Aggregator

并总结了五种最常用的大模型攻击方法

A vulnerability was found in laurent22 joplin up to 3.2.11. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-24028. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in drakkan sftpgo up to 2.6.4. It has been classified as critical. This affects an unknown part. The manipulation leads to os command injection. This vulnerability is uniquely identified as CVE-2025-24366. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in TP-Link TL-WPA 8630 TL-WPA8630(US)_V2_2.0.4 and classified as critical. Affected by this issue is the function sub_4256CC. The manipulation of the argument devpwd leads to command injection. This vulnerability is handled as CVE-2024-57357. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in laurent22 joplin up to 3.2.7 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument name leads to denial of service. This vulnerability is known as CVE-2024-55630. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Pimcore admin-ui-classic-bundle up to 1.7.3. Affected is an unknown function. The manipulation leads to observable response discrepancy. This vulnerability is traded as CVE-2025-24980. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in laurent22 joplin up to 3.1.23. This issue affects some unknown processing of the component Content-Security-Policy. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-25187. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in LDAP User Manager up to ce92321. This vulnerability affects unknown code of the file /setup/index.php. The manipulation of the argument returnto leads to cross site scripting. This vulnerability was named CVE-2024-57279. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as critical has been found in Flexera RISC Platform. This affects an unknown part of the component 2FA. The manipulation leads to improper authorization. This vulnerability is uniquely identified as CVE-2021-41527. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Flexera RISC Platform. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to incorrect authorization. This vulnerability is handled as CVE-2021-41528. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

法国国有铁路公司 SNCF 对一名开扬声器打电话的乘客罚款 150 欧元。这位叫 David 的乘客告诉电视台 BFM，他在南特车站候车时与姐/妹通话，一名铁路公司的工作人员走过来要求他关闭手机扬声器，否则将会面临罚款。当他争辩时，他被处以 150 欧元的罚款。由于没有立即支付罚款，金额上升到了 200 欧元。David 表示计划聘请律师对此提出异议。SNCF 证实了此事，称原因是他打扰了其他乘客，表示如果他用扬声器播放音乐，情况也会相同。SNCF 要求乘客乘车时将手机调至静音或振动模式。如果确实要打电话，可以去车厢之间的连接处或去吧台车厢。如果乘客在火车上看电影或听播客或音乐，需要使用耳机。

A vulnerability was found in vllm up to 0.7.1. It has been declared as problematic. Affected by this vulnerability is the function hash. The manipulation of the argument constant leads to improper validation of integrity check value. This vulnerability is known as CVE-2025-25183. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Duitku Payment Gateway Plugin up to 2.11.4 on WordPress. This vulnerability affects the function check_duitku_response. The manipulation leads to missing authorization. This vulnerability was named CVE-2024-0631. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in User Shortcodes Plus Plugin up to 2.0.2 on WordPress. This issue affects some unknown processing of the component Shortcode Handler. The manipulation leads to improper control of resource identifiers. The identification of this vulnerability is CVE-2023-6969. The attack needs to be approached within the local network. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Media Library Assistant Plugin up to 3.13 on WordPress. This issue affects some unknown processing of the component Shortcode Handler. The manipulation leads to sql injection. The identification of this vulnerability is CVE-2024-2871. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as critical was found in Juniper Junos OS and Junos OS Evolved. Affected by this vulnerability is an unknown functionality of the component l2cpd. The manipulation leads to handling of exceptional conditions. This vulnerability is known as CVE-2024-30380. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Samsung Mobile Devices. Affected is an unknown function of the component Secure Folder. The manipulation leads to improper authentication. This vulnerability is traded as CVE-2024-20856. It is possible to launch the attack on the physical device. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Samsung Mobile Devices. This affects an unknown part of the component DarManagerService. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2024-20864. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Samsung Mobile Devices and classified as problematic. This vulnerability affects unknown code of the component Multitasking Framework. The manipulation leads to improper access controls. This vulnerability was named CVE-2024-20855. It is possible to launch the attack on the physical device. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Samsung Mobile Devices. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component TelephonyUI. The manipulation leads to improper export of android application components. This vulnerability is known as CVE-2024-20860. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.