9 matches found
SkillGuard: A Permission Framework for Agent Skills
Agent skills extend LLM agents with reusable instructions, scripts, tool bindings, and contextual dependencies. However, current skill ecosystems largely rely on trust-based loading and static inspection, leaving a gap between what a skill can inject into an agent's context and what it can cause...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the incorrect labeling of the mtkgate structure in the Mediatek clock-gated driver as initconst...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the issue of reusing a freed link stream after the sndpcmdrain function in ALSA pcm is released...
Missing Authentication for Critical Function
Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the WHITELISTURLS configuration, which allows unauthenticated access to privileged endpoints under /api/v1/nvidia-nim/. An attacker can obtain valid NVIDIA A...
OpenClaw: Sandboxed sessions_spawn(runtime="acp") bypassed sandbox inheritance and allowed host ACP initialization
Summary Sandboxed sessionsspawnruntime="acp" could bypass sandbox inheritance and initialize host-side ACP runtime. The fix now fail-closes ACP spawn from sandboxed requester sessions and rejects sandbox="require" for runtime="acp". Affected Packages / Versions - Package: openclaw npm - Latest...
CVE-2023-28468
An issue was discovered in FvbServicesRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The FvbServicesRuntimeDxe SMM module exposes an SMI handler that allows an attacker to interact with the SPI flash at run-time from the OS...
CVE-2023-28468
An issue was discovered in FvbServicesRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The FvbServicesRuntimeDxe SMM module exposes an SMI handler that allows an attacker to interact with the SPI flash at run-time from the OS...
NVIDIA GPU 安全漏洞
Nvidia Gpu is a graphics processing unit from the American company Nvidia. It is used in machine learning, video editing and gaming applications. A security vulnerability exists in NVIDIA GPUs and Tegra hardware that originates from a user with elevated privileges accessing debug registers at...
Server-Side Template Injection
pebble is vulnerable to server-side template injection. The fix for an older vulnerability that validates for getClass can be bypassed to inject arbitrary code through the template using the java.lang.Class.forNamejava.lang.Module,java.lang.String signature, resulting in access to java.lang.Runti...