Learn from Your Mistakes: Tree-Like Self-Play for Secure Code LLMs

While Large Language Models LLMs excel in code generation, they remain prone to replicating subtle yet critical vulnerabilities endemic to their training data. Current alignment techniques, such as Supervised Fine-Tuning SFT and Reinforcement Learning RL, typically apply coarse-grained optimizati...

An Empirical Evaluation of LLM-Generated Code Security across Prompting Methods

The growing use of Large Language Models LLMs for automated code generation has enhanced software development efficiency, but often at the cost of security. Generated code frequently overlooks critical concerns, leaving it vulnerable to issues such as weak encryption and improper input validation...

Position: AI Security Policy Should Target Systems, Not Models

We present swarm-attack, an open-source adversarial testing framework in which multiple lightweight LLM agents coordinate through shared memory, parallel exploration, and evolutionary optimization. Together, our results demonstrate that both safety bypass of frontier models and software...

On Fixing Insecure AI-Generated Code through Model Fine-Tuning and Prompting Strategies

The security of AI-generated code remains a major obstacle to its widespread adoption. Although code generation models achieve strong performance on functional benchmarks, their outputs frequently contain bugs and security weaknesses that undermine their trustworthiness. Prior work has explored a...

Open redirect vulnerability in multiple laser printers and MFPs which implement Ricoh Web Image Monitor

Overview Web Image Monitor provided by Ricoh Company, Ltd. is a web server that is included in and runs on laser printers and MFPs multifunction printers. Web Image Monitor contains the vulnerability listed below. Open redirect CWE-601 - CVE-2026-41226 Tony Kirkland of Sixgen Inc reported this...

poc

poc Collection of my PoC's for various vulnerabilities. L...

Towards Personalizing Secure Programming Education with LLM-Injected Vulnerabilities

According to constructivist theory, students learn software security more effectively when examples are grounded in their own code. Generic examples often fail to connect with students' prior work, limiting engagement and understanding. Advances in LLMs are now making it possible to automatically...

EUVD-2025-209459

An issue pertaining to CWE-843: Access of Resource Using Incompatible Type was discovered in transloadit uppy v0.25.6...

pantry

▄▄ ▄▄ ▄█▀▀█▄ █▄ █...

BayreuthWing

A transformer-based deep learning system for detecting securit...

EUVD-2026-19634

An issue that allowed all-organization administrators to promote accounts to superuser status has been resolved. This is an instance of CWE-269: Improper Privilege Management, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N 8.1 High. This issue was fixed in version...

Assertain: Automated Security Assertion Generation Using Large Language Models

The increasing complexity of modern system-on-chip designs amplifies hardware security risks and makes manual security property specification a major bottleneck in formal property verification. This paper presents Assertain, an automated framework that integrates RTL design analysis, Common...

EUVD-2026-14776

CWE-79 vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11...

CVE-2026-4755 CWE-20 in MolotovCherry Android-ImageMagick7

CWE-20 vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11...

A Survey of Web Application Security Tutorials

Developers rely on online tutorials to learn web application security, but tutorial quality varies. We reviewed 132 free security tutorials to examine topic coverage, authorship, and technical depth. Our analysis shows that most tutorials come from vendors and emphasize high-level explanations ov...

CVE-2025-70024

An issue pertaining to CWE-89: Improper Neutralization of Special Elements used in an SQL Command was discovered in benkeen generatedata 4.0.14...

EUVD-2026-10797

Cwe is not in rca categories in Microsoft Authenticator allows an unauthorized attacker to disclose information locally...

CVE-2025-70025

An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in benkeen generatedata 4.0.14...

MCP-In-SoS: Risk Assessment Framework for Open-Source MCP Servers

Model Context Protocol MCP servers have rapidly emerged over the past year as a widely adopted way to enable Large Language Model LLM agents to access dynamic, real-world tools. As MCP servers proliferate and become easy to adopt via open-source releases, understanding their security risks become...

PT-2026-24069

An issue pertaining to CWE-400: Uncontrolled Resource Consumption was discovered in Nexusoft NexusInterface v3.2.0-beta.2...