12 matches found
Swiss-Bench 003: Evaluating LLM Reliability and Adversarial Security for Swiss Regulatory Contexts
The deployment of large language models LLMs in Swiss financial and regulatory contexts demands empirical evidence of both production reliability and adversarial security, dimensions not jointly operationalized in existing Swiss-focused evaluation frameworks. This paper introduces Swiss-Bench 003...
A Multi-Agent Framework for Automated Exploit Generation with Constraint-Guided Comprehension and Reflection
Open-source libraries are widely used in modern software development, introducing significant security vulnerabilities. While static analysis tools can identify potential vulnerabilities at scale, they often generate overwhelming reports with high false positive rates. Automated Exploit Generatio...
EUVD-2025-19740
Malicious code in bioql PyPI...
CVE-2025-53358
kotaemon is an open-source RAG-based tool for document comprehension. From versions 0.10.6 and prior, in libs/ktem/ktem/index/file/ui.py, the indexfn method accepts both URLs and local file paths without validation. The pipeline streams these paths directly and stores them, enabling attackers to...
CVE-2025-53358 kotaemon Vulnerable to Path Traversal via Link Upload
kotaemon is an open-source RAG-based tool for document comprehension. From versions 0.10.6 and prior, in libs/ktem/ktem/index/file/ui.py, the indexfn method accepts both URLs and local file paths without validation. The pipeline streams these paths directly and stores them, enabling attackers to...
CVE-2025-53358 kotaemon Vulnerable to Path Traversal via Link Upload
kotaemon is an open-source RAG-based tool for document comprehension. From versions 0.10.6 and prior, in libs/ktem/ktem/index/file/ui.py, the indexfn method accepts both URLs and local file paths without validation. The pipeline streams these paths directly and stores them, enabling attackers to...
CVE-2025-53358
Summary (CVE-2025-53358) : Kotaemon, an open‑source RAG-based document tool, is affected in versions up to 0.10.6. The function index_fn in libs/ktem/ktem/index/file/ui.py accepts both URLs and local file paths without validation, causing the pipeline to stream and store these paths. This enables...
Language of Network: a Generative Pre-Trained Model for Encrypted Traffic Comprehension
The increasing demand for privacy protection and security considerations leads to a significant rise in the proportion of encrypted network traffic. Since traffic content becomes unrecognizable after encryption, accurate analysis is challenging, making it difficult to classify applications and...
Google's AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine
Google said it discovered a zero-day vulnerability in the SQLite open-source database engine using its large language model LLM assisted framework called Big Sleep formerly Project Naptime. The tech giant described the development as the "first real-world vulnerability" uncovered using the...
Google Introduces Project Naptime for AI-Powered Vulnerability Research
Google has developed a new framework called Project Naptime that it says enables a large language model LLM to carry out vulnerability research with an aim to improve automated discovery approaches. "The Naptime architecture is centered around the interaction between an AI agent and a target...
RLSA-2022:1860 Moderate: maven:3.6 security and enhancement update
Maven is a software project management and comprehension tool. Based on the concept of a project object model POM, Maven can manage a project's build, reporting and documentation from a central piece of information. Security Fixes: apache-httpclient: incorrect handling of malformed authority...
Google Trades Technicality for Brevity with New SSL Warning
Many users do not understand, let-alone listen to, browser-based SSL warnings. Google wants to change that and its newest browser warnings are based on years of interdisciplinary research about how human beings respond to warning signs. “Dissidents, drug dealers, and diplomats have one thing in...