Do Skill Descriptions Tell the Truth? Detecting Undisclosed Security Behaviors in Code-Backed LLM Skills

Programmatic skills in LLM ecosystems consist of a natural-language description and executable implementation files. Users and LLMs rely on the description to understand the skill's scope. However, the implementation may perform security-relevant operations, such as credential access, network...

Jenkins plugin Eggplant Runner 安全漏洞

Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security...

GHSA-4WR9-2XC6-JMG5 Session fixation vulnerability in Jenkins

Jenkins 2.299 and earlier, LTS 2.289.1 and earlier does not invalidate the previous session on login. This allows attackers to use social engineering techniques to gain administrator access to Jenkins. This vulnerability was introduced in Jenkins 2.266 and LTS 2.277.1. Jenkins 2.300, LTS 2.289.2...

CVE-2016-5542

Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect integrity via vectors related to Libraries...

Mozilla Browser 0.8/0.9/1.x Refresh Security Property Spoofing Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10796/info Mozilla and Firefox may permit malicious Web pages to spoof security properties of a trusted site. An attacker can exploit this issue to spoof the URI and SSL certificate of a site trusted by an unsuspecting...

Mozilla Browser 0.80.91.x - Refresh Security Property Spoofing

Mozilla Browser 0.80.91.x - Refresh Security Property Spoofing source: https://www.securityfocus.com/bid/10796/info Mozilla and Firefox may permit malicious Web pages to spoof security properties of a trusted site. An attacker can exploit this issue to spoof the URI and SSL certificate of a site...