From prompt injection to deepfake fraud, security researchers say several flaws have no known fix. Here's what to know about them.
Truebit lost $26 million after a smart-contract overflow bug let an attacker mint tokens at near-zero cost, sending the TRU price down 99%. A $26 million exploit of the offline computation protocol ...
Pixnapping could be used to steal private data, including 2FA codes. Side-channel attack abuses Google Android APIs to steal data on display. Flaw is partially patched, although a more complete fix is ...
Unity has fixes ready to go, and Valve has released an updated version of Steam, too. Unity has fixes ready to go, and Valve has released an updated version of Steam, too. is a senior reporter ...
Brave described a vulnerability that can be activated when a user asks the Comet AI browser to summarize a web page. The LLM will read the web page, including any embedded prompts that command the LLM ...
Abstract: SQL injection (SQLi) remains a critical threat to database security, as it exploits vulnerabilities that allow unauthorized access to or manipulation of database systems. Traditional tools ...
Sourcecodehero Event Management System 1.0 allows SQL Injection via parameter 'username' in "/event/admin/login.php". Exploiting this issue could allow an attacker to ...
The Fortra FileCatalyst Workflow is vulnerable to an SQL injection vulnerability that could allow remote unauthenticated attackers to create rogue admin users and manipulate data on the application ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results