310 matches found
CVE-2025-52551
CVE-2025-52551 concerns Copeland E2 Facility Management Systems, where a proprietary protocol permits unauthenticated file operations on any file in the file system. The CVSS-based assessment in the initial record indicates a critical impact (high confidentiality, integrity, and availability impa...
Copeland E2 Facility Management Systems 安全漏洞
Copeland E2 Facility Management Systems is an industrial facility control system from Copeland Corporation. A security vulnerability exists in Copeland E2 Facility Management Systems that stems from improper handling of proprietary protocols, which could lead to unauthorized file manipulation...
PT-2025-35560
Name of the Vulnerable Software and Affected Versions: E2 Facility Management Systems affected versions not specified Description: E2 Facility Management Systems utilizes a proprietary protocol that permits unauthenticated file operations on any file within the file system. Recommendations: At th...
Mitigating Jailbreaks with Intent-Aware LLMs
Despite extensive safety-tuning, large language models LLMs remain vulnerable to jailbreak attacks via adversarially crafted instructions, reflecting a persistent trade-off between safety and task performance. In this work, we propose Intent-FT, a simple and lightweight fine-tuning approach that...
AWS VDP: AWS | Self Registration Internal LibreChat : Access to internal/proprietary LLMs
Issue Summary A LibreChat endpoint/UI is found to be accessible to the public Internet, with self registration for any non AWS/Amazon Corporate domains enabled, allowing an attacker to use a ChatGPT like UI to access multiple public models Example : Claude with the API access it has enabled, as...
PT-2025-39733
Name of the Vulnerable Software and Affected Versions llama-index-core versions through 0.12.44 Description The software has an issue in the get cache dir function due to the use of a predictable, hardcoded directory path /tmp/llama index on Linux systems without sufficient security measures. Thi...
ROS-20250616-11
A vulnerability in the Moodle virtual learning environment is related to insufficient protection of proprietary data. Exploitation of the vulnerability could allow an attacker acting remotely to disclose protected information. information Vulnerability of moodle virtual learning environment is...
CVE-2025-2506
When pglogical attempts to replicate data, it does not verify it is using a replication connection, which means a user with CONNECT access to a database configured for replication can execute the pglogical command to obtain read access to replicated tables. When pglogical runs it should verify it...
CVE-2022-29957
The Emerson DeltaV Distributed Control System DCS through 2022-04-29 mishandles authentication. It utilizes several proprietary protocols for a wide variety of functionality. These protocols include Firmware upgrade 18508/TCP, 18518/TCP; Plug-and-Play 18510/UDP; Hawk services 18507/UDP; Managemen...
CVE-2025-2506
CVE-2025-2506 affects pglogical 3.x (proprietary to EDB) with integration into BDR/PGD 4/5. The issue arises when pglogical attempts replication without verifying it is on a replication connection, enabling a user with CONNECT on a replication-configured database to run pglogical commands and rea...
CVE-2025-2506
When pglogical attempts to replicate data, it does not verify it is using a replication connection, which means a user with CONNECT access to a database configured for replication can execute the pglogical command to obtain read access to replicated tables. When pglogical runs it should verify it...
CVE-2025-2506
When pglogical attempts to replicate data, it does not verify it is using a replication connection, which means a user with CONNECT access to a database configured for replication can execute the pglogical command to obtain read access to replicated tables. When pglogical runs it should verify it...
CVE-2025-2506
When pglogical attempts to replicate data, it does not verify it is using a replication connection, which means a user with CONNECT access to a database configured for replication can execute the pglogical command to obtain read access to replicated tables. When pglogical runs it should verify it...
New Best Practices Guide for Securing AI Data Released
Today, CISA, the National Security Agency, the Federal Bureau of Investigation, and international partners released a joint Cybersecurity Information Sheet on AI Data Security: Best Practices for Securing Data Used to Train & Operate AI Systems. This information sheet highlights the critical role...
CVE-2019-14238
On STMicroelectronics STM32F7 devices, Proprietary Code Read Out Protection PCROP a software IP protection method can be defeated with a debug probe via the Instruction Tightly Coupled Memory ITCM bus...
CVE-2019-14236
On STMicroelectronics STM32L0, STM32L1, STM32L4, STM32F4, STM32F7, and STM32H7 devices, Proprietary Code Read Out Protection PCROP a software IP protection method can be defeated by observing CPU registers and the effect of code/instruction execution...
Developer Leaks API Key for Private Tesla, SpaceX LLMs
In AI, as with so many advancing technologies, security often lags innovation. The xAI incident, during which a sensitive API key remained exposed for nearly two months, is a stark reminder of this disconnect. Such oversights not only jeopardize proprietary technologies but also highlight systemi...
TorchServe script references S3 bucket without ensuring ownership or confirming accessibility
In the latest version of pytorch/serve, the script 'uploadresultstos3.sh' references the S3 bucket 'benchmarkai-metrics-prod' without ensuring its ownership or confirming its accessibility. This could lead to potential security vulnerabilities or unauthorized access to the bucket if it is not...
CVE-2024-6577 Unclaimed S3 Bucket Usage in pytorch/serve
In the latest version of pytorch/serve, the script 'uploadresultstos3.sh' references the S3 bucket 'benchmarkai-metrics-prod' without ensuring its ownership or confirming its accessibility. This could lead to potential security vulnerabilities or unauthorized access to the bucket if it is not...
CVE-2025-27594
The device uses an unencrypted, proprietary protocol for communication. Through this protocol, configuration data is transmitted and device authentication is performed. An attacker can thereby intercept the authentication hash and use it to log into the device using a pass-the-hash attack...