Lucene search
K

310 matches found

CVE
CVE
added 2025/09/02 11:30 a.m.9 views

CVE-2025-52551

CVE-2025-52551 concerns Copeland E2 Facility Management Systems, where a proprietary protocol permits unauthenticated file operations on any file in the file system. The CVSS-based assessment in the initial record indicates a critical impact (high confidentiality, integrity, and availability impa...

9.3CVSS6.5AI score0.00324EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/02 12:0 a.m.5 views

Copeland E2 Facility Management Systems 安全漏洞

Copeland E2 Facility Management Systems is an industrial facility control system from Copeland Corporation. A security vulnerability exists in Copeland E2 Facility Management Systems that stems from improper handling of proprietary protocols, which could lead to unauthorized file manipulation...

9.3CVSS6.6AI score0.00324EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/02 12:0 a.m.5 views

PT-2025-35560

Name of the Vulnerable Software and Affected Versions: E2 Facility Management Systems affected versions not specified Description: E2 Facility Management Systems utilizes a proprietary protocol that permits unauthenticated file operations on any file within the file system. Recommendations: At th...

9.3CVSS6.3AI score0.00324EPSS
Exploits0References4
Packet Storm News
Packet Storm News
added 2025/08/16 12:0 a.m.5 views

Mitigating Jailbreaks with Intent-Aware LLMs

Despite extensive safety-tuning, large language models LLMs remain vulnerable to jailbreak attacks via adversarially crafted instructions, reflecting a persistent trade-off between safety and task performance. In this work, we propose Intent-FT, a simple and lightweight fine-tuning approach that...

7.2AI score
Exploits0
Hacker One
Hacker One
added 2025/08/05 6:23 p.m.14 views

AWS VDP: AWS | Self Registration Internal LibreChat : Access to internal/proprietary LLMs

Issue Summary A LibreChat endpoint/UI is found to be accessible to the public Internet, with self registration for any non AWS/Amazon Corporate domains enabled, allowing an attacker to use a ChatGPT like UI to access multiple public models Example : Claude with the API access it has enabled, as...

7.3AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/06/29 12:0 a.m.5 views

PT-2025-39733

Name of the Vulnerable Software and Affected Versions llama-index-core versions through 0.12.44 Description The software has an issue in the get cache dir function due to the use of a predictable, hardcoded directory path /tmp/llama index on Linux systems without sufficient security measures. Thi...

7.3CVSS7AI score0.00134EPSS
Exploits0References14
Redos
Redos
added 2025/06/16 12:0 a.m.3 views

ROS-20250616-11

A vulnerability in the Moodle virtual learning environment is related to insufficient protection of proprietary data. Exploitation of the vulnerability could allow an attacker acting remotely to disclose protected information. information Vulnerability of moodle virtual learning environment is...

7.5CVSS5.3AI score0.00337EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/24 3:59 p.m.16 views

CVE-2025-2506

When pglogical attempts to replicate data, it does not verify it is using a replication connection, which means a user with CONNECT access to a database configured for replication can execute the pglogical command to obtain read access to replicated tables. When pglogical runs it should verify it...

5.3CVSS7.1AI score0.00266EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:48 p.m.12 views

CVE-2022-29957

The Emerson DeltaV Distributed Control System DCS through 2022-04-29 mishandles authentication. It utilizes several proprietary protocols for a wide variety of functionality. These protocols include Firmware upgrade 18508/TCP, 18518/TCP; Plug-and-Play 18510/UDP; Hawk services 18507/UDP; Managemen...

7.8CVSS7AI score0.00212EPSS
Exploits0References1
CVE
CVE
added 2025/05/22 3:22 p.m.63 views

CVE-2025-2506

CVE-2025-2506 affects pglogical 3.x (proprietary to EDB) with integration into BDR/PGD 4/5. The issue arises when pglogical attempts replication without verifying it is on a replication connection, enabling a user with CONNECT on a replication-configured database to run pglogical commands and rea...

