EUVD-2022-29941

Malicious code in bioql PyPI...

text-generation-inference: Unbounded external image fetch in validation leads to resource-exhaustion DoS

Description Text Generation Inference Router DoS via pre-validation image fetch in VLM mode. Affected: Router workspace version 3.3.6 the latest repo, when deployed with a vision/VLM model e.g., Idefics/Mllama/Idefics2/Idefics3/Gemma3/Llama4/Paligemma/LlavaNext/Qwen2VL/Qwen25VL. Pure text LLMs do...

BERTector: Intrusion Detection Based on Joint-Dataset Learning

Intrusion detection systems IDS are facing challenges in generalization and robustness due to the heterogeneity of network traffic and the diversity of attack patterns. To address this issue, we propose a new joint-dataset training paradigm for IDS and propose a scalable BERTector framework based...

DEBIAN-CVE-2025-52566

llama.cpp is an inference of several LLM models in C/C++. Prior to version b5721, there is a signed vs. unsigned integer overflow in llama.cpp's tokenizer implementation llamavocab::tokenize src/llama-vocab.cpp:3036 resulting in unintended behavior in tokens copying size comparison. Allowing...

Out-of-Bounds

Overview Affected versions of this package are vulnerable to Out-of-Bounds via the tokenize function in the file llama-vocab.cpp. An attacker can achieve arbitrary code execution or cause a denial of service by providing specially crafted text input that triggers a heap overflow during the...

CVE-2025-52566

CVE-2025-52566 affects llama.cpp (tokenizer in llama_vocab::tokenize). Prior to version b5721, a signed vs. unsigned integer overflow enables heap-overflow during tokenization, causing unintended behavior in token copying. This could enable heap-related issues during inference with crafted input....

Medium: amazon-cloudwatch-agent

Issue Overview: The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result i...

PT-2025-26690 · Llama.Cpp · Llama.Cpp

Name of the Vulnerable Software and Affected Versions: llama.cpp version prior to b5721 Description: The issue is related to a signed vs. unsigned integer overflow in the llama vocab::tokenize function of llama.cpp's tokenizer implementation, resulting in unintended behavior during token copying...

Medium: amazon-cloudwatch-agent

Issue Overview: The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result i...

New TokenBreak Attack Bypasses AI Moderation with Single-Character Text Changes

Cybersecurity researchers have discovered a novel attack technique called TokenBreak that can be used to bypass a large language model's LLM safety and content moderation guardrails with just a single character change. "The TokenBreak attack targets a text classification model's tokenization...

Joint-GCG: Unified Gradient-Based Poisoning Attacks on Retrieval-Augmented Generation Systems

Retrieval-Augmented Generation RAG systems enhance Large Language Models LLMs by retrieving relevant documents from external corpora before generating responses. This approach significantly expands LLM capabilities by leveraging vast, up-to-date external knowledge. However, this reliance on...

Language of Network: a Generative Pre-Trained Model for Encrypted Traffic Comprehension

The increasing demand for privacy protection and security considerations leads to a significant rise in the proportion of encrypted network traffic. Since traffic content becomes unrecognizable after encryption, accurate analysis is challenging, making it difficult to classify applications and...

CVE-2021-43854

NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Versions prior to 3.6.5 are vulnerable to regular expression denial of service ReDoS attacks. The vulnerability is present in...

PT-2025-18141 · Hugging Face · Huggingface/Transformers

Name of the Vulnerable Software and Affected Versions: huggingface/transformers library version v4.48.1 Description: A Regular Expression Denial of Service ReDoS vulnerability was identified in the huggingface/transformers library, specifically in the file tokenization gpt neox japanese.py of the...

Detecting Zero-Day Web Attacks with an Ensemble of LSTM, GRU, and Stacked Autoencoders

The rapid growth in web-based services has significantly increased security risks related to user information, as web-based attacks become increasingly sophisticated and prevalent. Traditional security methods frequently struggle to detect previously unknown zero-day web attacks, putting sensitiv...

AZL-60485 CVE-2025-22872 affecting package telegraf for versions less than 1.31.0-10

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...

CVE-2024-12720

A Regular Expression Denial of Service ReDoS vulnerability was identified in the huggingface/transformers library, specifically in the file tokenizationnougatfast.py. The vulnerability occurs in the postprocesssingle function, where a regular expression processes specially crafted input. The issu...

CVE-2024-12720

A Regular Expression Denial of Service ReDoS vulnerability was identified in the huggingface/transformers library, specifically in the file tokenizationnougatfast.py. The vulnerability occurs in the postprocesssingle function, where a regular expression processes specially crafted input. The issu...

CVE-2024-12720 Regular Expression Denial of Service (ReDoS) in huggingface/transformers

A Regular Expression Denial of Service ReDoS vulnerability was identified in the huggingface/transformers library, specifically in the file tokenizationnougatfast.py. The vulnerability occurs in the postprocesssingle function, where a regular expression processes specially crafted input. The issu...

Malicious code in climate-tokenization-engine-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c6c54fe1dfe0ee0595094f7b5480bc0761286fb1ad1460e48b4eb6be7e274f52 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...