43 matches found
Securing Retrieval-Augmented Generation: A Taxonomy of Attacks, Defenses, and Future Directions
Retrieval-augmented generation RAG significantly enhances large language models LLMs but introduces novel security risks through external knowledge access. While existing studies cover various RAG vulnerabilities, they often conflate inherent LLM risks with those specifically introduced by RAG. I...
CVE-2026-0640
A weakness has been identified in Tenda AC23 16.03.07.52. This affects the function sscanf of the file /goform/PowerSaveSet. Executing a manipulation of the argument Time can lead to buffer overflow. The attack can be launched remotely. The exploit has been made available to the public and could ...
Exposing Vulnerabilities in RL: A Novel Stealthy Backdoor Attack through Reward Poisoning
Reinforcement learning RL has achieved remarkable success across diverse domains, enabling autonomous systems to learn and adapt to dynamic environments by optimizing a reward function. However, this reliance on reward signals creates a significant security vulnerability. In this paper, we study ...
EUVD-2025-35716
The TLS4B ATG system is vulnerable to improper handling of Unix time values that exceed the 2038 epoch rollover. When the system clock reaches January 19, 2038, it resets to December 13, 1901, causing authentication failures and disrupting core system functionalities such as login access, history...
Improper Authorization
Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Improper Authorization via the timed assignment feature. An attacker can gain unauthorized access to additional time for completing assessments by bypassing the intended time restriction. Remediatio...
EUVD-2020-23793
Malware in sbrugna...
EUVD-2021-33526
Malicious code in bioql PyPI...
CVE-2025-55068 Dover Fueling Solutions ProGauge MagLink LX4 Devices Integer Overflow or Wraparound
Dover Fueling Solutions ProGauge MagLink LX4 Devices fail to handle Unix time values beyond a certain point. An attacker can manually change the system time to exploit this limitation, potentially causing errors in authentication and leading to a denial-of-service condition...
CVE-2025-55068
CVE-2025-55068 affects Dover Fueling Solutions ProGauge MagLink LX4 Devices (and related MAGLINK LX products noted in connected sources). The vulnerability arises from the devicesβ handling of Unix time values beyond a certain point, allowing a network-available attacker to manually adjust the sy...
PT-2025-38481
Name of the Vulnerable Software and Affected Versions Dover Fueling Solutions ProGauge MagLink LX4 Devices affected versions not specified Description ProGauge MagLink LX4 devices are susceptible to a time-based issue where they fail to correctly handle Unix time values exceeding a specific point...
Linux Distros Unpatched Vulnerability : CVE-2021-46873
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WireGuard, such as WireGuard 0.5.3 on Windows, does not fully account for the possibility that an adversary might be able to set a victim's system time to a...
CVE-2025-53190
...
CVE-2025-53190
...
[SECURITY] Fedora 42 Update: gammaray-3.1.0-11.fc42
A tool to poke around in a Qt-application and also to manipulate the application to some extent. It uses various DLL injection techniques to hook into an application at run-time and provide access to a lot of interesting information. GammaRay can introspect Qt 6 and Qt 5 applications...
π ABB Cylon Aspect 3.08.03 Time Manipulation
ABB Cylon Aspect MIX's NTPServlet allows NTP config changes via the Host: 127.0.0.1 bypass, writing attacker-controlled hosts to NTPTickers and syncing the system clock. A malicious NTP server can manipulate time, enabling DoS or time-based attacks. Version 3.08.03 is affected. ABB Cylon Aspect...
CVE-2025-4441
A vulnerability was found in D-Link DIR-605L 2.13B01. It has been classified as critical. This affects the function formSetWANWizard534. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The vendor was contacted early about this...
CVE-2024-4167
A vulnerability was found in Tenda 4G300 1.01.42 and classified as critical. Affected by this issue is the function sub422AA4. The manipulation of the argument year/month/day/hour/minute/second leads to stack-based buffer overflow. The attack may be launched remotely. VDB-261986 is the identifier...
Time Manipulation attack on reliance on block.timestamp for time-sensitive operations.
Lines of code Vulnerability details Impact The block.timestamp allows a miner to call the mint function before the intended starting time mintingAllowedAfter which could lead to time manipulation. Contract name: ArcadeToken.sol Code link: Code line: function mintaddress to, uint256 amount externa...
SUSE CVE-2015-5300
The panicgate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds...
UBUNTU-CVE-2021-46873
WireGuard, such as WireGuard 0.5.3 on Windows, does not fully account for the possibility that an adversary might be able to set a victim's system time to a future value, e.g., because unauthenticated NTP is used. This can lead to an outcome in which one static private key becomes permanently...