Token-Level Generalization in LoRA Adapter Backdoors: Attack Characterization and Behavioral Detection

We show that LoRA adapters, the dominant distribution format for fine-tuned LLMs, can be reliably backdoored through training data poisoning while preserving baseline task performance. On a Qwen 2.5 1.5B prompt-injection classifier, a small fraction of poisoned examples drives a...

EUVD-2022-25204

Malicious code in bioql PyPI...

CVE-2022-1935

Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker already in possession of a valid Project Trigger Token to misuse it from any location even when I...

Towards Dataset Copyright Evasion Attack against Personalized Text-To-Image Diffusion Models

Text-to-image T2I diffusion models have rapidly advanced, enabling high-quality image generation conditioned on textual prompts. However, the growing trend of fine-tuning pre-trained models for personalization raises serious concerns about unauthorized dataset usage. To combat this, dataset...

CVE-2022-1935

Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker already in possession of a valid Project Trigger Token to misuse it from any location even when I...

CVE-2022-1935

Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker already in possession of a valid Project Trigger Token to misuse it from any location even when I...

CVE-2022-1935

CVE-2022-1935 is an incorrect authorization vulnerability in GitLab EE where an attacker with a valid Project Trigger Token can misuse it from any location, bypassing IP restrictions. Affected releases include: 12.0–14.9.4; 14.10.0–14.10.3; 15.0.0. Remediation (per sources) is to upgrade to: 14.9...

CVE-2022-1935

Removed by vendor...

CVE-2022-1935

Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker already in possession of a valid Project Trigger Token to misuse it from any location even when I...

PT-2022-3034 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab Enterprise Edition versions 12.0 through 14.9.4 GitLab Enterprise Edition versions 14.10.0 through 14.10.3 GitLab Enterprise Edition versions 15.0.0 Description: The issue is related to incorrect authorization in GitLab Enterprise...

Python Utility Bot 安全漏洞

Python Utility Bot is a community bot developed specifically for the Discord community. A security vulnerability exists in Python Utility Bot that stems from a token filter not triggering when an un-blacklisted URL and a trigger filter token are included in the same message in the affected versio...

FreeBSD : Gitlab -- Multiple Vulnerabilities (1cd89254-b2db-11e9-8001-001b217b3468)

Gitlab reports : GitHub Integration SSRF Trigger Token Impersonation Build Status Disclosure SSRF Mitigation Bypass Information Disclosure New Issue ID IDOR Label Name Enumeration Persistent XSS Wiki Pages User Revokation Bypass with Mattermost Integration Arbitrary File Upload via Import Project...