Steering the CensorShip: Uncovering Representation Vectors for LLM "Thought" Control

Large language models LLMs have transformed the way we access information. These models are often tuned to refuse to comply with requests that are considered harmful and to produce responses that better align with the preferences of those who control the models. To understand how this "censorship...

CVE-2025-41395 Webapp DoS via malicious retrospective post in Playbooks

Mattermost versions 10.4.x = 10.4.2, 10.5.x = 10.5.0, 9.11.x = 9.11.10 fail to properly validate the props used by the RetrospectivePost custom post type in the Playbooks plugin, which allows an attacker to create a specially crafted post with maliciously crafted props and cause a denial of servi...

AZL-60933 CVE-2024-58251 affecting package busybox 1.36.1-22

In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv0 containing an ANSI terminal escape sequence, leading to a denial of service terminal locked up when netstat is used by a victim...

PT-2025-18684 · Unknown +1 · Llama Factory +1

Name of the Vulnerable Software and Affected Versions: LLaMA-Factory version prior to 1.0.0 Description: LLaMA Factory enables fine-tuning of large language models. A critical issue exists in the llamafy baichuan2.py script, which performs insecure deserialization using torch.load on user-supplie...

Fedora: Security Advisory (FEDORA-2025-9bef972bb9)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 41 Update: rust-zerovec-0.10.4-4.fc41

Zero-copy vector backed by a byte array...

CVE-2025-3840 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

An improper neutralization of input vulnerability was identified in the End of Life EOL OVA based connect installer component which is deployed for installation purposes in a customer network. This EOL component was deprecated in September 2023 with end of support extended till January 2024. An...

Scalable APT Malware Classification Via Parallel Feature Extraction and GPU-Accelerated Learning

This paper presents an underlying framework for both automating and accelerating malware classification, more specifically, mapping malicious executables to known Advanced Persistent Threat APT groups. The main feature of this analysis is the assembly-level instructions present in executables whi...

openSUSE Security Advisory (openSUSE-SU-2025:0129-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2025:1332-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Exploit for CVE-2025-32682

🐚 CVE-2025-32682 - Arbitrary File Upload in MapSVG Lite --...

CVE-2025-3056 Download Manager <= 3.3.12 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.3.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and...

Algorithms for the Shortest Vector Problem in $2$-Dimensional Lattices, Revisited

Whitepaper called Algorithms For The Shortest Vector Problem In $2$-Dimensional Lattices, Revisited...

OpCode-Based Malware Classification Using Machine Learning and Deep Learning Techniques

This technical report presents a comprehensive analysis of malware classification using OpCode sequences. Two distinct approaches are evaluated: traditional machine learning using n-gram analysis with Support Vector Machine SVM, K-Nearest Neighbors KNN, and Decision Tree classifiers; and a deep...

AZL-60492 CVE-2025-22872 affecting package ig for versions less than 0.37.0-4

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...

CVE-2025-26153

A Stored XSS vulnerability exists in the message compose feature of Chamilo LMS 1.11.28. Attackers can inject malicious scripts into messages, which execute when victims, such as administrators, reply to the message...

Oracle OpenJDK 8.x - 24.x Multiple Vulnerabilities (Apr 2025)

Oracle OpenJDK is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:oracle:openjdk"; ifdescripti...

Measuring Computational Universality of Fully Homomorphic Encryption

Many real-world applications, such as machine learning and graph analytics, involve combinations of linear and non-linear operations. As these applications increasingly handle sensitive data, there is a significant demand for privacy-preserving computation techniques capable of efficiently...

PT-2025-29262 · Unknown · Software Smi Handler

Name of the Vulnerable Software and Affected Versions: Software SMI Handler affected versions not specified Description: A vulnerability in the Software SMI handler SwSmiInputValue 0x20 allows a local attacker to supply a crafted pointer FuncBlock through RBX and RCX register values. This pointer...

Cross-site Scripting (XSS)

Overview krayin/laravel-crm is a hand tailored CRM framework built on some of the hottest opensource technologies such as Laravel a PHP framework and Vue.js a progressive Javascript framework. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the storeMedia function...