17 matches found
MT-JailBench: A Modular Benchmark for Understanding Multi-Turn Jailbreak Attacks
Multi-turn jailbreaks exploit the ability of large language models to accumulate and act on conversational context. Instead of stating a harmful request directly, an attacker can gradually steer the conversation toward an unsafe answer. Recent methods demonstrate this risk, but they are usually...
Reference-Free EM Validation Flow for Detecting Triggered Hardware Trojans
Hardware Trojans HTs threaten the trust and reliability of integrated circuits ICs, particularly when triggered HTs remain dormant during standard testing and activate only under rare conditions. Existing electromagnetic EM side-channel-based detection techniques often rely on golden references o...
Behavioral Analytics for Continuous Insider Threat Detection in Zero-Trust Architectures
Insider threats are a particularly tricky cybersecurity issue, especially in zero-trust architectures ZTA where implicit trust is removed. Although the rule of thumb is never trust, always verify, attackers can still use legitimate credentials and impersonate the standard user activity. In...
Applying Graph Analysis for Unsupervised Fast Malware Fingerprinting
Malware proliferation is increasing at a tremendous rate, with hundreds of thousands of new samples identified daily. Manual investigation of such a vast amount of malware is an unrealistic, time-consuming, and overwhelming task. To cope with this volume, there is a clear need to develop...
EUVD-2024-52235
Malicious code in bioql PyPI...
Backdoor Attacks against Speech Language Models
Large Language Models LLMs and their multimodal extensions are becoming increasingly popular. One common approach to enable multimodality is to cascade domain-specific encoders with an LLM, making the resulting model inherit vulnerabilities from all of its components. In this work, we present the...
A Non-Monotonic Relationship: an Empirical Analysis of Hybrid Quantum Classifiers for Unseen Ransomware Detection
Detecting unseen ransomware is a critical cybersecurity challenge where classical machine learning often fails. While Quantum Machine Learning QML presents a potential alternative, its application is hindered by the dimensionality gap between classical data and quantum hardware. This paper...
Empowering Digital Agriculture: a Privacy-Preserving Framework for Data Sharing and Collaborative Research
Data-driven agriculture, which integrates technology and data into agricultural practices, has the potential to improve crop yield, disease resilience, and long-term soil health. However, privacy concerns, such as adverse pricing, discrimination, and resource manipulation, deter farmers from...
CVE-2022-39351
Dependency-Track is a Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Prior to version 4.6.0, performing an API request using a valid API key with insufficient permissions causes the API key to be written to Dependency-Track's audit...
GHSA-3WHM-J4XM-RV8X vulnerabilities
Vulnerabilities for packages: jaeger-operator-fips, mailpit, ctop, minio-fips, vault-k8s-fips, boring-registry-fips, kubernetes-dashboard-metrics-scraper, cert-exporter, mods, promxy, kubernetes-csi-external-provisioner-fips, nri-mysql, openbao, ko-fips, git-sync-fips, kiam, spark-operator,...
CVE-2024-54002 Dependency-Track allows enumeration of managed users via /api/v1/user/login endpoint
Dependency-Track is a Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Performing a login request against the /api/v1/user/login endpoint with a username that exist in the system takes significantly longer than performing the same...
Format string
@dependencytrack/frontend is a Single Page Application SPA used in Dependency-Track, an open source Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Due to the common practice of providing vulnerability details in markdown format, the...
CVE-2022-39351
CVE-2022-39351 affects Dependency-Track prior to v4.6.0, where an API request using a valid API key with insufficient permissions could cause the API key to be written in clear text to the audit log. This enables an attacker with audit log access to obtain valid keys. The issue is fixed in v4.6.0...
CVE-2022-39350 @dependencytrack/frontend vulnerable to Persistent Cross-Site-Scripting via Vulnerability Details
@dependencytrack/frontend is a Single Page Application SPA used in Dependency-Track, an open source Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Due to the common practice of providing vulnerability details in markdown format, the...
CVE-2022-39351 Dependency-Track vulnerable to logging of API keys in clear text when handling API requests using keys with insufficient permissions
Dependency-Track is a Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Prior to version 4.6.0, performing an API request using a valid API key with insufficient permissions causes the API key to be written to Dependency-Track's audit...
CVE-2022-39350
CVE-2022-39350 affects @dependencytrack/frontend (Dependency-Track frontend). The issue arises because vulnerability details rendered with Showdown were not encoded/sanitized before version 4.6.1, allowing arbitrary JavaScript in vulnerability fields (Description, Details, Recommendation, Referen...
frontend
!Build Statushttps://github.com/DependencyTrack/frontend/act...