#vulnerability

A prototype pollution vulnerability exists in @nyariv/sandboxjs versions <= 0.8.23, allowing attackers to inject arbitrary properties into Object.prototype via crafted JavaScript code. This can result in a denial-of-service (DoS) condition or, under certain conditions, escape the sandboxed environment intended to restrict code execution. The vulnerability stems from insufficient prototype access checks in the sandbox’s executor logic, particularly in the handling of JavaScript function objects returned.

This appears to be a security vulnerability report describing a remote code execution (RCE) exploit in the ms-swift framework through malicious pickle deserialization in adapter model files. The vulnerability allows arbitrary command execution when loading specially crafted adapter models from ModelScope. This occurs when using machine torch version < 2.6.0, while ms-swift accepts torch version >= 2.0 **I. Detailed Description:** 1. Install ms-swift ``` pip install ms-swift -U ``` 2. Start web-ui ``` swift web-ui --lang en ``` 3. After startup, you can access [http://localhost:7860/](http://localhost:7860/) through your browser to see the launched fine-tuning framework program 4. Upload an adapter model repository (cyjhhh/lora_adapter_4_llama3) on ModelScope, where the lora/adapter_model.bin file is generated through the following code: ```python import torch, pickle, os class MaliciousPayload: def __reduce__(self): return (os.system, ("touch /tmp/malicious.txt",)) # A...

**I. Detailed Description:** 1. Install ms-swift ``` pip install ms-swift -U ``` 2. Start web-ui ``` swift web-ui --lang en ``` 3. After startup, access through browser at [http://localhost:7860/](http://localhost:7860/) to see the launched fine-tuning framework program 4. Fill in necessary parameters In the LLM Training interface, fill in required parameters including Model id, Dataset Code. The --output_dir can be filled arbitrarily as it will be modified later through packet capture 5. Click Begin to start training. Capture packets and modify the parameter corresponding to --output_dir You can see the concatenated command being executed in the terminal where web-ui was started 6. Wait for the program to run (testing shows it requires at least 5 minutes), and you can observe the effect of command execution creating files **II. Vulnerability Proof:** ``` /tmp/xxx'; touch /tmp/inject_success_1; # ``` **III. Fix Solution:** 1. The swift.ui.llm_train.llm...

Researchers identify a new SS7 encoding attack used by a surveillance vendor to bypass security and access mobile subscriber data without detection.

## Description A Remote Code Execution (RCE) vulnerability exists in the [modelscope/ms-swift](https://github.com/modelscope/ms-swift) project due to unsafe use of `yaml.load()` in combination with vulnerable versions of the PyYAML library (≤ 5.3.1). The issue resides in the `tests/run.py` script, where a user-supplied YAML configuration file is deserialized using `yaml.load()` with `yaml.FullLoader`. If an attacker can control or replace the YAML configuration file provided to the `--run_config` argument, they may inject a malicious payload that results in arbitrary code execution. ## Affected Repository - **Project:** [modelscope/ms-swift](https://github.com/modelscope/ms-swift) - **Affect versions:** latest - **File:** `tests/run.py` - **GitHub Permalink:** https://github.com/modelscope/ms-swift/blob/e02ebfdf34f979bbdba9d935acc1689f8d227b38/tests/run.py#L420 - **Dependency:** PyYAML <= 5.3.1 ## Vulnerable Code ```python if args.run_config is not None and Path(args.run_config)....

### Summary Unauthorized reflected Cross-Site-Scripting when accessing the URL for recent uploads with the `filter` parameter containing JavaScript code. ### Details When accessing the recent uploads page at `/?ru`, users can filter the results using an input field at the top. This field appends a filter parameter to the URL, which reflects its value directly into a `<script>` block without proper escaping. This vulnerability allows for reflected Cross-Site Scripting (XSS) and can be exploited against both authenticated and unauthenticated users, enabling unwanted actions in the victims browser. ### PoC A URL like this will execute `alert(1)`: ``` https://127.0.0.1:3923/?ru&filter=</script><script>alert(1)</script> ```

Dark Reading Confidential Episode 8: Federal funding for the CVE Program expires in April 2026, and a trio of experts agree the industry isn't doing enough to deal with the looming crisis. Bugcrowd's Trey Ford, expert Adam Shostack, and vulnerability historian Brian Martin sit down with Dark Reading to help us figure out what a "good" future of the CVE Program would look like and how to get there.

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.4 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: Lifecycle Services with VMware Vulnerabilities: Out-of-bounds Write, Use of Uninitialized Resource 2. RISK EVALUATION Successful exploitation of these vulnerabilities could lead to code execution on the host or leakage of memory from processes communicating with vSockets. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Rockwell Automation reports the following Lifecycle Services with VMware are affected: Industrial Data Center (IDC) with VMware: Generations 1 – 4 VersaVirtual Appliance (VVA) with VMware: Series A & B Threat Detection Managed Services (TDMS) with VMware: All versions Endpoint Protection Service with Rockwell Automation Proxy & VMware only: All versions Engineered and Integrated Solutions with VMware: All versions 3.2 Vulnerability Overview 3.2.1 Out-of-bounds Write CWE-787 An integer-overflow vulnerability exists in the VMXNET3 virtual network adapter used in VM...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Güralp Systems Equipment: Güralp FMUS Series Seismic Monitoring Devices Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to modify hardware configurations, manipulate data, or factory reset the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Güralp FMUS series are affected: Güralp FMUS Series Seismic Monitoring Devices: All versions 3.2 Vulnerability Overview 3.2.1 MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306 The affected products expose an unauthenticated Telnet-based command line interface that could allow an attacker to modify hardware configurations, manipulate data, or factory reset the device. CVE-2025-8286 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/...

Man in the Prompt attack shows how browser extensions can exploit ChatGPT, Gemini and other AI tools to steal data or inject hidden prompts.