ReasoningBomb: A Stealthy Denial-Of-Service Attack by Inducing Pathologically Long Reasoning in Large Reasoning Models

Large reasoning models LRMs extend large language models with explicit multi-step reasoning traces, but this capability introduces a new class of prompt-induced inference-time denial-of-service PI-DoS attacks that exploit the high computational cost of reasoning. We first formalize inference cost...

False Sense of Security: Why Probing-Based Malicious Input Detection Fails to Generalize

Large Language Models LLMs can comply with harmful instructions, raising serious safety concerns despite their impressive capabilities. Recent work has leveraged probing-based approaches to study the separability of malicious and benign inputs in LLMs' internal representations, and researchers ha...

CVE-2025-26644

CVE-2025-26644 affects Windows Hello by allowing local spoofing due to inadequate handling of adversarial input perturbations. Microsoft documents a Windows Hello security fix path via monthly updates (e.g., KB5055528 for Windows 11 22621/22631; KB5055519 for older Windows builds) that enforces v...

Windows Hello Spoofing Vulnerability

Automated recognition mechanism with inadequate detection or handling of adversarial input perturbations in Windows Hello allows an unauthorized attacker to perform spoofing locally...

jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions jQuery only deems the input to be HTML if it explicitly starts with the '<' character limiting exploitability only to attackers who can control the beginning of a string which is far less common.

...

Emerson SE4081S2T2B7 V DC Redundant Discrete Input Card Detection

Binary data 756808.prm...

Emerson 396604-04-8 Isolated Analog Input module Detection

Binary data 756517.prm...

GE IC695ALG616 PACSystems RX3i Analog Input Detection

Binary data 755410.prm...

GE IC694ALG232 PACSystems RX3i Analog Input Detection

Binary data 755406.prm...

GE IC694ALG220 PACSystems RX3i Analog Input Detection

Binary data 755415.prm...

GE IC694ALG223 PACSystems RX3i Analog Input Detection

Binary data 755418.prm...

GE IC694ALG221 PACSystems RX3i Analog Input Detection

Binary data 755416.prm...

GE IC694ALG233 PACSystemsRX3i Analog Input Detection

Binary data 755407.prm...

GE EP-3164 RSTi-EP Analog Input Detection

Binary data 755526.prm...

AZL-44730 CVE-2012-6708 affecting package python-httplib2 0.20.3-3

jQuery before 1.9.0 is vulnerable to Cross-site Scripting XSS attacks. The jQuerystrInput function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '' character anywhere in the string, giving...

AZL-43897 CVE-2012-6708 affecting package python-httplib2 0.20.3-3

jQuery before 1.9.0 is vulnerable to Cross-site Scripting XSS attacks. The jQuerystrInput function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '' character anywhere in the string, giving...