113 matches found
Advancing Honeywords for Real-World Authentication Security
Introduced by Juels and Rivest in 2013, Honeywords, which are decoy passwords stored alongside a real password, appear to be a proactive method to help detect password credentials misuse. However, despite over a decade of research, this technique has not been adopted by major authentication...
EUVD-2023-43205
Malicious code in bioql PyPI...
EUVD-2023-43201
Malicious code in bioql PyPI...
EUVD-2023-43202
Malicious code in bioql PyPI...
EUVD-2023-43203
Malicious code in bioql PyPI...
EUVD-2022-24413
Malicious code in bioql PyPI...
EUVD-2022-34606
Malicious code in bioql PyPI...
EUVD-2023-43204
Malicious code in bioql PyPI...
EUVD-2022-34801
Malicious code in bioql PyPI...
EUVD-2022-34604
Malicious code in bioql PyPI...
Five Uncomfortable Truths About LLMs in Production
Many tech professionals see integrating large language models LLMs as a simple process -just connect an API and let it run. At Wallarm, our experience has proved otherwise. Through rigorous testing and iteration, our engineering team uncovered several critical insights about deploying LLMs secure...
LM-Scout: Analyzing the Security of Language Model Integration in Android Apps
Developers are increasingly integrating Language Models LMs into their mobile apps to provide features such as chat-based assistants. To prevent LM misuse, they impose various restrictions, including limits on the number of queries, input length, and allowed topics. However, if the LM integration...
CVE-2022-1069
A crafted HTTP packet with a large content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22...
CVE-2022-1748
Softing OPC UA C++ Server SDK, Secure Integration Server, edgeConnector, edgeAggregator, OPC Suite, and uaGate are affected by a NULL pointer dereference vulnerability...
CVE-2022-1373
The “restore configuration” feature of Softing Secure Integration Server V1.22 is vulnerable to a directory traversal vulnerability when processing zip files. An attacker can craft a zip file to load an arbitrary dll and execute code. Using the "restore configuration" feature to upload a zip file...
CVE-2022-2335
A crafted HTTP packet with a -1 content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22...
CVE-2022-2337
A crafted HTTP packet with a missing HTTP URI can create a denial-of-service condition in Softing Secure Integration Server V1.22...
CVE-2022-2334
The application searches for a library dll that is not found. If an attacker can place a dll with this name, then the attacker can leverage it to execute arbitrary code on the targeted Softing Secure Integration Server V1.22...
CVE-2022-2336
Softing Secure Integration Server, edgeConnector, and edgeAggregator software ships with the default administrator credentials as admin and password as admin. This allows Softing to log in to the server directly to perform administrative functions. Upon installation or upon first login, the...
CVE-2022-2547
A crafted HTTP packet without a content-type header can create a denial-of-service condition in Softing Secure Integration Server V1.22...