Aggregator

INC

Dark Feed IO
3 months 2 weeks ago

You must login to view this content

cohenido

vLLM pickle反序列化漏洞详细分析

先知技术社区
3 months 2 weeks ago
漏洞描述CVE-2025-47277 是 vLLM 项目中的一个 远程代码执行(RCE)漏洞,源于其使用PyNcclPipe模块时,未经验证地反序列化来自网络的数据,攻击者可通过构造恶意 pickle 数据包,在服务器端执行任意代码。该漏洞严重性等级为 Critical。影响范围条件说明影响版本vLLM >= 0.6.5 且 < 0.8.5影响模块VLLMEngineV0引擎中启用的P

Why AI Use in Healthcare Requires Continuous Oversight

DataBreachToday.com
3 months 2 weeks ago
Artificial intelligence use in healthcare is only as safe and accurate as the governance and trust frameworks surrounding it, particularly in clinical environments where errors or hallucinations can directly impact patient care, said Dave Bailey, vice president at consultancy Clearwater.

Barracuda CEO Bets on AI, Simplicity for Midmarket Defense

DataBreachToday.com
3 months 2 weeks ago
CEO Rohit Ghai Emphasizes Platform Depth, Threat Intel and AI-Powered Simplicity
Rohit Ghai, the new CEO of Barracuda, is leading a push to protect midmarket and resource-constrained businesses through a deeply integrated platform powered by AI. He says ease of use, human-led threat intelligence and modular deployment are essential to meeting their cybersecurity needs.

Groups Warn $32B Google-Wiz Deal Threatens Cloud Competition

DataBreachToday.com
3 months 2 weeks ago
Civil Society Orgs Concerned Deal Could Tilt Cloud Security Space in Google’s Favor
A coalition of European civil society organizations is urging regulators to launch a detailed antitrust investigation into Google's proposed $32 billion purchase of Wiz. They argue the acquisition would strengthen Google's dominance in cloud security and undermine multi-cloud neutrality.

ISMG Editors: Real-Time Vishing Is Breaking MFA

DataBreachToday.com
3 months 2 weeks ago
Also: Why AI Agents Are Colliding, What Good Governance Ought to Look Like
In this week's panel, four ISMG editors discussed real-time vishing attacks that are defeating MFA, the growing problem of AI agents making conflicting decisions inside of enterprises and why the next phase of AI adoption depends on governance, accountability and control.

CMMC Enclave Strategy vs Full Environment Compliance

Security Boulevard
3 months 2 weeks ago

With any security framework, be it ISO 27001, FedRAMP, or CMMC, the goal is not to secure “your business.” It’s to secure sensitive and controlled information that your business handles. This is a fundamentally important way of looking at your security. Why does this matter? It’s all about borders. Where do you draw the line […]

The post CMMC Enclave Strategy vs Full Environment Compliance appeared first on Security Boulevard.

Dan Page

CVE-2025-13743 | Docker Desktop up to 4.53.x log file (EUVD-2025-202325 / Nessus ID 278980)

Vuldb Updates
3 months 2 weeks ago
A vulnerability was found in Docker Desktop up to 4.53.x. It has been rated as problematic. This issue affects some unknown processing. Performing a manipulation results in sensitive information in log files. This vulnerability is cataloged as CVE-2025-13743. The attack must be initiated from a local position. There is no exploit available. Upgrading the affected component is advised.
vuldb.com

CVE-2026-1705 | D-Link DSL-6641K N8.TR069.20131126 Web Interface ad_virtual_server_vdsl Name cross site scripting (EUVD-2026-5003)

Vuldb Updates
3 months 2 weeks ago
A vulnerability was found in D-Link DSL-6641K N8.TR069.20131126. It has been classified as problematic. Affected by this issue is the function ad_virtual_server_vdsl of the component Web Interface. Performing a manipulation of the argument Name results in cross site scripting. This vulnerability is cataloged as CVE-2026-1705. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2024-3387 | Palo Alto Networks PAN-OS up to 10.1.11/10.2.7-h2/11.0.3 inadequate encryption

Vuldb Updates
3 months 2 weeks ago
A vulnerability labeled as problematic has been found in Palo Alto Networks PAN-OS up to 10.1.11/10.2.7-h2/11.0.3. This issue affects some unknown processing. Executing a manipulation can lead to inadequate encryption strength. This vulnerability is tracked as CVE-2024-3387. The attack can be launched remotely. No exploit exists. The affected component should be upgraded.
vuldb.com

CVE-2024-6933 | LimeSurvey 6.5.14-240624 Survey General Settings updatesurveylocalesettings_generalsettings actionUpdateSurveyLocaleSettingsGeneralSettings Language sql injection

Vuldb Updates
3 months 2 weeks ago
A vulnerability identified as critical has been detected in LimeSurvey 6.5.14-240624. Affected by this issue is the function actionUpdateSurveyLocaleSettingsGeneralSettings of the file /index.php?r=admin/database/index/updatesurveylocalesettings_generalsettings of the component Survey General Settings Handler. This manipulation of the argument Language causes sql injection. This vulnerability is tracked as CVE-2024-6933. The attack is possible to be carried out remotely. Moreover, an exploit is present. You should upgrade the affected component.
vuldb.com

CVE-2024-7887 | LimeSurvey 6.3.0-231016 File Upload /index.php size denial of service

Vuldb Updates
3 months 2 weeks ago
A vulnerability marked as problematic has been reported in LimeSurvey 6.3.0-231016. Impacted is an unknown function of the file /index.php of the component File Upload. This manipulation of the argument size causes denial of service. This vulnerability appears as CVE-2024-7887. The attack may be initiated remotely. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

Managed ad