ExAI5G: A Logic-Based Explainable AI Framework for Intrusion Detection in 5G Networks

Intrusion detection systems IDSs for 5G networks must handle complex, high-volume traffic. Although opaque "black-box" models can achieve high accuracy, their lack of transparency hinders trust and effective operational response. We propose ExAI5G, a framework that prioritizes interpretability by...

Explainability-Guided Adversarial Attacks on Transformer-Based Malware Detectors Using Control Flow Graphs

Transformer-based malware detection systems operating on graph modalities such as control flow graphs CFGs achieve strong performance by modeling structural relationships in program behavior. However, their robustness to adversarial evasion attacks remains underexplored. This paper examines the...

EUVD-2025-208315

An Arbitrary File Read vulnerability exists in the ImageTextPromptValue class in Exploding Gradients RAGAS v0.2.3 to v0.2.14. The vulnerability stems from improper validation and sanitization of URLs supplied in the retrievedcontexts parameter when handling multimodal inputs...

CVE-2025-45691

An Arbitrary File Read vulnerability exists in the ImageTextPromptValue class in Exploding Gradients RAGAS v0.2.3 to v0.2.14. The vulnerability stems from improper validation and sanitization of URLs supplied in the retrievedcontexts parameter when handling multimodal inputs...

CVE-2025-45691

An Arbitrary File Read vulnerability exists in the ImageTextPromptValue class in Exploding Gradients RAGAS v0.2.3 to v0.2.14. The vulnerability stems from improper validation and sanitization of URLs supplied in the retrievedcontexts parameter when handling multimodal inputs...

CVE-2025-45691

An Arbitrary File Read vulnerability exists in the ImageTextPromptValue class in Exploding Gradients RAGAS v0.2.3 to v0.2.14. The vulnerability stems from improper validation and sanitization of URLs supplied in the retrievedcontexts parameter when handling multimodal inputs...

PT-2026-23468

Name of the Vulnerable Software and Affected Versions Exploding Gradients RAGAS versions 0.2.3 through 0.2.14 Description An arbitrary file read issue exists in the ImageTextPromptValue class. This is due to insufficient validation and sanitization of URLs provided in the retrieved contexts...

CVE-2025-45691

An Arbitrary File Read vulnerability exists in the ImageTextPromptValue class in Exploding Gradients RAGAS v0.2.3 to v0.2.14. The vulnerability stems from improper validation and sanitization of URLs supplied in the retrievedcontexts parameter when handling multimodal inputs...

CVE-2025-45691

An Arbitrary File Read vulnerability affects Exploding Gradients RAGAS, versions v0.2.3 through v0.2.14, in the ImageTextPromptValue class. The flaw arises from improper validation/sanitization of URLs supplied in the retrieved_contexts parameter when handling multimodal inputs, enabling potentia...

H.265/HEVC Video Steganalysis Based on CU Block Structure Gradients and IPM Mapping

Existing H.265/HEVC video steganalysis research mainly focuses on statistical feature modeling at the levels of motion vectors MV, intra prediction modes IPM, or transform coefficients. In contrast, studies targeting the coding-structure level - especially the analysis of block-level steganograph...

Persistent Backdoor Attacks under Continual Fine-Tuning of LLMs

Backdoor attacks embed malicious behaviors into Large Language Models LLMs, enabling adversaries to trigger harmful outputs or bypass safety controls. However, the persistence of the implanted backdoors under user-driven post-deployment continual fine-tuning has been rarely examined. Most prior...

Fedora 42 : webkitgtk (2025-4fc934f283)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-4fc934f283 advisory. Prevent unsafe URI schemes from participating in media playback. Make jscvaluearraybuffergetdata function introspectable. Fix logging in to Google...

Fedora 43 : webkitgtk (2025-6f3e9e3af6)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-6f3e9e3af6 advisory. Prevent unsafe URI schemes from participating in media playback. Make jscvaluearraybuffergetdata function introspectable. Fix logging in to Google...

Who'S the Evil Twin? Differential Auditing for Undesired Behavior

Detecting hidden behaviors in neural networks poses a significant challenge due to minimal prior knowledge and potential adversarial obfuscation. We explore this problem by framing detection as an adversarial game between two teams: the red team trains two similar models, one trained solely on...

Gradient Inversion Attacks on Parameter-Efficient Fine-Tuning

Federated learning FL allows multiple data-owners to collaboratively train machine learning models by exchanging local gradients, while keeping their private data on-device. To simultaneously enhance privacy and training efficiency, recently parameter-efficient fine-tuning PEFT of large-scale...

Coded Robust Aggregation for Distributed Learning under Byzantine Attacks

In this paper, we investigate the problem of distributed learning DL in the presence of Byzantine attacks. For this problem, various robust bounded aggregation RBA rules have been proposed at the central server to mitigate the impact of Byzantine attacks. However, current DL methods apply RBA rul...

Defending against Indirect Prompt Injection by Instruction Detection

The integration of Large Language Models LLMs with external sources is becoming increasingly common, with Retrieval-Augmented Generation RAG being a prominent example. However, this integration introduces vulnerabilities of Indirect Prompt Injection IPI attacks, where hidden instructions embedded...

aiocpa contains credential harvesting code

aiocpa is a user-facing library for generating color gradients of text. Version 0.1.13 introduced obfuscated, malicious code targeting Crypto Pay users, forwarding client credentials to a remote Telegram bot. All versions have been removed from PyPI...

PYSEC-2024-152 aiocpa 0.1.13 contains credential harvesting code

aiocpa is a user-facing library for generating color gradients of text. Version 0.1.13 introduced obfuscated, malicious code targeting Crypto Pay users, forwarding client credentials to a remote Telegram bot. All versions have been removed from PyPI...

PT-2024-40899 · Pypi · Aiocpa

Name of the Vulnerable Software and Affected Versions: aiocpa versions prior to the removal from PyPI Description: The issue concerns a user-facing library used for generating color gradients of text. It was discovered that version 0.1.13 introduced obfuscated, malicious code. This code targets...