UCD: Unlearning in LLMs Via Contrastive Decoding

Machine unlearning aims to remove specific information, e.g. sensitive or undesirable content, from large language models LLMs while preserving overall performance. We propose an inference-time unlearning algorithm that uses contrastive decoding, leveraging two auxiliary smaller models, one train...

Alphabet Index Mapping: Jailbreaking LLMs through Semantic Dissimilarity

Large Language Models LLMs have demonstrated remarkable capabilities, yet their susceptibility to adversarial attacks, particularly jailbreaking, poses significant safety and ethical concerns. While numerous jailbreak methods exist, many suffer from computational expense, high token usage, or...

A Locally Differential Private Coding-Assisted Succinct Histogram Protocol

A succinct histogram captures frequent items and their frequencies across clients and has become increasingly important for large-scale, privacy-sensitive machine learning applications. To develop a rigorous framework to guarantee privacy for the succinct histogram problem, local differential...

PT-2025-27419

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A remotely-triggerable crash can occur in the Linux kernel if a client sends a specially crafted packet to the kernel RPC server. This happens when decoding the RPC reply fails and...

Buffer Over-read

Overview Affected versions of this package are vulnerable to Buffer Over-read via improper output length handling in the GIF LZW decoding process. An attacker can access limited portions of uninitialized memory by providing a specially crafted GIF file that triggers the inclusion of arbitrary...

USN-7570-1 python3.13, python3.12, python3.11, python3.10, python3.9, python3.8, python3.7, python3.6 vulnerabilities

It was discovered that Python incorrectly handled certain unicode characters during decoding. An attacker could possibly use this issue to cause a denial of service. CVE-2025-4516 It was discovered that Python incorrectly handled unicode encoding of email headers with list separators in folded...

USN-7570-1: Python vulnerabilities

It was discovered that Python incorrectly handled certain unicode characters during decoding. An attacker could possibly use this issue to cause a denial of service. CVE-2025-4516 It was discovered that Python incorrectly handled unicode encoding of email headers with list separators in folded...

ALSA-2025:9118 Important: libvpx security update

The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. Security Fixes: libvpx: Double-free in libvpx encoder CVE-2025-5283 For more details about the security issues, including the impac...

Medium: libtasn1

Issue Overview: When an input DER data contains a large number of SEQUENCE OF or SET OF elements, decoding the data and searching a specific element in it take quadratic time to complete. This could be utilized for a remote DoS attack by presenting a crafted certificate to the network peer...

Medium: gnutls

Issue Overview: A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send...

BF-Max: an Efficient Bit Flipping Decoder with Predictable Decoding Failure Rate

The Bit-Flipping BF decoder, thanks to its very low computational complexity, is widely employed in post-quantum cryptographic schemes based on Moderate Density Parity Check codes in which, ultimately, decryption boils down to syndrome decoding. In such a setting, for security concerns, one must...

SUSE-SU-2025:00764-1 Security update for gnutls

This update for gnutls fixes the following issues: - CVE-2024-12243: quadratic complexity of DER input decoding in libtasn1 can lead to a DoS bsc1236974...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm, Inc. A security vulnerability exists in Qualcomm Chipsets, which stems from an improper header length when decoding RTP packets could lead to information disclosure...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that stems from a potential information disclosure when decoding network invalid header extension RTP packets...

Medium: libtasn1

Issue Overview: When an input DER data contains a large number of SEQUENCE OF or SET OF elements, decoding the data and searching a specific element in it take quadratic time to complete. This could be utilized for a remote DoS attack by presenting a crafted certificate to the network peer...

Safety Alignment Can Be Not Superficial with Explicit Safety Signals

Recent studies on the safety alignment of large language models LLMs have revealed that existing approaches often operate superficially, leaving models vulnerable to various adversarial attacks. Despite their significance, these studies generally fail to offer actionable solutions beyond data...

RHEL 9 : libtasn1 (RHSA-2025:8021)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:8021 advisory. A library that provides Abstract Syntax Notation One ASN.1, as specified by the X.680 ITU-T recommendation parsing and structures management, and...

RHEL 9 : gnutls (RHSA-2025:7076)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:7076 advisory. The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS...

The vulnerability of the VBI libzvbi library’s capture and decoding function is related to a numerical overflow in the _vbi_strndup_iconv() function. This allows an attacker to cause a service failure.

The vulnerability of the VBI libzvbi library’s capture and decoding functions is related to a numerical overflow in the vbistrndupiconv function. Exploiting this vulnerability could allow an attacker to cause a service failure remotely...

CVE-2024-32035

ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in image decoders. The vulnerability is triggered when ImageSharp attempts to process image files that are designed to exploit...