CyBOKClaw: Human-In-The-Loop CyBOK Mapping for Cybersecurity Curriculum

This paper presents CyBOKClaw, an interpretable human-in-the-loop retrieval framework for mapping cybersecurity keywords or phrases KWoPs to the Cyber Security Body of Knowledge CyBOK. Rather than treating the task as strict exact classification, the framework is designed as a top-k candidate...

Modernizing User Privacy Preference Measurement through GPPI: A GDPR-Aligned Privacy Preference Item Bank

Privacy measurement instruments e.g., CFIP, IUIPC, PAQ predate GDPR by over a decade and measure privacy concerns, distinct from preferences for regulatory protections e.g., data portability, erasure, automated decision-making rights. This leaves practitioners without tools to assess whether user...

CVE-2026-6332

CVE-2026-6332 describes a plaintext storage of sensitive information vulnerability in Schneider Electric’s EcoStruxure Machine Expert HVAC platform. The issue centers on how sensitive data (potentially including protected source code) is stored, which could lead to confidentiality loss if an auth...

CVE-2026-6332 Clear Text Storage of Sensitive Information on EcoStruxure™ Machine Expert HVAC

CWE-312: Cleartext Storage of Sensitive Information vulnerability exists that could cause the disclosure of a sensitive information which could result in revealing protected source code and loss of confidentiality, When an authorized attacker accesses the source code for editing or compiling it...

CVE-2026-6332 Clear Text Storage of Sensitive Information on EcoStruxure™ Machine Expert HVAC

CWE-312: Cleartext Storage of Sensitive Information vulnerability exists that could cause the disclosure of a sensitive information which could result in revealing protected source code and loss of confidentiality, When an authorized attacker accesses the source code for editing or compiling it...

Schneider Electric Ecostruxure Machine Expert HVAC 安全漏洞

Schneider Electric Ecostruxure Machine Expert HVAC is a software platform developed by Schneider Electric, a French company, dedicated to the control and automation of heating, ventilation, and air conditioning equipment. Schneider Electric Ecostruxure Machine Expert HVAC has a security...

Can I Check What I Designed? Mapping Security Design DSLs to Code Analyzers

When assessing the potential impact of code-level vulnerabilities, e.g., discovered by automated analyzers, it is essential to consider them in the context of the system's security design. However, this is a challenging task due to the abstraction gap between security design, often specified usin...

Root-Cause-Driven Automated Vulnerability Repair

Recent LLM-based systems have made automated vulnerability repair increasingly practical, but two challenges remain. First, without strong signals about where a bug originates, repair agents drift toward shallow edits that silence the observed failure while leaving the underlying defect unresolve...

VulKey: Automated Vulnerability Repair Guided by Domain-Specific Repair Patterns

The increasing prevalence of software vulnerabilities highlights the need for effective Automatic Vulnerability Repair AVR tools. While LLM-based approaches are promising, they struggle to incorporate structured security knowledge from sources like CWE and NVD. Current methods either use this...

From Incomplete Architecture to Quantified Risk: Multimodal LLM-Driven Security Assessment for Cyber-Physical Systems

Cyber-physical systems often contend with incomplete architectural documentation or outdated information resulting from legacy technologies, knowledge management gaps, and the complexity of integrating diverse subsystems over extended operational lifecycles. This architectural incompleteness...

CVE-2019-25676

Ask Expert Script 3.0.5 contains cross-site scripting and SQL injection vulnerabilities that allow unauthenticated attackers to inject malicious code by manipulating URL parameters. Attackers can inject script tags through the cateid parameter in categorysearch.php or SQL code through the view...

CVE-2019-25676

Ask Expert Script 3.0.5 contains cross-site scripting and SQL injection vulnerabilities that allow unauthenticated attackers to inject malicious code by manipulating URL parameters. Attackers can inject script tags through the cateid parameter in categorysearch.php or SQL code through the view...

Ask Expert Script 跨站脚本漏洞

Ask Expert Script is an online Q&A system script for the PHP Scripts Mall community. Version 3.0.5 of the Ask Expert Script contains a cross-site scripting vulnerability. This vulnerability stems from cross-site scripting and SQL injection vulnerabilities, which may allow unverified attackers to...

CVE-2025-13901

CWE-404 Improper Resource Shutdown or Release vulnerability exists that could cause partial Denial of Service on Machine Expert protocol when an unauthenticated attacker sends malicious payload to occupy active communication channels...

Cybersecurity Guidance for Smart Homes: A Cross-National Review of Government Sources

Smart homes are increasingly targeted by cyberattacks, yet residents often lack guidance when incidents occur. Since affected residents are likely to seek help from trustworthy sources, this paper asks: What actionable cybersecurity guidance do governments provide to smart home users whose system...

Linux Distros Unpatched Vulnerability : CVE-2026-3856

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - IBM Db2 Recovery Expert for Linux, UNIX and Windows 5.5 IF 2 could allow an attacker to modify or corrupt data due to an insecure mechanism used for verifying t...

EUVD-2026-12657

IBM Db2 Recovery Expert for Linux, UNIX and Windows 5.5 IF 2 could allow an attacker to modify or corrupt data due to an insecure mechanism used for verifying the integrity of the data during transmission...

UBUNTU-CVE-2026-3856

IBM Db2 Recovery Expert for Linux, UNIX and Windows 5.5 IF 2 could all...

CVE-2026-3856

IBM Db2 Recovery Expert for Linux, UNIX and Windows 5.5 IF 2 could allow an attacker to modify or corrupt data due to an insecure mechanism used for verifying the integrity of the data during transmission...

CVE-2026-3856 IBM Db2 Recovery Expert Missing Integrity Check

IBM Db2 Recovery Expert for Linux, UNIX and Windows 5.5 IF 2 could allow an attacker to modify or corrupt data due to an insecure mechanism used for verifying the integrity of the data during transmission...