CVE-2024-31360

Cross-Site Request Forgery CSRF vulnerability in Coded Commerce, LLC Benchmark Email Lite.This issue affects Benchmark Email Lite: from n/a through 4.1...

CVE-2024-31922

Cross-Site Request Forgery CSRF vulnerability in Anton Aleksandrov WordPress Hosting Benchmark tool.This issue affects WordPress Hosting Benchmark tool: from n/a through 1.3.6...

CVE-2023-32114

SAP NetWeaver Change and Transport System - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an authenticated user with admin privileges to maliciously run a benchmark program repeatedly in intent to slowdown or make the server unavailable which may lead to a limited impact ...

Are Vision-Language Models Safe in the Wild? A Meme-Based Benchmark Study

Rapid deployment of vision-language models VLMs magnifies safety risks, yet most evaluations rely on artificial images. This study asks: How safe are current VLMs when confronted with meme images that ordinary users share? To investigate this question, we introduce MemeSafetyBench, a...

Evaluating the Efficacy of LLM Safety Solutions : the Palit Benchmark Dataset

Large Language Models LLMs are increasingly integrated into critical systems in industries like healthcare and finance. Users can often submit queries to LLM-enabled chatbots, some of which can enrich responses with information retrieved from internal databases storing sensitive data. This gives...

Improving LLM Outputs against Jailbreak Attacks with Expert Model Integration

Using LLMs in a production environment presents security challenges that include vulnerabilities to jailbreaks and prompt injections, which can result in harmful outputs for humans or the enterprise. The challenge is amplified when working within a specific domain, as topics generally accepted fo...

Benchmarking LLMs in an Embodied Environment for Blue Team Threat Hunting

As cyber threats continue to grow in scale and sophistication, blue team defenders increasingly require advanced tools to proactively detect and mitigate risks. Large Language Models LLMs offer promising capabilities for enhancing threat analysis. However, their effectiveness in real-world blue...

WASP: Benchmarking Web Agent Security against Prompt Injection Attacks

Autonomous UI agents powered by AI have tremendous potential to boost human productivity by automating routine tasks such as filing taxes and paying bills. However, a major challenge in unlocking their full potential is security, which is exacerbated by the agent's ability to take action on their...

AutoRAN: Weak-To-Strong Jailbreaking of Large Reasoning Models

This paper presents AutoRAN, the first automated, weak-to-strong jailbreak attack framework targeting large reasoning models LRMs. At its core, AutoRAN leverages a weak, less-aligned reasoning model to simulate the target model's high-level reasoning structures, generates narrative prompts, and...

GenoArmory: a Unified Evaluation Framework for Adversarial Attacks on Genomic Foundation Models

We propose the first unified adversarial attack benchmark for Genomic Foundation Models GFMs, named GenoArmory. Unlike existing GFM benchmarks, GenoArmory offers the first comprehensive evaluation framework to systematically assess the vulnerability of GFMs to adversarial attacks. Methodologicall...

CVE-2025-37841

In the Linux kernel, the following vulnerability has been resolved: pm: cpupower: bench: Prevent NULL dereference on malloc failure If malloc returns NULL due to low memory, 'config' pointer can be NULL. Add a check to prevent NULL dereference...

Enable AIDE

Advanced intrusion detection environment AIDE is an intrusion detection tool that checks the integrity of system files and directories and identifies those maliciously tampered with. In principle, the integrity check can be performed only after an AIDE benchmark database is constructed, which...

Disable IP Forwarding

If a node does not function as a gateway server, disable the IP forwarding function. Otherwise, attackers can use the node as a router. In the container scenario, if network packets need to be forwarded through the host, IP forwarding is allowed. SPDX-FileCopyrightText: 2025 Greenbone AG Some tex...

Configure the dmesg Access Permission Properly

The permission to access dmesg information is restricted. Unprivileged users cannot view system information. This prevents any one from obtaining sensitive information and attacking the system. Only processes with the CAPSYSLOG capability are allowed to access kernel logs. In this way, the least...

Configure a Proper Number of Queues in the SYN_RECV State

The SYNRECV queue stores the TCP connection requests that have not been confirmed by the peer end. A larger value indicates more waiting network connections. If the value is too small, the system is vulnerable to TCP SYN flood attacks. As a result, normal connections are denied. If the value is t...

Do Not Use X11 Forwarding

The X11 forwarding function of SSH allows the GUI program of the remote host to be executed on the local host. If the X11 forwarding function is enabled, the attack surface is expanded and other users on the X11 server may attack the local host. If the function is not required in the service...

Configure a Proper Number of Concurrent Unauthenticated SSH Connections

Without knowing the password, an attacker can set up a large number of concurrent connections that have not been authenticated to consume system resources. The number of concurrent unauthenticated SSH connections is not configured in openEuler by default. You are advised to configure the upper...

Do Not Enable the DHCP Service

The Dynamic Host Configuration Protocol DHCP service provides dynamic allocation of IP addresses to machines. Unless a system is the designated DHCP server, you are advised to disable its DHCP service to reduce the attack surface. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions...

Disable SysRq

SysRq enables users with physical access to access dangerous system-level commands in a computer. Therefore, it is advised to restrict the usage of the SysRq function. If SysRq is not disabled, you can use the keyboard to trigger SysRq. As a result, commands may be directly sent to the kernel,...

Ensure Kernel SMEP is Enabled

Supervisor Mode Execution Prevention SMEP can be enabled to prevent the user-space code execution on the kernel. If SMEP is not enabled, attackers can execute the user-space code through kernel-mode code redirection, which increases the attack surface and reduces system security. SMEP is enabled ...