3 CRIT · 1 HIGH · 2 INFO · THREAT RED · 6 items · Generated in 223s
Attacker can inject arbitrary Stata commands by crafting a malicious log_file_name
vLLM's revision pinning controls do not consistently apply to all artifacts loaded for a model
Unauthenticated HTTP requests can be executed without authentication
MCP token holder can read any file in shared storage, including attachments from other bases and workspaces
New bug bounty platform launched for AI/ML libraries
Claude Fable is using Python to iterate through all available windows on the machine, potentially accessing sensitive information