Critical SurrealDB Injection Flaw Discovered
A critical injection vulnerability in SurrealDB allows authenticated users to achieve privilege escalation and full system takeover via malicious database exports.
22 results for “injection”
A critical injection vulnerability in SurrealDB allows authenticated users to achieve privilege escalation and full system takeover via malicious database exports.
A dual-vulnerability chain allows unauthenticated attackers to execute code, forcing a rapid, automated security update cycle.
CISA has confirmed active exploitation of a critical OS command injection vulnerability in Fortinet FortiSandbox, mandating urgent remediation.
CISA has added a critical OS command injection vulnerability in Fortinet FortiSandbox to its KEV catalog following reports of active exploitation.
CISA has added a critical OS command injection vulnerability in FortiSandbox to its KEV catalog, mandating urgent remediation for federal agencies.
CISA has added a critical OS command injection vulnerability in Fortinet FortiSandbox to its KEV catalog following reports of active, real-world exploitation.
Compromised AsyncAPI and Jscrambler packages expose developers to credential theft via automated malicious injection.
An OS command injection vulnerability in Fortinet FortiSandbox is under active exploitation, prompting urgent remediation mandates for federal agencies.
CISA has confirmed active exploitation of a command injection vulnerability in Fortinet FortiSandbox, mandating urgent remediation for federal agencies.
A critical vulnerability in Twig versions prior to 3.26.0 allows attackers to inject arbitrary PHP code via crafted template names in {% use %} tags.
CISA has confirmed active exploitation of an OS command injection vulnerability in Fortinet FortiSandbox, requiring immediate remediation.
A new research paper details how 'probabilistic delimiter injection' allows attackers to bypass AI safety guards with fake data.
CISA has confirmed active exploitation of an OS command injection vulnerability in Fortinet FortiSandbox, mandating urgent remediation for federal agencies.
OpenAI is deploying an automated red-teaming model to aggressively stress-test its systems against persistent prompt injection risks.
Researchers are moving beyond theoretical AI capabilities, building automated pipelines to find live vulnerabilities in software.
Critical SSRF and code injection flaws in SMA1000 appliances are currently being exploited, prompting an urgent patching mandate.
A malicious npm package injection forced a swift cleanup, highlighting the persistent dangers of compromised build environments.
Researchers have identified five unique prompt injection techniques that exploit how large language models process user inputs.
A new automated attack technique can plant persistent, invisible false memories into AI agents through a single, malicious email.
Thousands of Hikvision devices remain vulnerable to a critical command injection flaw, drawing attention from global threat actors.
Researchers at Tracebit are utilizing context bombing to force AI models to trigger their own safety guardrails during attacks.
Researchers have demonstrated how bad actors can exploit AI code assistants by hiding malicious instructions inside unchecked images.