Open WebUI 访问控制错误漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Prior to Open WebUI 0.9.0, there was an access control vulnerability. This vulnerability stemmed from the /responses endpoint in the OpenAI router, which accepted any authenticated user and directly...

Information Exposure

org.springframework.ai, spring-ai-autoconfigure-model-transformers is vulnerable to information exposure. The vulnerability is due to improper isolation in a shared environment, which allows an attacker to access and retrieve the ONNX model used by the application...

From Model to Breach: Towards Actionable LLM-Generated Vulnerabilities Reporting

As the role of Large Language Models LLM-based coding assistants in software development becomes more critical, so does the role of the bugs they generate in the overall cybersecurity landscape. While a number of LLM code security benchmarks have been proposed alongside approaches to improve the...

CVE-2020-12859

Unnecessary fields in the OpenTrace/BlueTrace protocol in COVIDSafe through v1.0.17 allow a remote attacker to identify a device model by observing cleartext payload data. This allows re-identification of devices, especially less common phone models or those in low-density situations...