A malicious gguf model can lead to DoS due to unchecked null pointer dereference via network

This report is not public...

SSRF via POST /internal/models/download and GET /view REST APIs

This report is not public...

Stored XSS in Confluence Data Center and Server

This High severity Stored XSS vulnerability was introduced in version 3.0 of Confluence Data Center and Server. This Stored XSS vulnerability, with a CVSS Score of 8.1, allows an authenticated attacker to execute arbitrary HTML or JavaScript code on a victims browser which has high impact to...

Theft of CIA's "Vault Seven" Hacking Tools Due to Its Own Lousy Security

The Washington Post is reporting on an internal CIA report about its "Vault 7" security breach: The breach -- allegedly committed by a CIA employee -- was discovered a year after it happened, when the information was published by WikiLeaks, in March 2017. The anti-secrecy group dubbed the release...

Theft of CIA's 'Vault 7' Secrets Tied to 'Woefully Lax" Security

A just-released report on the 2016 Central Intelligence Agency CIA data breach, which led to the Vault 7 document dump on WikiLeaks, blames “woefully lax” security by the nation’s top spy agency. The conclusions were part of an internal 2017 Department of Justice DoJ report on the CIA breach. On...