Submit #795166: Anuj Kumar Beauty Parlour Management System 1.1 SQL Injection [Duplicate]
Submit #795166 / VDB-309059
Aggregator
113,000 explicit prompts from AI girlfriend platform exposed, many linked to user IDs
2 months 1 week ago
MyLovely.AI, an AI girlfriend platform, suffered a data breach that exposed over 100,000 users. MyLovely.AI allows people to create personalized not safe for work (NSFW) content and engage in real-time conversations with AI-generated companions, often involving highly personal prompts and interactions. According to Have I Been Pwned, the breach exposed email addresses, user-created prompts, links to the resulting AI-generated images, and a limited number of social media profiles, including Discord and X usernames. Based on … More →
The post 113,000 explicit prompts from AI girlfriend platform exposed, many linked to user IDs appeared first on Help Net Security.
Sinisa Markovic
Submit #794658: codeastro Online Classroom V1.0 SQL Injection [Accepted]
2 months 1 week ago
Submit #794658 / VDB-356566
hackint
Submit #794657: codeastro Online Classroom V1.0 SQL Injection [Duplicate]
2 months 1 week ago
Submit #794657 / VDB-355348
hackint
Akira
2 months 1 week ago
You must login to view this content
cohenido
Akira
2 months 1 week ago
You must login to view this content
cohenido
Akira
2 months 1 week ago
You must login to view this content
cohenido
Masjesu botnet targets IoT devices while evading high-profile networks
2 months 1 week ago
Masjesu is a stealthy DDoS-for-hire botnet targeting IoT devices, active since 2023 and designed to stay hidden by avoiding high-profile networks. Masjesu is a stealthy botnet active since 2023, advertised as a DDoS-for-hire service. It targets IoT devices like routers and gateways, spanning multiple architectures. Designed for persistence, it executes carefully, avoiding high-profile IP ranges […]
Pierluigi Paganini
When All Else Fails: PowerShell Reflective Assembly Loading
2 months 1 week ago
by Ian Briley Sometimes an older trick is the only trick that will work for you on an engagement. Case in point, recently I was on an engagement, where if […]
Red Siege
Tool – EyeWitness
2 months 1 week ago
by Jason Downey EyeWitness: Because Nobody Has Time to Visit 500 URLs Every pentest has that moment during recon where you’ve got a list of web servers a mile long […]
Red Siege
When attackers already have the keys, MFA is just another door to open
2 months 1 week ago
Stolen credentials turn authentication systems into the attack surface. Token shows how wearable biometric authentication verifies the user—not the session—blocking phishing relays and MFA bypass. [...]
Sponsored by Token
Хакеры стали работать быстрее вашей техподдержки. На полный захват сети у них теперь уходит меньше суток
2 months 1 week ago
Даже минутная задержка теперь приводит к непоправимым последствиям.
Bitcoin Depot Reports $3.6m Crypto Theft After System Breach
2 months 1 week ago
Bitcoin Depot has disclosed a cyber-attack that led to the theft of more than 50 Bitcoin, worth $3.66m, after hackers accessed its internal systems
Claude Code Can Be Manipulated via CLAUDE.md to Run SQL Injection Attacks
2 months 1 week ago
LayerX researchers have discovered how to bypass Claude Code’s safety rules using the CLAUDE.md file. This exploit allows…
Deeba Ahmed
APT73
2 months 1 week ago
You must login to view this content
cohenido
别让低效率的 AI成为你技术进阶的精神枷锁
2 months 1 week ago
作为一名技术研究者,我们最宝贵的资产是什么?不是多少行代码,也不是多少篇论文,而是那份能够心无旁骛、深挖逻辑的“深度专注力”。
但最近,我发现一种新型的“技术焦虑”正在蔓延。
这种焦虑并非源于技术的壁垒,而是源于一种无意义的、循环往复的“低水平试错”。当你试图用一个逻辑能力不足的免费模型去解决复杂的技术难题时,你会陷入一种可怕的怪圈:输入指令 $\rightarrow$ 等待输出 $\rightarrow$ 发现逻辑错误 $\rightarrow$ 调整 Prompt $\rightarrow$ 再次等待 $\rightarrow$ 依然失败。
这种“在等待中产生的焦虑”极其消耗人。你以为你在利用 AI 提效,实际上你是在用昂贵的认知带宽,去填补一个低级工具带来的逻辑鸿沟。每一分钟在反复修改 Prompt 上的挣扎,都是一种严重的内耗,它在无形中磨损你的创造力,让你从“研究者”退化成了“提示词修理工”。
真正的“格局打开”,是TMD学会识别并拒绝这种无效的沉没成本。
我们要意识到,时间才是最昂贵的变量,而工具的订阅费只是极小的常数。当你通过支付一笔微小的订阅费用,换取一个逻辑严密、指令遵循度极高的顶尖模型时,你买到的不仅仅是更准确的回答,更是买回了那个可以自由思考、不再被琐碎试错打断的“专注时空”。
停止在廉价的工具里寻找效率的幻觉。升级你的工具链,把精力留给真正具有挑战性的架构设计和算法突破。拒绝内耗,从给自己的生产力工具“升舱”开始。
感谢我的老婆,我的格局已经打开!
CVE-2023-2833 | ReviewX Plugin up to 1.6.13 on WordPress Usermeta Update privileges management
2 months 1 week ago
A vulnerability, which was classified as critical, has been found in ReviewX Plugin up to 1.6.13 on WordPress. This vulnerability affects unknown code of the component Usermeta Update Handler. This manipulation causes improper privilege management.
This vulnerability is tracked as CVE-2023-2833. The attack is possible to be carried out remotely. No exploit exists.
vuldb.com
CVE-2023-2303 | vcita Contact Form and Calls to Action Plugin up to 2.6.4 on WordPress cross-site request forgery
2 months 1 week ago
A vulnerability was found in vcita Contact Form and Calls to Action Plugin up to 2.6.4 on WordPress. It has been classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery.
This vulnerability is referenced as CVE-2023-2303. Remote exploitation of the attack is possible. No exploit is available.
vuldb.com
CVE-2023-2406 | vcita Event Registration Calendar Plugin up to 1.3.1/3.9.1 on WordPress cross site scripting
2 months 1 week ago
A vulnerability categorized as problematic has been discovered in vcita Event Registration Calendar Plugin up to 1.3.1/3.9.1 on WordPress. The affected element is an unknown function. Such manipulation leads to cross site scripting.
This vulnerability is listed as CVE-2023-2406. The attack may be performed from remote. There is no available exploit.
vuldb.com
CVE-2023-2405 | vcita CRM and Lead Management Plugin up to 2.6.2 on WordPress cross-site request forgery
2 months 1 week ago
A vulnerability identified as problematic has been detected in vcita CRM and Lead Management Plugin up to 2.6.2 on WordPress. The impacted element is an unknown function. Performing a manipulation results in cross-site request forgery.
This vulnerability is cataloged as CVE-2023-2405. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com