Tag
#vulnerability
# Description I found a Remote Command Execution (RCE) vulnerability in the PyTorch. When load model using torch.load with weights_only=True, it can still achieve RCE. # Background knowledge https://github.com/pytorch/pytorch/security As you can see, the PyTorch official documentation considers using `torch.load()` with `weights_only=True` to be safe.  Since everyone knows that weights_only=False is unsafe, so they will use the weights_only=True to mitigate the security issue. But now, I just proved that even if you use weights_only=True, it still can achieve RCE. So it is time to update your PyTorch version~. # Credit This vulnerability was found by Ji'an Zhou.
### Impact Web pages and web extensions using `ses` and the `Compartment` API to evaluate third-party code in an isolated execution environment that have also elsewhere used `const`, `let`, and `class` bindings in the top-level scope of a `<script>` tag will have inadvertently revealed these bindings in the lexical scope of third-party code. ### Patches This compromise is addressed in `ses` version `1.12.0`. The mechanism for confining third-party code involves a `with` block and a semi-opaque scope `Proxy`. The proxy previously revealed any named property to the surrounding lexical scope if it were absent on `globalThis`, so that the third-party code would receive an informative `ReferenceError`, relying on the invalid assumption that only properties of `globalThis` are in the top-level lexical scope. The solution makes the scope proxy fully opaque. Consequently, accessing an unbound free lexical name will produce `undefined` instead of throwing `ReferenceError`. Assigning to an un...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a medium-severity security flaw impacting Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild. The vulnerability, assigned the CVE identifier CVE-2025-24054 (CVSS score: 6.5), is a Windows New Technology LAN Manager (NTLM) hash disclosure
**Why is this Chrome CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. **How can I see the version of the browser?** 1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window 2. Click on **Help and Feedback** 3. Click on **About Microsoft Edge**
**Why is this Chrome CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. **How can I see the version of the browser?** 1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window 2. Click on **Help and Feedback** 3. Click on **About Microsoft Edge**
Following reports of unauthorized access to a legacy Oracle cloud environment, CISA warns of potential credential compromise leading…
## Vulnerability A vulnerability has been identified in Rasa Pro where voice connectors in Rasa Pro do not properly implement authentication even when a token is configured in the `credentials.yml` file. This could allow an attacker to submit voice data to the Rasa Pro assistant from an unauthenticated source. This impacts the following connectors: - `audiocodes_stream` - `genesys` - `jambonz` As part of our investigation to resolve this issue, we have also performed a security review of our other voice channel connectors: - `browser_audio`: Does not support authentication. This is a development channel not intended for production use. - `twilio_media_streams`, `twilio_voice` and `jambonz`: Authentication is currently not supported by these channels, but our investigation has found a way for us to enable it for these voice channel connectors in a future Rasa Pro release. ## Fix The issue has been resolved for `audiocodes`, `audiocodes_stream`, and `genesys` connectors. Fixed versi...
Pycel through 1.0b30, when operating on an untrusted spreadsheet, allows code execution via a crafted formula in a cell, such as one beginning with the `=IF(A1=200, eval("__import__('os').system(` substring.
Security researchers report CVE-2025-32433, a CVSS 10.0 RCE vulnerability in Erlang/OTP SSH, allowing unauthenticated code execution on exposed…
In this week’s newsletter, Thorsten muses on how search engines and AI quietly gather your data while trying to influence your buying choices. Explore privacy-friendly alternatives and get the scoop on why it's important to question the platforms you interact with online.