CVE-2025-53002 LLaMA-Factory Remote Code Execution (RCE) Vulnerability

LLaMA-Factory is a tuning library for large language models. A remote code execution vulnerability was discovered in LLaMA-Factory versions up to and including 0.9.3 during the LLaMA-Factory training process. This vulnerability arises because the vheadfile is loaded without proper safeguards,...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel has a security vulnerability that can be exploited by attackers to cause a system crash...

BIT-MONGODB-2021-32039 MongoDB Extension for VS Code may unexpectedly store credentials locally in clear text

Users with appropriate file access may be able to access unencrypted user credentials saved by MongoDB Extension for VS Code in a binary file. These credentials may be used by malicious attackers to perform unauthorized actions. This vulnerability affects all MongoDB Extension for VS Code includi...

Use-After-Free

squid is vulnerable to Use-After-Free. The vulnerability occurs due to a HTTP Collapsed Forwarding configuration allowing malicious attackers to crash the Squid process, leading to a denial-of-service DoS...

Path Traversal

thunderbird is vulnerable to Path Traversal. This vulnerability arises due to an incorrect parsing of relative URLs starting with three slashes, enabling malicious attackers to inject "../" sequences and navigate outside the intended directory...

Use-After-Free

vim is vulnerable to Use-After-Free. The vulnerability occurs when closing windows due to a memory access issue resulting in malicious attackers being able to crash the application or potentially even gain control of the system...

QEMU Buffer Overflow Vulnerability (CNVD-2022-84156)

QEMU Quick Emulator is a set of emulation processor software by Fabrice Bellard, a French personal developer. The software is fast and cross-platform. QEMU suffers from a buffer overflow vulnerability that stems from a lack of validation of the input data size or length in the readerstrecord and...

GHSA-PJ2C-H76W-VV6F tiny-csrf has openly visible CSRF tokens

Impact Weak encryption on CSRF so tokens can be read by malicious attackers. Patches Problems have been patched as of v1.1.0 Workarounds Upgrade to v1.1.0 References https://cheatsheetseries.owasp.org/cheatsheets/Cross-SiteRequestForgeryPreventionCheatSheet.html For more information Submit an iss...

Google TensorFlow 安全漏洞

Tensorflow is an open source machine learning framework. a denial-of-access vulnerability exists in TensorFlow, which can be exploited by attackers to launch a denial-of-service attack against a target...

Insecure Session Management

pterodactyl/panel is vulnerable to insecure session management. The vulnerability exists in handle function in the AuthenticateKey.phpfile, allowing malicious attackers to compromises the API key generation and log in to the system...

CVE-2020-15208

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a DCHECK which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can...

March 2020 security updates are available

We have released the March security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide. The post March 2020...

March 2020 security updates are available

We have released the March security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide...

March 2020 security updates are available

We have released the March security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide...

January 2020 security updates are available!

We have released the January security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide. As a reminder,...

December 2019 security updates are available

We have released the December security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide. As a reminder,...

December 2019 security updates are available

We have released the December security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide. As a reminder,...

October 2019 security updates are available!

We have released the October security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide. As a reminder,...

October 2019 security updates are available!

We have released the October security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide. As a reminder,...

August 2019 Security Updates

We have released the August security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide. As a reminder, Windo...