CVE-2024-4040 [CRITICAL] :

A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.

Gandalf

ai
ctf
llm
machine-learning
prompt-injection

Trick Gandalf into revealing information and experience the limitations of large language models firsthand. Your goal is to make Gandalf reveal the secret password for each level. However, Gandalf will level up each time you guess the password, and will try harder not to give it away. Can you beat level 7? (There is a bonus level 8)

https://gandalf.lakera.ai/

Listed: Sat Nov 11 2023