Automated Framework to Evaluate and Harden LLM System Instructions against Encoding Attacks

System Instructions in Large Language Models LLMs are commonly used to enforce safety policies, define agent behavior, and protect sensitive operational context in agentic AI applications. These instructions may contain sensitive information such as API credentials, internal policies, and...

Enhancing REST API Fuzzing with Access Policy Violation Checks and Injection Attacks

Due to their widespread use in industry, several techniques have been proposed in the literature to fuzz REST APIs. Existing fuzzers for REST APIs have been focusing on detecting crashes e.g., 500 HTTP server error status code. However, security vulnerabilities can have major drastic consequences...

VertiGIS FM 安全漏洞

VertiGIS FM is a facility and asset management platform from VertiGIS Corporation. Version 10.5.00119 of VertiGIS FM contains a security vulnerability. This vulnerability stems from the inclusion of local files during the upload/download process. It could allow authenticated attackers to read any...

Iperius Backup 安全漏洞

Iperius Backup is a backup tool developed by the Italian company Iperius Backup. Iperius Backup versions 8.7.2 and earlier contained a security vulnerability. This vulnerability stemmed from the use of a hardcoded encryption key in the IperiusAccounts.ini file, which could lead to local attacks...

stb 缓冲区错误漏洞

STB is a publicly available library for C/C++ developed by Sean Barrett. Versions of STB prior to 1.26 contained a buffer error vulnerability. This vulnerability stemmed from an out-of-bounds read in the stbtruetype.h library within the TTF File Handler component, which could lead to remote attac...

PT-2026-29236

OpenClaw before 2026.3.12 applies rate limiting only after successful webhook authentication, allowing attackers to bypass rate limits and brute-force webhook secrets. Attackers can submit repeated authentication requests with invalid secrets without triggering rate limit responses, enabling...

Unspecified Vulnerability in HCL Aftermarket DPC (CNVD-2026-15830)

HCL Aftermarket DPC is a digital spare parts and aftermarket management platform for HCL India. HCL Aftermarket DPC suffers from a security vulnerability that can be exploited by an attacker to obtain system software and version details to carry out software-specific attacks...

Unspecified Vulnerability in HCL Aftermarket DPC

HCL Aftermarket DPC is a digital spare parts and aftermarket management platform for HCL India. HCL Aftermarket DPC has a security vulnerability that can be exploited by an attacker to read sensitive files on the system and use them for further attacks...

Claude SDK for Python 安全漏洞

Claude SDK for Python is an open-source Python software development toolkit developed by Anthropic for calling the Claude API. Versions of Claude SDK for Python prior to 0.87.0 contained a security vulnerability. This vulnerability stemmed from the asynchronous local file system’s memory tools...

Mozilla Firefox and Mozilla Thunderbird Spoofing Vulnerability (CNVD-2026-16379)

Mozilla Firefox is an open source web browser.Mozilla Thunderbird is a set of e-mail client software separate from the Mozilla Application Suite. The software supports IMAP, POP mail protocols and HTML mail format. Mozilla Firefox and Mozilla Thunderbird have a spoofing vulnerability that can be...

FreeScout 安全漏洞

FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.211 contained security vulnerabilities, which were due to unvalidated host header operations, potentially leading to external...

5G Puppeteer: Chaining Hidden Command and Control Channels in 5G Core Networks

Mobile networks are essential for modern societies. The most recent generation of mobile networks will be even more ubiquitous than previous ones. Therefore, the security of these networks as part of the critical infrastructure with essential communication services is of the uttermost importance...

Tracking TeamPCP: Investigating Post-Compromise Attacks Seen in the Wild

How TeamPCP are leveraging stolen secrets from the recent supply chain attacks to compromise cloud environments...

Securing Elliptic Curve Cryptocurrencies against Quantum Vulnerabilities: Resource Estimates and Mitigations

This whitepaper seeks to elucidate implications that the capabilities of developing quantum architectures have on blockchain vulnerabilities and mitigation strategies. First, we provide new resource estimates for breaking the 256-bit Elliptic Curve Discrete Logarithm Problem, the core of modern...

GHSA-FXC9-7J2W-VX54 mpp has multiple payment bypass and griefing vulnerabilities

Impact Multiple vulnerabilities were discovered which allowed for undesirable behaviors, including: - Performing free tempo/charge requests - Replaying existing tempo/charge requests - Performing free tempo/session requests - Piggybacking off existing tempo/session channels - Griefing existing...

mpp has multiple payment bypass and griefing vulnerabilities

Impact Multiple vulnerabilities were discovered which allowed for undesirable behaviors, including: - Performing free tempo/charge requests - Replaying existing tempo/charge requests - Performing free tempo/session requests - Piggybacking off existing tempo/session channels - Griefing existing...

Secure Reinforcement Learning: On Model-Free Detection of Man in the Middle Attacks

We consider the problem of learning-based man-in-the-middle MITM attacks in cyber-physical systems CPS, and extend our previously proposed Bellman Deviation Detection BDD framework for model-free reinforcement learning RL. We refine the standard MDP attack model by allowing the reward function to...

A Systematic Taxonomy of Security Vulnerabilities in the OpenClaw AI Agent Framework

AI agent frameworks connecting large language model LLM reasoning to host execution surfaces--shell, filesystem, containers, and messaging--introduce security challenges structurally distinct from conventional software. We present a systematic taxonomy of 190 advisories filed against OpenClaw, an...

PT-2026-28750

Name of the Vulnerable Software and Affected Versions Belkin F9K1122 version 1.00.33 Description A security issue exists in Belkin F9K1122 1.00.33. The issue involves a stack-based buffer overflow in the formCrossBandSwitch function located in the /goform/formCrossBandSwitch file within the...

SUSE SLES15 / openSUSE 15 Security Update : kea (SUSE-SU-2026:1091-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1091-1 advisory. Update to release 2.6.3 bsc1243240: - CVE-2025-32801: Fixed loading a malicious hook library can lead to local...