Astra Linux – Vulnerability in GIMP

GIMP XWD File Parsing: Integer Overflow and Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability, as the target must visit a malicious page or open a...

ALSA-2025:9119 Important: libvpx security update

The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. Security Fixes: libvpx: Double-free in libvpx encoder CVE-2025-5283 For more details about the security issues, including the impac...

📄 AirKeyboard iOS App 1.0.5 Remote Input Injection

The AirKeyboard iOS application version 1.0.5 exposes a WebSocket server on port 8888 which accepts arbitrary input injection messages from any client. No authentication or pairing process is required. This allows any attacker to type arbitrary keystrokes directly into the victim’s iOS device in...

Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2023-52888: media: mediatek: vcodec: Only free buffer VA that is not NULL bsc1228557. CVE-2024-46713: kabi fix for perf/aux: Fix AUX buffer serializatio...

Monitoring Decomposition Attacks in LLMs with Lightweight Sequential Monitors

Current LLM safety defenses fail under decomposition attacks, where a malicious goal is decomposed into benign subtasks that circumvent refusals. The challenge lies in the existing shallow safety alignment techniques: they only detect harm in the immediate prompt and do not reason about long-rang...

Bhatt Conjectures: on Necessary-But-Not-Sufficient Benchmark Tautology for Human like Reasoning

The Bhatt Conjectures framework introduces rigorous, hierarchical benchmarks for evaluating AI reasoning and understanding, moving beyond pattern matching to assess representation invariance, robustness, and metacognitive self-awareness. The agentreasoning-sdk demonstrates practical implementatio...

Disclosure Audits for LLM Agents

Large Language Model agents have begun to appear as personal assistants, customer service bots, and clinical aides. While these applications deliver substantial operational benefits, they also require continuous access to sensitive data, which increases the likelihood of unauthorized disclosures...

ChineseHarm-Bench: a Chinese Harmful Content Detection Benchmark

Large language models LLMs have been increasingly applied to automated harmful content detection tasks, assisting moderators in identifying policy violations and improving the overall efficiency and accuracy of content review. However, existing resources for harmful content detection are...

[SECURITY] Fedora 42 Update: qt6-qtlottie-6.9.1-1.fc42

Qt Lottie Animation provides a QML API for rendering graphics and animations that are exported in JSON format by the Bodymovin plugin for Adobe After Effects...

[SECURITY] Fedora 42 Update: qt6-qtimageformats-6.9.1-1.fc42

The core Qt Gui library by default supports reading and writing image files of the most common file formats: PNG, JPEG, BMP, GIF and a few more, ref. Reading and Writing Image Files. The Qt Image Formats add-on module provides optional support for other image file formats, including: MNG, TGA,...

[SECURITY] Fedora 42 Update: qt6-doc-6.9.1-1.fc42

Documentation for Qt6 API in QCH format Qt6 - Complete documentation...

[SECURITY] Fedora 42 Update: LabPlot-2.12.0-3.fc42

LabPlot is a FREE, open source and cross-platform Data Visualization and Analysis software accessible to everyone. - High-quality Data Visualization and Plotting with just a few clicks - Reliable and easy Data Analysis and Statistics, no coding required! - Intuitive and fast Computing with...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read due to improper namespace processing of sch:name elements in xmlSchematronFormatReport function. An attacker can cause a denial of service or potentially execute arbitrary code by providing specially crafted XML input...

Llms.txt File Detected

This is an informational plugin to inform the user that the scanner has detected a publicly accessible 'llms.txt' file on the target application. The 'llms.txt' file is a proposal designed to provide LLM-friendly content written in markdown for LLMs usage. This detection is included in the AI and...

Generate-Then-Verify: Reconstructing Data from Limited Published Statistics

Whitepaper called Generate-Then-Verify: Reconstructing Data From Limited Published Statistics...

What Is the Cost of Differential Privacy for Deep Learning-Based Trajectory Generation?

While location trajectories offer valuable insights, they also reveal sensitive personal information. Differential Privacy DP offers formal protection, but achieving a favourable utility-privacy trade-off remains challenging. Recent works explore deep learning-based generative models to produce...

Medium: libnpp-12-9

Issue Overview: NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a failure to check the length of a buffer could allow a user to cause the tool to crash or execute arbitrary code by passing in a malformed ELF file. A successful exploit of this...

Medium: libcurand-12-9

Issue Overview: NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a failure to check the length of a buffer could allow a user to cause the tool to crash or execute arbitrary code by passing in a malformed ELF file. A successful exploit of this...

Medium: cuda-sandbox-devel-12-9

Issue Overview: NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a failure to check the length of a buffer could allow a user to cause the tool to crash or execute arbitrary code by passing in a malformed ELF file. A successful exploit of this...

Medium: cuda-profiler-api-12-9

Issue Overview: NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a failure to check the length of a buffer could allow a user to cause the tool to crash or execute arbitrary code by passing in a malformed ELF file. A successful exploit of this...