CVE-2025-38688

CVE-2025-38688: In the Linux kernel’s iommufd code, ALIGN() overflow could occur while allocating IOVA ranges near ULONG_MAX, risking overlapping mappings or mapping against reserved ranges. The fix uses get_add_overflow() to guard ALIGN() and consolidates the checks under a single helper. Public...

LoongArch: Set hugetlb mmap base address aligned with pmd size

...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an overflow that could result from the ALIGN operation in IOMMUFD...

Between a Rock and a Hard Place: Exploiting Ethical Reasoning to Jailbreak LLMs

Large language models LLMs have undergone safety alignment efforts to mitigate harmful outputs. However, as LLMs become more sophisticated in reasoning, their intelligence may introduce new security risks. While traditional jailbreak attacks relied on singlestep attacks, multi-turn jailbreak...

Breaking to Build: a Threat Model of Prompt-Based Attacks for Securing LLMs

The proliferation of Large Language Models LLMs has introduced critical security challenges, where adversarial actors can manipulate input prompts to cause significant harm and circumvent safety alignments. These prompt-based attacks exploit vulnerabilities in a model's design, training, and...

@ckeditor/ckeditor5-adapter-ckfinder (>=46.0.0 <=46.0.2-alpha.1), @ckeditor/ckeditor5-ai (>=46.0.0 <=46.0.2-alpha.1) +89 more potentially affected by CVE-2025-58064 via @ckeditor/ckeditor5-clipboard (>=46.0.0 <=46.0.2)

@ckeditor/ckeditor5-clipboard NPM version =46.0.0, =46.0.0, =46.0.0, =46.0.0, =46.0.0, =46.0.0, =46.0.0, =46.0.0, =46.0.0, =46.0.0, =46.0.0, =46.0.0, =46.0.0, =46.0.0, =46.0.0, =46.0.0, =46.0.2-alpha.1 and more Source cves: CVE-2025-58064 Source advisory: SNYK:JS-CKEDITORCKEDITOR5CLIPBOARD-124851...

Linux Distros Unpatched Vulnerability : CVE-2022-0335

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The delete badge alignment functionality...

Linux Distros Unpatched Vulnerability : CVE-2021-28707

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PoD operations on misaligned GFNs This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE...

SUSE SLES15 / openSUSE 15 Security Update : tomcat10 (SUSE-SU-2025:03006-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:03006-1 advisory. Updated to Tomcat 10.1.44: - CVE-2025-48989: Fixed 'MadeYouReset' DoS in HTTP/2 due to client triggered stream reset bsc12438...

Stop LLM Attacks: How Security Helps AI Apps Achieve Their ROI

AI security is a business problem. Protect your LLM application investment and ROI by connecting your security team with business stakeholders...

Quantum-safe security: Progress towards next-generation cryptography

Quantum computing promises transformative advancements, yet it also poses a very real risk to today’s cryptographic security. In the future scalable quantum computing could break public-key cryptography methods currently in use and undermine digital signatures, resulting in compromised...

CVE-2025-38556

The Connected documents confirm CVE-2025-38556 affects the Linux kernel HID core, where the s32ton() conversion could crash when invoked with 0 bits. The fix HardenS32ton() so that it returns a reasonable result instead of faulting on 0-bit input, aligning behavior with snto32(). This CVE entry i...

Enhancing Targeted Adversarial Attacks on Large Vision-Language Models through Intermediate Projector Guidance

Targeted adversarial attacks are essential for proactively identifying security flaws in Vision-Language Models before real-world deployment. However, current methods perturb images to maximize global similarity with the target text or reference image at the encoder level, collapsing rich visual...

Zero Trust + AI: Privacy in the Age of Agentic AI

We used to think of privacy as a perimeter problem: about walls and locks, permissions, and policies. But in a world where artificial agents are becoming autonomous actors — interacting with data, systems, and humans without constant oversight — privacy is no longer about control. It's about trus...

Linux Distros Unpatched Vulnerability : CVE-2025-22049

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: LoongArch: Increase ARCHDMAMINALIGN up to 16 ARCHDMAMINALIGN is 1 by default, but some...

Linux Distros Unpatched Vulnerability : CVE-2022-50075

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: tracing/eprobes: Have event probes be consistent with kprobes and uprobes Currently, if a...

Amazon Nova AI Challenge -- Trusted AI: Advancing Secure, AI-Assisted Software Development

AI systems for software development are rapidly gaining prominence, yet significant challenges remain in ensuring their safety. To address this, Amazon launched the Trusted AI track of the Amazon Nova AI Challenge, a global competition among 10 university teams to drive advances in secure AI. In...

CLSA-2025-1755003990 libvpx: Fix of CVE-2024-5197

CVE-2024-5197: fix integer overflows in image allocation and wrapping logic, validate dimensions and alignment to prevent invalid buffer calculations...

Linux Distros Unpatched Vulnerability : CVE-2022-50182

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: media: imx-jpeg: Align upwards buffer size The hardware can support any image size WxH, with...

Linux Distros Unpatched Vulnerability : CVE-2025-21851

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: bpf: Fix softlockup in arenamapfree on 64k page kernel On an aarch64 kernel with...