variables that could potentially be exploited under specific conditions. However, due to the current execution order of pre-steps in GitHub Actions and the placement of...

8.8CVSS7.4AI score0.02684EPSS
Exploits0References10Affected Software1
Wallarm Lab
Wallarm Lab
added 2022/11/10 1:0 p.m.23 views

Q3-2022 API ThreatStats™ Report

The latest quarterly review and analysis of API vulnerabilities and exploits is in. Our initial take had us thinking it was smooth sailing for the state of API vulnerabilities in Q3—or was it just a lull in the storm? As it turns out, it’s neither. Read on to learn more about Wallarm’s analysis o...

7.6AI score
Exploits0
Rows per page
Query Builder