Posts of last 24 hours
Submit #797469 / VDB-377779
https://vuldb.com/submit/797469
Submit #797466 / VDB-377778
https://vuldb.com/submit/797466
Submit #797465 / VDB-377777
https://vuldb.com/submit/797465
Submit #797464 / VDB-377776
https://vuldb.com/submit/797464
Submit #797463 / VDB-377775
https://vuldb.com/submit/797463
Нейросеть придумала ссылку, а хакеры уже ждут, пока вы по ней перейдёте. Разбор атаки HalluSquatting
Обычная «галлюцинация» оказалась слишком удобной для чужого замысла.
https://www.securitylab.ru/news/574687.php
A PNG hiding a prompt injection could steal your repo's secrets, researchers demonstrate. The technique, dubbed 'Ghostcommit,' slipped past AI code reviewers CodeRabbit and Bugbot, which never open image files at all, then convinced a coding agent to read a repo's .env and write every secret into the code as a list of numbers. [...]
https://www.bleepingcomputer.com/news/security/ghostcommit-hides-prompt-injection-in-images-to-fool-ai-agents-steal-secrets/
A vulnerability marked as critical has been reported in Genolve Plugin up to 5.0.5 on WordPress. Affected by this vulnerability is the function genolve_setOpt of the component Capability Check. This manipulation causes improper authorization.
This vulnerability appears as CVE-2026-1359. The attack may be initiated remotely. There is no available exploit.
https://vuldb.com/vuln/377774