5.3CVSS5.4AI score0.00266EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/22 3:22 p.m.7 views

CVE-2025-2506

When pglogical attempts to replicate data, it does not verify it is using a replication connection, which means a user with CONNECT access to a database configured for replication can execute the pglogical command to obtain read access to replicated tables. When pglogical runs it should verify it...

5.3CVSS5.4AI score0.00266EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/22 3:22 p.m.16 views

CVE-2025-2506

When pglogical attempts to replicate data, it does not verify it is using a replication connection, which means a user with CONNECT access to a database configured for replication can execute the pglogical command to obtain read access to replicated tables. When pglogical runs it should verify it...

5.3CVSS0.00266EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2025/05/22 3:22 p.m.8 views

CVE-2025-2506

When pglogical attempts to replicate data, it does not verify it is using a replication connection, which means a user with CONNECT access to a database configured for replication can execute the pglogical command to obtain read access to replicated tables. When pglogical runs it should verify it...

5.3CVSS5.5AI score0.00266EPSS
Exploits0
CISA
CISA
added 2025/05/22 12:0 p.m.5 views

New Best Practices Guide for Securing AI Data Released

Today, CISA, the National Security Agency, the Federal Bureau of Investigation, and international partners released a joint Cybersecurity Information Sheet on AI Data Security: Best Practices for Securing Data Used to Train & Operate AI Systems. This information sheet highlights the critical role...

7.1AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 8:17 a.m.8 views

CVE-2019-14238

On STMicroelectronics STM32F7 devices, Proprietary Code Read Out Protection PCROP a software IP protection method can be defeated with a debug probe via the Instruction Tightly Coupled Memory ITCM bus...

6.6CVSS7.1AI score0.00401EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:29 a.m.5 views

CVE-2019-14236

On STMicroelectronics STM32L0, STM32L1, STM32L4, STM32F4, STM32F7, and STM32H7 devices, Proprietary Code Read Out Protection PCROP a software IP protection method can be defeated by observing CPU registers and the effect of code/instruction execution...

9.8CVSS7.1AI score0.02261EPSS
Exploits1References1
Wallarm Lab
Wallarm Lab
added 2025/05/15 6:31 a.m.14 views

Developer Leaks API Key for Private Tesla, SpaceX LLMs

In AI, as with so many advancing technologies, security often lags innovation. The xAI incident, during which a sensitive API key remained exposed for nearly two months, is a stark reminder of this disconnect. Such oversights not only jeopardize proprietary technologies but also highlight systemi...

7.7AI score
Exploits0
Github Security Blog
Github Security Blog
added 2025/03/20 12:32 p.m.11 views

TorchServe script references S3 bucket without ensuring ownership or confirming accessibility

In the latest version of pytorch/serve, the script 'uploadresultstos3.sh' references the S3 bucket 'benchmarkai-metrics-prod' without ensuring its ownership or confirming its accessibility. This could lead to potential security vulnerabilities or unauthorized access to the bucket if it is not...

6.3CVSS6.8AI score0.00362EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/20 10:10 a.m.6 views

CVE-2024-6577 Unclaimed S3 Bucket Usage in pytorch/serve

In the latest version of pytorch/serve, the script 'uploadresultstos3.sh' references the S3 bucket 'benchmarkai-metrics-prod' without ensuring its ownership or confirming its accessibility. This could lead to potential security vulnerabilities or unauthorized access to the bucket if it is not...

6.3CVSS6.5AI score0.00362EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/16 1:15 p.m.8 views

CVE-2025-27594

The device uses an unencrypted, proprietary protocol for communication. Through this protocol, configuration data is transmitted and device authentication is performed. An attacker can thereby intercept the authentication hash and use it to log into the device using a pass-the-hash attack...

7.5CVSS7.3AI score0.00434EPSS
Exploits0References9
Rows per page
Query Builder