AI大模型安全漏洞预警!Langflow高危远程代码执行漏洞(CVE-2025-3248)
4月6日,Goby安全团队检测发现,AI大模型开源项目 Langflow-ai github issue 提交了一个关于代码注入漏洞反馈(当前该issue已关闭), 攻击者可以通过向特定端点发送精心构造的HTTP请求,执行任意代码。
A moderate-severity vulnerability has been identified in Microsoft Identity Web. Under specific conditions, it could potentially expose sensitive client secrets and certificate information in service logs. The flaw, tracked as CVE-2025-32016, impacts versions 3.2.0 through 3.8.1 of the library and has prompted an urgent advisory from Microsoft. The vulnerability affects Microsoft.Identity.Web, a widely used NuGet […]
The post Microsoft Identity Web Package Vulnerability Exposes Client Secrets & Certificate Information appeared first on Cyber Security News.