JLSEC-2026-537

A flaw was found in OpenJPEG’s encoder in the opjdwtcalcexplicitstepsizes function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to system availability...

Disentangling Adversarial Prompts: A Semantic-Graph Defense for Robust LLM Security

Large Language Models LLMs are increasingly vulnerable to adversarial prompts that exploit semantic ambiguities to bypass safety mechanisms, resulting in harmful or inappropriate outputs. Such attacks, including jailbreaking and prompt injection, pose significant risks to the integrity and...

PT-2026-47102

A flaw was found in OpenJPEG’s encoder in the opj dwt calc explicit stepsizes function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to system availability...

SEED: Semi-Supervised Continual MalwarE Detection for Tackling ConcEpt Drift on a BuDget

Machine learning based malware detectors become obsolete over time due to concept drift in benign and malware applications. Recent methods rely on fully labeled data and use hierarchical contrastive loss HCL with active learning to improve robustness against drift by exploiting semantic structure...

Reasoning As an Attack Surface: Adaptive Evolutionary CoT Jailbreaks for LLMs

Large Reasoning Models LRMs have demonstrated remarkable capabilities in reasoning and generation tasks and are increasingly deployed in real-world applications. However, their explicit chain-of-thought CoT mechanism introduces new security risks, making them particularly vulnerable to jailbreak...

Astra Linux - уязвимость в openjpeg2

A flaw was discovered in OpenJPEG’s encoder, specifically in the opjdwtcalcexplicitstepsizes function. This flaw allows an attacker who can provide crafted inputs for the decomposition levels to cause a buffer overflow. The greatest threat of this vulnerability is to system availability...

Do Coding Agents Understand Least-Privilege Authorization?

As coding agents gain access to shells, repositories, and user files, least-privilege authorization becomes a prerequisite for safe deployment: an agent should receive enough authority to complete the task, without unnecessary authority that exposes sensitive surfaces.To study whether current...

Spring AI Agentic Patterns (Part 3): Why Your AI Agent Forgets Tasks (And How to Fix It)

Have you ever asked an AI agent to perform a complex multi-step task, only to find it skipped a critical step halfway through? You're not alone. Research shows that LLMs struggle with "lost in the middle" failures—forgetting tasks buried in long contexts. When your agent juggles file edits, test...

CVE-2026-22705

CVE-2026-22705 — RustCrypto: Signatures (ML-DSA) exhibits a timing side-channel in the Decompose algorithm used during signing. The vulnerability arises from variable-time division of r1 by TwoGamma2::U32 on secret-derived data, leaking information about the signing key through timing variations....

A Wolf in Sheep's Clothing: Bypassing Commercial LLM Guardrails Via Harmless Prompt Weaving and Adaptive Tree Search

Large language models LLMs remain vulnerable to jailbreak attacks that bypass safety guardrails to elicit harmful outputs. Existing approaches overwhelmingly operate within the prompt-optimization paradigm: whether through traditional algorithmic search or recent agent-based workflows, the...

DrAttack

DrAttack: Prompt Decomposition and Reconstruction Makes Powerf...

EUVD-2025-13439

Malicious code in bioql PyPI...

EUVD-2023-2641

Malicious code in bioql PyPI...

PyTorch before 3.7.0 has a bernoulli_p decompose function in decompositions.py even though it lacks full consistency with the eager CPU implementation, negatively affecting nn.Dropout1d, nn.Dropout2d, and nn.Dropout3d for fallback_random=True.

...

Unspecified Vulnerability in PyTorch (CNVD-2025-23286)

PyTorch is a Python package open-sourced by PyTorch. PyTorch suffers from a security vulnerability that stems from an inconsistency between the bernoullip decomposition function and the CPU implementation, no details of the vulnerability are provided at this time...

PYSEC-2025-203

An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service DoS when performing a slice operation...

DEBIAN-CVE-2025-55551

An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service DoS when performing a slice operation...

CVE-2025-46153

PyTorch before 3.7.0 has a bernoullip decompose function in decompositions.py even though it lacks full consistency with the eager CPU implementation, negatively affecting nn.Dropout1d, nn.Dropout2d, and nn.Dropout3d for fallbackrandom=True...

CVE-2025-55551

An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service DoS when performing a slice operation...

PT-2025-39383

Name of the Vulnerable Software and Affected Versions PyTorch versions prior to 3.7.0 Description The software contains an inconsistency in the bernoulli p decompose function within decompositions.py. This function does not fully align with the eager CPU implementation, which impacts the...