424 matches found
Attention Is Where You Attack
Safety-aligned large language models rely on RLHF and instruction tuning to refuse harmful requests, yet the internal mechanisms implementing safety behavior remain poorly understood. We introduce the Attention Redistribution Attack ARA, a white-box adversarial attack that identifies...
OSV-2026-649 Container-overflow in OGRGeometryFactory::organizePolygons
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=506932597 Crash type: Container-overflow WRITE 1 Crash state: OGRGeometryFactory::organizePolygons OGRCreateFromShapeBin OpenFileGDB::FileGDBOGRGeometryConverterImpl::CreateCurveGeometry...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-015458)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-015458 advisory. ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-28 and 7.1.2-2, passing a geometry string...
SUSE-SU-2026:21211-1 Security update for xwayland
This update for xwayland fixes the following issues: - CVE-2026-33999: XKB Integer Underflow in XkbSetCompatMap bsc1260922. - CVE-2026-34000: XKB Out-of-bounds Read in CheckSetGeom bsc1260923. - CVE-2026-34001: XSYNC Use-after-free in miSyncTriggerFence bsc1260924. - CVE-2026-34002: XKB...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in elasticsearch-geo-7.17.13.jar
Summary IBM Watson Discovery Cartridge affected by vulnerability in elasticsearch-geo-7.17.13.jar Vulnerability Details CVEID:CVE-2024-52981 DESCRIPTION: An issue was discovered in Elasticsearch, where a large recursion using the Well-KnownText formatted string with nested GeometryCollection...
Security update for xorg-x11-server
This update for xorg-x11-server fixes the following issues: CVE-2026-33999: XKB integer underflow in XkbSetCompatMap bsc1260922. CVE-2026-34000: XKB out-of-bounds read in CheckSetGeom bsc1260923. CVE-2026-34001: XSYNC use-after-free in miSyncTriggerFence bsc1260924. CVE-2026-34002: XKB...
UBUNTU-CVE-2026-34000
A flaw was found in the X.Org X server. This out-of-bounds read vulnerability in the XKB geometry processing, specifically within the CheckSetGeom and XkbAddGeomKeyAlias functions, allows an attacker to read uninitialized or out-of-bounds memory. An attacker with a connection to the X11 server,...
Explainable PQC: A Layered Interpretive Framework for Post-Quantum Cryptographic Security Assumptions
This paper studies how post-quantum cryptographic PQC security assumptions can be represented and communicated through a structured, layered framework that is useful for technical interpretation but does not replace formal cryptographic proofs. We propose "Explainable PQC,'' an interdisciplinary...
Shape and Substance: Dual-Layer Side-Channel Attacks on Local Vision-Language Models
On-device Vision-Language Models VLMs promise data privacy via local execution. However, we show that the architectural shift toward Dynamic High-Resolution preprocessing e.g., AnyRes introduces an inherent algorithmic side-channel. Unlike static models, dynamic preprocessing decomposes images in...
Optimal Transport-Guided Adversarial Attacks on Graph Neural Network-Based Bot Detection
The rise of bot accounts on social media poses significant risks to public discourse. To address this threat, modern bot detectors increasingly rely on Graph Neural Networks GNNs. However, the effectiveness of these GNN-based detectors in real-world settings remains poorly understood. In practice...
MiracleLinux 7 : xorg-x11-server-1.20.4-18.el7 (AXSA:2022-3654:02)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3654:02 advisory. xorg-x11-server: X.Org Server ProcXkbSetGeometry out-of-bounds access CVE-2022-2319 xorg-x11-server: out-of-bounds access in ProcXkbSetDeviceInfo...
MiracleLinux 3 : kernel-2.6.18-274.1.AXS3 (AXSA:2011-313:06)
The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2011-313:06 advisory. The kernel package contains the Linux kernel vmlinuz, the core of any Linux operating system. The kernel handles the basic functions of the operating...
SUSE SLES16: ImageMagick / ImageMagick-config-7-SUSE / etc (SUSE-SU-2025:21211-1)
The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:21211-1 advisory. - CVE-2025-62594: unsigned underflow and division-by-zero can lead to OOB pointer arithmetic and process crash bsc1252749. -...
CIS-BA: Continuous Interaction Space Based Backdoor Attack for Object Detection in the Real-World
Object detection models deployed in real-world applications such as autonomous driving face serious threats from backdoor attacks. Despite their practical effectiveness,existing methods are inherently limited in both capability and robustness due to their dependence on single-trigger-single-objec...
SUSE-SU-2025:21211-1 Security update for ImageMagick
This update for ImageMagick fixes the following issues: - CVE-2025-62594: unsigned underflow and division-by-zero can lead to OOB pointer arithmetic and process crash bsc1252749. - CVE-2025-57807: BlobStream Forward-Seek Under-Allocation bsc1249362. - CVE-2025-62171: incomplete fix for integer...
CLSA-2025-1760019285 Fix CVE(s): CVE-2025-55212
SECURITY UPDATE: crash triggered by passing a colon to montage -geometry - debian/patches/CVE-2025-55212.patch: Fix invalid height and width checks in ThumbnailImage using MagickSafeReciprocal - CVE-2025-55212...
CVE-2025-11166
The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to Cross-Site Request Forgery CSRF in all versions up to, and including, 9.0.46. This is due to the plugin exposing state-changing REST actions through an AJAX bridge without proper CSRF token validation, and having...
CVE-2025-11166
WP Go Maps (formerly WP Google Maps) for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) across all versions up to 9.0.46. The root cause is an AJAX bridge that exposes state-changing REST actions without proper CSRF token validation and GET-accessible destructive logic lacking a per...
PT-2025-41330
Name of the Vulnerable Software and Affected Versions WP Go Maps plugin for WordPress versions prior to 9.0.46 Description The WP Go Maps plugin for WordPress is susceptible to Cross-Site Request Forgery CSRF. The plugin exposes state-changing REST actions through an AJAX bridge without appropria...
EUVD-2018-7711
Malware in sbrugna...