358 matches found
PrivATE: Differentially Private Confidence Intervals for Average Treatment Effects
The average treatment effect ATE is widely used to evaluate the effectiveness of drugs and other medical interventions. In safety-critical applications like medicine, reliable inferences about the ATE typically require valid uncertainty quantification, such as through confidence intervals CIs...
CVE-2024-48140
A prompt injection vulnerability in the chatbox of Butterfly Effect Limited Monica Your AI Copilot powered by ChatGPT4 v6.3.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message...
CVE-2024-48142
A prompt injection vulnerability in the chatbox of Butterfly Effect Limited Monica ChatGPT AI Assistant v2.4.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message...
CVE-2022-20548
In setParameter of EqualizerEffect.cpp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
CVE-2021-24683
The Weather Effect WordPress plugin before 1.3.4 does not have any CSRF checks in place when saving its settings, and do not validate or escape them, which could lead to Stored Cross-Site Scripting issue...
CVE-2019-6677
On BIG-IP versions 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, and 12.1.0-12.1.5, under certain conditions when using custom TCP congestion control settings in a TCP profile, TMM stops processing traffic when processed by an iRule...
BELL-CVE-2025-37966
Bulletin has no description...
AudioJailbreak: Jailbreak Attacks against End-To-End Large Audio-Language Models
Jailbreak attacks to Large audio-language models LALMs are studied recently, but they achieve suboptimal effectiveness, applicability, and practicability, particularly, assuming that the adversary can fully manipulate user prompts. In this work, we first conduct an extensive experiment showing th...
Malicious code in com.unity.visualeffectgraph (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 612fb4f703fb888029e1ae8bf1069fc5719a9288ee946e4210c5127c665c38d9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Bridging Expertise Gaps: the Role of LLMs in Human-AI Collaboration for Cybersecurity
This study investigates whether large language models LLMs can function as intelligent collaborators to bridge expertise gaps in cybersecurity decision-making. We examine two representative tasks-phishing email detection and intrusion detection-that differ in data modality, cognitive complexity,...
BELL-CVE-2025-37779
Bulletin has no description...
CVE-2023-53076
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2025-3165
CVE-2025-3165 affects thu-pacman chitu 0.1.0. The vulnerability is in the function torch.load within chitu/chitu/backend.py, where manipulation of the arguments ckpt_path/quant_ckpt_dir leads to deserialization. An attack requires local access. The issue is documented across multiple feeds (NVD, ...
CVE-2025-22000
CVE-2025-22000 affects the Linux kernel. The flaw is in mm/huge_memory where, after splitting a folio for EOF, folio refs may not be fully dropped unless folio_put_refs(folio, folio_nr_pages(folio)) is used. This can cause a memory leak when the blocksize > page_size and truncation creates fol...
PT-2025-14236 · Unknown · Feedbucket
Name of the Vulnerable Software and Affected Versions: Feedbucket – Website Feedback Tool versions 1.0.0 through 1.0.6 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows an attacker to perform unauthorized actions on a user's account. This can be achieved by...
GHSA-J8XJ-7JFF-46MX Directus's S3 assets become unavailable after a burst of malformed transformations
Summary When making many malformed transformation requests at once, at some point, all assets are being served as 403. Details When I was investigating this issue, I have found that after a burst of malformed asset transformation requests, the amount of sockets held on Agent on NodeHttpHandler wa...
Linux Distros Unpatched Vulnerability : CVE-2024-39920
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The TCP protocol in RFC 9293 has a timing side channel that makes it easier for remote attackers to infer the content of one TCP connection from a client system...
WordPress Rife Elementor Extensions & Templates plugin <= 1.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Writing Effect Headline Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Writing Effect Headline Shortcode vulnerability discovered by zer0gh0st in WordPress Plugin Rife Elementor Extensions & Templates versions = 1.2.5...
BELL-CVE-2025-21686 CVE-2025-21686 does not affect BellSoft software
Bulletin has no description...
Malicious code in effect-layout-function (npm)
The package communicates with a domain associated with malicious activity...