Aggregator

As more organizations lean on third-party platforms, cloud infrastructure, and remote development te

本文介绍了美团技术团队在国际顶会ACL 2025中发表的8篇论文，研究方向覆盖了生成式检索算法、多目标偏好对齐训练、富文本图像理解、搜索词推荐、跨语言迁移能力、多模态数学推理、第三人称任务等技术领域，

当前环境出现异常,需完成验证后方可继续访问。

关基设施运营者必看！一文了解全流程合规要求。

A vulnerability was found in binary-husky gpt_academic. It has been rated as very critical. This issue affects some unknown processing of the component RAR File Handler. The manipulation leads to undefined behavior for input to api. The identification of this vulnerability is CVE-2024-12390. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in binary-husky gpt_academic and classified as problematic. Affected by this vulnerability is the function 解析项目源码（手动指定和筛选源码文件类型） of the component Regular Expression Handler. The manipulation leads to permissive list of allowed inputs. This vulnerability is known as CVE-2024-12391. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in netease-youdao qanything up to 2.0.0. This affects an unknown part of the component File Upload. The manipulation leads to resource consumption. This vulnerability is uniquely identified as CVE-2024-12864. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in run-llama llama_index up to 0.12.5. Affected is the function get_response_gen. The manipulation leads to handling of exceptional conditions. This vulnerability is traded as CVE-2024-12704. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in binary-husky gpt_academic. Affected is an unknown function of the component URL Validation Handler. The manipulation leads to server-side request forgery. This vulnerability is traded as CVE-2024-12392. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Eclipse ThreadX up to 6.4.1. Affected is an unknown function of the component NetXDuo. The manipulation leads to integer underflow. This vulnerability is traded as CVE-2025-2259. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Eclipse ThreadX up to 6.4.1. Affected by this vulnerability is an unknown functionality of the component NetXDuo. The manipulation leads to incomplete cleanup. This vulnerability is known as CVE-2025-2260. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Eclipse ThreadX up to 6.4.1. Affected by this issue is some unknown functionality of the component NetXDuo. The manipulation leads to integer underflow. This vulnerability is handled as CVE-2025-2258. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in vLLM up to 0.8.5.post1. This vulnerability affects unknown code. The manipulation leads to deserialization. This vulnerability was named CVE-2025-30165. Access to the local network is required for this attack. There is no exploit available.

A vulnerability was found in Google TensorFlow Serving up to 2.18.0 and classified as critical. This issue affects some unknown processing of the component JSON Handler. The manipulation leads to stack-based buffer overflow. The identification of this vulnerability is CVE-2025-0649. The attack may be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in Red Hat Quay up to 3.14.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Proxy Cache. The manipulation leads to insecure inherited permissions. This vulnerability is known as CVE-2025-4374. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability, which was classified as critical, was found in Cisco Catalyst SD-WAN Manager. This affects an unknown part of the component CLI. The manipulation leads to channel accessible by non-endpoint. This vulnerability is uniquely identified as CVE-2025-20122. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

Octopii Octopii is an open-source AI-powered Personal Identifiable Information (PII) scanner that can look for image assets such as Government IDs, passports, photos, and signatures in a directory. Working Octopii uses Tesseract’s Optical Character...

The post Octopii: AI-powered Personal Identifiable Information scanner appeared first on Penetration Testing Tools.

Microsoft has unveiled an experimental feature known as Copilot Mode—a bold new function within the Edge browser that elevates artificial intelligence from a mere assistant to a true collaborator in the user’s web experience....

The post Microsoft Edge Unveils “Copilot Mode”: AI-Powered Browse Transforms Web Navigation & Interaction appeared first on Penetration Testing Tools.

The authorities of Minnesota have enacted unprecedented measures following a devastating cyberattack that crippled the digital infrastructure of Saint Paul—the state’s capital and its second-largest city. Amid widespread disruptions triggered by an unidentified group...

The post Saint Paul Cyberattack Cripples City Systems, Forces Minnesota National Guard Deployment appeared first on Penetration Testing Tools.