Tab-MIA: a Benchmark Dataset for Membership Inference Attacks on Tabular Data in LLMs

Large language models LLMs are increasingly trained on tabular data, which, unlike unstructured text, often contains personally identifiable information PII in a highly structured and explicit format. As a result, privacy risks arise, since sensitive records can be inadvertently retained by the...

Security update for postgresql17

This update for postgresql17 fixes the following issues: Upgrade to 17.5: CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation bsc1242931 Changelog: https://www.postgresql.org/docs/release/17.5/ Patch Instructions: To...

SUSE-SU-2025:01783-2 Security update for postgresql17

This update for postgresql17 fixes the following issues: Upgrade to 17.5: - CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation bsc1242931 Changelog: https://www.postgresql.org/docs/release/17.5/...

gitk: Git file creation flaw

A vulnerability has been identified in the gitk application that could lead to unauthorized file modification or data loss. This flaw manifests in two primary scenarios: - Untrusted Repository Cloning: When a user is tricked into cloning an untrusted Git repository and then uses gitk to visualize...

Time Entangled Quantum Blockchain with Phase Encoding for Classical Data

With rapid advancements in quantum computing, it is widely believed that there will be quantum hardware capable of compromising classical cryptography and hence, the internet and the current information security infrastructure in the coming decade. This is mainly due to the operational realizatio...

USN-7647-1: LedgerSMB vulnerabilities

It was discovered that LedgerSMB did not check the origin of HTML fragments. An attacker could possibly use this issue to send a maliciously crafted URL to the server and obtain sensitive information, or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubun...

USN-7647-1 ledgersmb vulnerabilities

It was discovered that LedgerSMB did not check the origin of HTML fragments. An attacker could possibly use this issue to send a maliciously crafted URL to the server and obtain sensitive information, or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubun...

CVE-2025-4302

The Stop User Enumeration WordPress plugin before version 1.7.3 blocks REST API /wp-json/wp/v2/users/ requests for non-authorized users. However, this can be bypassed by URL-encoding the API path...

IDFace: Face Template Protection for Efficient and Secure Identification

As face recognition systems FRS become more widely used, user privacy becomes more important. A key privacy issue in FRS is protecting the user's face template, as the characteristics of the user's face image can be recovered from the template. Although recent advances in cryptographic tools such...

WordPress plugin Stop User Enumeration 安全漏洞

WordPress Stop User Enumeration plugin is a security plugin for WordPress, mainly used to detect and prevent hackers from scanning website usernames user enumeration attack to get the login name, which is the pre-detection behavior of brute force password cracking attack. A security vulnerability...

Secure and Efficient UAV-Based Face Detection Via Homomorphic Encryption and Edge Computing

This paper aims to propose a novel machine learning ML approach incorporating Homomorphic Encryption HE to address privacy limitations in Unmanned Aerial Vehicles UAV-based face detection. Due to challenges related to distance, altitude, and face orientation, high-resolution imagery and...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the GetFile function in the filecontroller.go. An attacker can access arbitrary files on the server by manipulating the fileName argument. Details A Directory Traversal attack also known as path traversal aims to...

OESA-2025-1771 ffmpeg security update

FFmpeg is a complete and free Internet live audio and video broadcasting solution for Linux/Unix. It also includes a digital VCR. It can encode in real time in many formats including MPEG1 audio and video, MPEG4, h263, ac3, asf, avi, real, mjpeg, and flash. Security Fixes: A heap-use-after-free i...

PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation

...

HTTP Request Smuggling

Overview Affected versions of this package are vulnerable to HTTP Request Smuggling through the processing of chunked encoded requests in parseheader function. An attacker can manipulate request boundaries by injecting conflicting Content-Length or Transfer-Encoding headers via trailers which can...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Transfer-Encoding: chunked process. An attacker can exhaust server memory resources by sending specially crafted HTTP requests with chunked transfer encoding or without a...

DEBIAN-CVE-2025-53629

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.23.0, incoming requests using Transfer-Encoding: chunked in the header can allocate memory arbitrarily in the server, potentially leading to its exhaustion. This vulnerability is fixed in 0.23.0. NOTE: Th...

CVE-2025-53629 cpp-httplib Unbounded Memory Allocation in Chunked/No-Length Requests Vulnerability

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.23.0, incoming requests using Transfer-Encoding: chunked in the header can allocate memory arbitrarily in the server, potentially leading to its exhaustion. This vulnerability is fixed in 0.23.0. NOTE: Th...

CVE-2025-53629

CVE-2025-53629 affects cpp-httplib (C++11 single-file header-only HTTP/HTTPS library). Prior to version 0.23.0, handling of incoming requests with Transfer-Encoding: chunked could allocate memory arbitrarily on the server, risking memory exhaustion. The vulnerability is fixed in 0.23.0. Related C...

CVE-2025-53629

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.23.0, incoming requests using Transfer-Encoding: chunked in the header can allocate memory arbitrarily in the server, potentially leading to its exhaustion. This vulnerability is fixed in 0.23.0. NOTE: Th...