21021 matches found
Semantic Preprocessing for LLM-Based Malware Analysis
In a context of malware analysis, numerous approaches rely on Artificial Intelligence to handle a large volume of data. However, these techniques focus on data view images, sequences and not on an expert's view. Noticing this issue, we propose a preprocessing that focuses on expert knowledge to...
Security Bulletin: Vulnerabilities in Jinja , cryptography & OpenSSL can affect IBM Storage Protect Plus File Systems Agent Backup and Restore
Summary IBM Storage Protect Plus File Systems Agent Backup and Restore can be affected by vulnerabilities in Jinja & cryptography which includes execution of untrusted templates, man-in-middle attacks & a denial of service, as described by the CVEs in the "Vulnerability Details" section. These...
Winter Soldier: Backdooring Language Models at Pre-Training with Indirect Data Poisoning
The pre-training of large language models LLMs relies on massive text datasets sourced from diverse and difficult-to-curate origins. Although membership inference attacks and hidden canaries have been explored to trace data usage, such methods rely on memorization of training data, which LM...
Detecting Hard-Coded Credentials in Software Repositories Via LLMs
Software developers frequently hard-code credentials such as passwords, generic secrets, private keys, and generic tokens in software repositories, even though it is strictly advised against due to the severe threat to the security of the software. These credentials create attack surfaces...
LingoLoop Attack: Trapping MLLMs via Linguistic Context and State Entrapment into Endless Loops
Multimodal Large Language Models MLLMs have shown great promise but require substantial computational resources during inference. Attackers can exploit this by inducing excessive output, leading to resource exhaustion and service degradation. Prior energy-latency attacks aim to increase generatio...
A TRNG Implemented Using a Soft-Data Based Sponge Function within a Unified Strong PUF Architecture
Hardware security primitives including True Random Number Generators TRNG and Physical Unclonable Functions PUFs are central components to establishing a root of trust in microelectronic systems. In this paper, we propose a unified PUF-TRNG architecture that leverages a combination of the static...
CVE-2025-34023
A path traversal vulnerability exists in the Karel IP1211 IP Phone's web management panel. The /cgi-bin/cgiServer.exx endpoint fails to properly sanitize user input to the page parameter, allowing remote authenticated attackers to access arbitrary files on the underlying system by using crafted...
CVE-2025-34023 Karel IP Phone IP1211 Path Traversal
A path traversal vulnerability exists in the Karel IP1211 IP Phone's web management panel. The /cgi-bin/cgiServer.exx endpoint fails to properly sanitize user input to the page parameter, allowing remote authenticated attackers to access arbitrary files on the underlying system by using crafted...
CVE-2025-34023 Karel IP Phone IP1211 Path Traversal
A path traversal vulnerability exists in the Karel IP1211 IP Phone's web management panel. The /cgi-bin/cgiServer.exx endpoint fails to properly sanitize user input to the page parameter, allowing remote authenticated attackers to access arbitrary files on the underlying system by using crafted...
CVE-2025-34023
CVE-2025-34023 affects the Karel IP1211 IP Phone, specifically the web management panel. The vulnerability is a path traversal in the "/cgi-bin/cgiServer.exx" endpoint where the page parameter is not sanitized, allowing remote authenticated attackers to access arbitrary files on the device. Explo...
Relative Path Traversal
Overview Affected versions of this package are vulnerable to Relative Path Traversal via the Extract method. An attacker can gain remote code execution by uploading specially crafted archive files containing path traversal sequences in filenames, resulting in files being written to arbitrary...
GHSA-QH58-9V3J-WCJC Mattermost allows authenticated users to write files to arbitrary locations
Mattermost versions 10.5.x = 10.5.5, 9.11.x = 9.11.15, 10.8.x = 10.8.0, 10.7.x = 10.7.2, 10.6.x = 10.6.5 fail to sanitize filenames in the archive extractor which allows authenticated users to write files to arbitrary locations on the filesystem via uploading archives with path traversal sequence...
Mattermost allows authenticated users to write files to arbitrary locations
Mattermost versions 10.5.x = 10.5.5, 9.11.x = 9.11.15, 10.8.x = 10.8.0, 10.7.x = 10.7.2, 10.6.x = 10.6.5 fail to sanitize filenames in the archive extractor which allows authenticated users to write files to arbitrary locations on the filesystem via uploading archives with path traversal sequence...
CVE-2025-4981
Mattermost versions 10.5.x = 10.5.5, 9.11.x = 9.11.15, 10.8.x = 10.8.0, 10.7.x = 10.7.2, 10.6.x = 10.6.5 fail to sanitize filenames in the archive extractor which allows authenticated users to write files to arbitrary locations on the filesystem via uploading archives with path traversal sequence...
CVE-2025-4981
Mattermost versions 10.5.x = 10.5.5, 9.11.x = 9.11.15, 10.8.x = 10.8.0, 10.7.x = 10.7.2, 10.6.x = 10.6.5 fail to sanitize filenames in the archive extractor which allows authenticated users to write files to arbitrary locations on the filesystem via uploading archives with path traversal sequence...
CVE-2025-4981
Mattermost server contains a relative path traversal flaw in the archive extractor (docextractor) that allows authenticated users to write files to arbitrary filesystem locations via archives with path traversal in filenames. Affected versions include 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10...
CVE-2025-4981 Path Traversal Leading to RCE by Any Authenticated Mattermost User
Mattermost versions 10.5.x = 10.5.5, 9.11.x = 9.11.15, 10.8.x = 10.8.0, 10.7.x = 10.7.2, 10.6.x = 10.6.5 fail to sanitize filenames in the archive extractor which allows authenticated users to write files to arbitrary locations on the filesystem via uploading archives with path traversal sequence...
CVE-2025-4981 Path Traversal Leading to RCE by Any Authenticated Mattermost User
Mattermost versions 10.5.x = 10.5.5, 9.11.x = 9.11.15, 10.8.x = 10.8.0, 10.7.x = 10.7.2, 10.6.x = 10.6.5 fail to sanitize filenames in the archive extractor which allows authenticated users to write files to arbitrary locations on the filesystem via uploading archives with path traversal sequence...
PT-2025-26459 · Karel · Karel Ip1211 Ip Phone
Name of the Vulnerable Software and Affected Versions: Karel IP1211 IP Phone affected versions not specified Description: A path traversal issue exists in the web management panel, specifically affecting the "/cgi-bin/cgiServer.exx" endpoint. This endpoint fails to properly sanitize user input to...
Directory Traversal
Overview upsonic is a Task oriented AI agent framework for digital workers and vertical AI agents Affected versions of this package are vulnerable to Directory Traversal via the os.path.join function. An attacker can access or modify files outside the intended directory by manipulating the...