Aggregator

2 weeks 1 day ago

A vulnerability was found in Microsoft Internet Explorer 11 and classified as critical. The affected element is an unknown function of the component Scripting Engine. Such manipulation leads to memory corruption. This vulnerability is documented as CVE-2020-1380. The attack can be executed remotely. Additionally, an exploit exists. A patch should be applied to remediate this issue.

vuldb.com

CVE-2024-23557 | HCL Connections 7.0/8.0 information disclosure (KB0112488)

2 weeks 1 day ago

A vulnerability classified as problematic has been found in HCL Connections 7.0/8.0. This affects an unknown function. The manipulation leads to information disclosure. This vulnerability is listed as CVE-2024-23557. The attack may be initiated remotely. There is no available exploit.

vuldb.com

CVE-2024-30107 | HCL Connections 7.0/8.0 information disclosure (KB0112489)

2 weeks 1 day ago

A vulnerability was found in HCL Connections 7.0/8.0. It has been classified as problematic. This vulnerability affects unknown code. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2024-30107. It is possible to initiate the attack remotely. There is no exploit available.

vuldb.com

CVE-2024-5411 | ORing IAP-420 up to 2.01e Web Interface command injection

2 weeks 1 day ago

A vulnerability was found in ORing IAP-420 up to 2.01e. It has been classified as critical. The impacted element is an unknown function of the component Web Interface. This manipulation causes command injection. This vulnerability appears as CVE-2024-5411. The attack may be initiated remotely. In addition, an exploit is available.

vuldb.com

CVE-2024-5410 | ORing IAP-420 up to 2.01e Web Interface cross site scripting

2 weeks 1 day ago

A vulnerability was found in ORing IAP-420 up to 2.01e. It has been declared as problematic. This affects an unknown function of the component Web Interface. Such manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-5410. The attack may be launched remotely. Furthermore, there is an exploit available.

vuldb.com

CVE-2020-1464 | Microsoft Windows up to Server 2019 File Signature signature verification (EUVD-2020-12339)

2 weeks 1 day ago

A vulnerability, which was classified as critical, has been found in Microsoft Windows. This impacts an unknown function of the component File Signature Handler. Performing manipulation results in improper verification of cryptographic signature. This vulnerability is identified as CVE-2020-1464. The attack is only possible with local access. Additionally, an exploit exists. To fix this issue, it is recommended to deploy a patch.

vuldb.com

CVE-2020-17144 | Microsoft Exchange Server 2010 SP3 Update Rollup 31 code injection

2 weeks 1 day ago

A vulnerability classified as critical was found in Microsoft Exchange Server 2010 SP3 Update Rollup 31. Affected by this vulnerability is an unknown functionality. Such manipulation leads to code injection. This vulnerability is traded as CVE-2020-17144. The attack may be launched remotely. Furthermore, there is an exploit available. Applying a patch is advised to resolve this issue.

vuldb.com

CVE-2020-1472 | Oracle ZFS Storage Appliance Kit 8.8 Operating System Image privileges management (EDB-49071 / Nessus ID 236653)

2 weeks 1 day ago

A vulnerability classified as very critical has been found in Oracle ZFS Storage Appliance Kit 8.8. This issue affects some unknown processing of the component Operating System Image. This manipulation causes improper privilege management. This vulnerability appears as CVE-2020-1472. The attack may be initiated remotely. In addition, an exploit is available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2024-3575 | mindsdb cross site scripting

2 weeks 1 day ago

A vulnerability was found in mindsdb and classified as problematic. This issue affects some unknown processing. The manipulation results in cross site scripting. This vulnerability is known as CVE-2024-3575. It is possible to launch the attack remotely. No exploit is available.

vuldb.com

SCPGA：自认同CoT渐进式泛化攻击

2 weeks 1 day ago

《SCPGA：自认同CoT渐进式泛化攻击》由萨塞克斯大学何润培提出，揭示了一种新型大模型越狱技术。该方法利用模型间思维链（CoT）的兼容性，通过“种子诱导—强CoT生成—恶意嵌套”流程，实现跨模型、跨主题的自动化攻击。实验显示，SCPGA对Gemini 2.5 Pro、Qwen3等主流模型越狱成功率高达94%–97%，并可引发内容安全、工具滥用、系统泄露等多类风险。文章进一步提出基于微调审核模型的轻量防御方案，为LLM安全防护提供了新思路。

Akira

Dark Feed IO

2 weeks 1 day ago

You must login to view this content

cohenido

ReCopilot：基于大模型的二进制逆向工程助手

2 weeks 1 day ago

《ReCopilot：基于大模型的二进制逆向工程助手》由奇安信技术研究院陈国强提出，旨在构建专用于二进制代码分析的领域大模型。ReCopilot通过预训练、指令微调与偏好对齐，显著提升函数名恢复、变量识别、结构体推断等任务效果，在多项评测中超越通用大模型。其进一步发展的ReCopilot-Agent具备代码检索、路径分析与漏洞链重构能力，展示了在真实固件漏洞挖掘中的自动化潜力，推动二进制分析向智能化、低门槛方向发展。

小鼠研究显示头发在 20 天内完全再生

Solidot

2 weeks 1 day ago

根据发表在《Cell Metabolism》期刊上的一项研究，小鼠实验显示头发能在 20 天内完全再生。这一突破为未来治愈脱发带来了希望，值得注意的是小鼠的头发周期比人类短得多，因此小鼠的结果能否在人类身上再现还有待观察。研究是基于毛囊再生的内部机制。当皮肤受伤或受到轻微刺激，免疫细胞会进入皮下脂肪组织发出信号促使脂肪细胞释放单不饱和脂肪酸。脂肪酸为毛囊干细胞提供营养，使其充满活力，促进新发生长。研究人员没有采用刺激疗法，而是直接使用了一种含有这些脂肪酸的精华液。

大模型供应链安全的熵增效应：风险挖掘与熵减策略

2 weeks 1 day ago

《大模型供应链安全的熵增效应：风险挖掘与熵减策略》由vivo大模型安全工程师戎誉、凡浩撰写，从信息论“熵”概念切入，系统分析了大模型供应链因规模扩张、依赖复杂和攻击面扩大所带来的安全风险。文章结合真实漏洞案例（如Megatron-LM、ms-swift等），揭示了训练数据投毒、模型恶意植入、推理框架漏洞等关键威胁，并提出AI-BOM资产管理、动静结合检测、社区协同响应等熵减策略，呼吁构建安全可控的低熵模型生态。

Qilin

Dark Feed IO

2 weeks 1 day ago

You must login to view this content

cohenido

利用大模型辅助自动化BYOVD驱动漏洞挖掘

2 weeks 1 day ago