Aggregator

A vulnerability classified as critical has been found in significant-gravitas autogpt up to 0.2.0. Affected is the function GithubListPullRequestsBlock/GithubReadPullRequestBlock/GithubAssignPRReviewerBlock/GithubListPRReviewersBlock/GithubUnassignPRReviewerBlock/GithubCommentBlock/GithubMakeIssueBlock/GithubReadIssueBlock/GithubListIssuesBlock/GithubAddLabelBlock/GithubRemoveLabelBlock/GithubListBranchesBlock/ExtractWebsiteContentBlock of the component Service API. The manipulation leads to server-side request forgery. This vulnerability is traded as CVE-2024-10457. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in mlflow up to 2.18.x. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to weak password requirements. The identification of this vulnerability is CVE-2025-1474. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in berriai litellm 1.44.9/1.44.12/1.53.1. It has been declared as critical. This vulnerability affects unknown code of the file /users/list. The manipulation leads to improper authorization. This vulnerability was named CVE-2025-0628. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in parisneo lollms-webui. It has been classified as problematic. This affects an unknown part. The manipulation leads to resource consumption. This vulnerability is uniquely identified as CVE-2025-1451. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability has been found in eosphoros-ai db-gpt on Windows and classified as critical. Affected by this vulnerability is an unknown functionality of the file /v1/agent/hub/update. The manipulation of the argument plugin_repo_name leads to file inclusion. This vulnerability is known as CVE-2025-0452. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in man-group dtale up to 3.16.0 and classified as critical. Affected by this issue is the function enable_custom_filters of the component Setting Handler. The manipulation leads to command injection. This vulnerability is handled as CVE-2025-0655. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in significant-gravitas autogpt up to 0.3.x. Affected is an unknown function. The manipulation leads to command injection. This vulnerability is traded as CVE-2025-1040. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in AWS sagemaker-python-sdk. This issue affects some unknown processing of the component SageMaker Workflow. The manipulation leads to expected behavior violation. The identification of this vulnerability is CVE-2025-0508. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in binary-husky gpt_academic. This vulnerability affects unknown code of the component manim Plugin. The manipulation leads to command injection. This vulnerability was named CVE-2024-10954. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as critical has been found in vanna-ai vanna. This affects the function read_csv/read_csv_auto/read_text/read_blob. The manipulation leads to server-side request forgery. This vulnerability is uniquely identified as CVE-2024-8099. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in comfyanonymous comfyui up to 0.2.4. It has been rated as critical. Affected by this issue is some unknown functionality of the file /internal/models/download. The manipulation leads to server-side request forgery. This vulnerability is handled as CVE-2024-12882. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in parisneo lollms-webui 13. It has been declared as critical. Affected by this vulnerability is the function forbid_remote_access of the file /api/proxy of the component REST API. The manipulation leads to server-side request forgery. This vulnerability is known as CVE-2024-12766. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in bentoml up to 1.3.9. It has been classified as problematic. Affected is an unknown function of the component HTTP Request Handler. The manipulation leads to resource consumption. This vulnerability is traded as CVE-2024-12759. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in berriai litellm up to 1.52.1 and classified as problematic. This issue affects some unknown processing of the file proxy_server.py of the component Langfuse API Key Handler. The manipulation leads to exposure of sensitive information through metadata. The identification of this vulnerability is CVE-2025-0330. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in ollama up to 0.3.14 and classified as problematic. This vulnerability affects the function ggufPadding of the component GGUF Model File Handler. The manipulation leads to divide by zero. This vulnerability was named CVE-2025-0317. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in gaizhenbiao ChuanhuChatGPT up to 20240914. This affects an unknown part. The manipulation leads to resource consumption. This vulnerability is uniquely identified as CVE-2025-0191. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in aimhubio aim up to 3.25.0. Affected by this issue is some unknown functionality of the component Websocket Message Handler. The manipulation leads to resource consumption. This vulnerability is handled as CVE-2025-0189. The attack may be launched remotely. There is no exploit available.

Минцифры обсуждает послабления для сайтов объявлений.

尼安德特人被认为是食物链顶端的超级食肉动物，吃的肉和鬣狗和洞狮一样多。但根据一项新研究，人类的近亲可能吃了很多蛆虫。研究人员在 1991 年首次发现尼安德特人骨骼化石中氮 15 比例高于氮 14——这通常是高肉食饮食的标志。这表明尼安德特人比食肉的鬣狗和狮子更爱吃肉。但普渡大学的生物人类学家 Melanie Beasle 对此解释提出了异议。人类是不能像狮子那样吃太多肉的，人类主要吃素食，消化系统和代谢系统也是据此演化的。太多的蛋白质会使肝脏中充满氨，氨可能是有毒的，甚至是致命的。所以尼安德特人怎么可能比人类更擅长食肉？另一种解释是他们吃了含有蛆虫的腐肉。腐肉比鲜肉中的氮含量更高，因此可能提高了尼安德特人骨骼中的氮含量。

Third-party cybersecurity incidents are on the rise, but organizations face challenges in mitigating risks arising for the software supply chain, a survey of 200 chief information security officers (CISOs) has found.

The post CISO survey: 6 lessons to boost third-party cyber-risk management appeared first on Security Boulevard.