ONNX Untrusted Model Repository Warnings Suppressed by silent=True in onnx.hub.load() — Silent Supply-Chain Attack

What's the issue Passing silent=True to onnx.hub.load kills all trust warnings and user prompts. This means a model can be downloaded from any unverified GitHub repo with zero user awareness. python if not verifyreporefrepo and not silent: completely skipped when silent=True print"The model repo...

EUVD-2025-208733

HCL AION is affected by a vulnerability where internal filesystem paths may be exposed through application responses or system behaviour. Exposure of internal paths may reveal environment structure details which could potentially aid in further targeted attacks or information disclosure...

SAMSUNG Smart Switch 安全漏洞

SAMSUNG Smart Switch is a data migration tool developed by South Korea’s Samsung Corporation. Versions of SAMSUNG Smart Switch prior to 3.7.69.15 contained security vulnerabilities. These vulnerabilities were caused by replay attacks that allowed authentication bypasses, potentially allowing remo...

EulerOS 2.0 SP11 : python-pip (EulerOS-SA-2026-1590)

According to the versions of the python-pip packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP...

From Storage to Steering: Memory Control Flow Attacks on LLM Agents

Modern agentic systems allow Large Language Model LLM agents to tackle complex tasks through extensive tool usage, forming structured control flows of tool selection and execution. Existing security analyses often treat these control flows as ephemeral, one-off sessions, overlooking the persisten...

Why Most DDoS Protection Fails: Solving for Continuity and Resilience

Most organisations assume DDoS Distributed denial of service protection is a box they’ve already ticked. If traffic spikes or an attack starts, the thinking goes, their provider will absorb it and move on. But in the real world it can be a different story. Many incidents aren’t caused by the scal...

Exploit for Code Injection in Unicode

codescan Fast, configurable code security scanner written in...

Experimental Evaluation of Security Attacks on Self-Driving Car Platforms

Deep learning-based perception pipelines in autonomous ground vehicles are vulnerable to both adversarial manipulation and network-layer disruption. We present a systematic, on-hardware experimental evaluation of five attack classes: FGSM, PGD, man-in-the-middle MitM, denial-of-service DoS, and...

Quantum CDMA-Based Continuous Variable Quantum Key Distribution Using Chaotic Phase Shifters

We present a quantum code-division multiple-access q-CDMA framework for multiuser continuous-variable quantum key distribution CV-QKD over a shared quantum channel. The proposed architecture employs chaotic phase shifters to encode and decode quantum states, enabling efficient multiplexing and...

Windows File Explorer NTLM Forced Authentication Hash Disclosure 1.0

Windows File Explorer contains persistent forced authentication behavior that automatically transmits NTLM challenge-response hashes to remote SMB/WebDAV endpoints during routine file operations, enabling credential theft and potential domain compromise through NTLM relay attacks. This is not an...

Erlang/OTP 安全漏洞

Erlang/OTP is an open-source library written in JavaScript that handles exceptional situations. This library can catch exceptions caused by the built-in APIs of node.js. Versions 17.0 to 28.4.1, 27.3.4.9, and 26.2.5.18 of Erlang/OTP contain security vulnerabilities. These vulnerabilities stem fro...

Microsoft Windows 11 24H2 NTLM Relay Orchestrator Privilege Escalation

This Metasploit module checks the SMB Signing status on remote targets. If signing is not required, the target is vulnerable to NTLM Relay attacks. It serves as an automated pre-flight check for relay operations...

Systematic Scaling Analysis of Jailbreak Attacks in Large Language Models

Large language models remain vulnerable to jailbreak attacks, yet we still lack a systematic understanding of how jailbreak success scales with attacker effort across methods, model families, and harm types. We initiate a scaling-law framework for jailbreaks by treating each attack as a...

xygeni-action 安全漏洞

Oxyni-action is a GitHub code security scanning workflow plugin developed by Xygeni. Oxyni-action has a security vulnerability that stems from tag poisoning, which can lead to supply chain attacks, allowing attackers to execute arbitrary commands on the CI runner...

Enhancing Network Intrusion Detection Systems: A Multi-Layer Ensemble Approach to Mitigate Adversarial Attacks

Adversarial examples can represent a serious threat to machine learning ML algorithms. If used to manipulate the behaviour of ML-based Network Intrusion Detection Systems NIDS, they can jeopardize network security. In this work, we aim to mitigate such risks by increasing the robustness of NIDS...

Intel Processors 输入验证错误漏洞

Intel Processors are a series of processors developed by the American company Intel. Intel Processors have a vulnerability related to input validation, which stems from improper input validation and may lead to privilege escalation. System software attackers with privileged access can potentially...

EulerOS 2.0 SP13 : avahi (EulerOS-SA-2026-1229)

According to the versions of the avahi package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, an unprivileged...

ROS-20260310-73-0014

A vulnerability in the Split View component of Google Chrome browser is related to information presentation errors in the user interface. Exploitation of the vulnerability could allow a remote attacker to conduct spoofing attacks...

Microsoft Azure IoT Explorer 代码问题漏洞

Microsoft Azure IoT Explorer is a free and open-source desktop application developed by Microsoft Corporation. There are code-related vulnerabilities in Microsoft Azure IoT Explorer. Attackers exploit these vulnerabilities to carry out deceptive attacks...

Huawei EulerOS: Security Advisory for python-virtualenv (EulerOS-SA-2026-1260)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...