Disrupting Vision-Language Model-Driven Navigation Services Via Adversarial Object Fusion

We present Adversarial Object Fusion AdvOF, a novel attack framework targeting vision-and-language navigation VLN agents in service-oriented environments by generating adversarial 3D objects. While foundational models like Large Language Models LLMs and Vision Language Models VLMs have enhanced...

CVE-2024-28957

Generation of predictable identifiers issue exists in Cente middleware TCP/IP Network Series. If this vulnerability is exploited, a remote unauthenticated attacker may interfere communications by predicting some packet header IDs of the device...

CVE-2022-34981

The PyCrowdTangle package in PyPI before v0.0.1 included a code execution backdoor inserted by a third party...

CVE-2022-38792

The exotel aka exotel-py package in PyPI as of 0.1.6 includes a code execution backdoor inserted by a third party...

CVE-2021-45104

An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x before 9.5.1. An attacker who can capture HTCondor network data can interfere with users' jobs and data...

CVE-2020-15681

When multiple WASM threads had a reference to a module, and were looking up exported functions, one WASM thread could have overwritten another's entry in a shared stub table, resulting in a potentially exploitable crash. This vulnerability affects Firefox 82...

CVE-2016-2398

Comcast XFINITY Home Security System does not properly maintain base-station communication, which allows physically proximate attackers to defeat sensor functionality by interfering with ZigBee 2.4 GHz transmissions...

CVE-2023-33861

IBM Security ReaQta EDR 3.12 could allow an attacker to spoof a trusted entity by interfering with the communication path between the host and client...

CVE-2023-33861

IBM Security ReaQta EDR 3.12 could allow an attacker to spoof a trusted entity by interfering with the communication path between the host and client...

CVE-2023-33861

CVE-2023-33861 affects IBM Security QRadar EDR 3.12. The vulnerability allows an attacker to spoof a trusted entity by interfering with the communication path between the host and client, related to trust management/improper certificate handling. The Red Hat/IBM security entries and the IBM bulle...

IBM Security ReaQta EDR 信任管理问题漏洞

IBM Security ReaQta EDR is an Endpoint Detection and Response EDR solution from International Business Machines IBM that detects, investigates and responds to endpoint threats in real time through behavioral analytics and AI technologies, providing automated threat hunting and incident response...

kernel: wifi: iwlwifi: mvm: rfi: fix potential response leaks

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: rfi: fix potential response leaks The Linux kernel CVE team has assigned CVE-2024-35912 to this issue. Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024051956-CVE-2024-35912-b093@gregkh/T...

Browser Security Posture Analysis: a Client-Side Security Assessment Framework

Modern web browsers have effectively become the new operating system for business applications, yet their security posture is often under-scrutinized. This paper presents a novel, comprehensive Browser Security Posture Analysis Framework1, a browser-based client-side security assessment toolkit...

Mozilla Thunderbird < 138.0

The version of Thunderbird installed on the remote Windows host is prior to 138.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-31 advisory. - Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some of thes...

CSI2Dig: Recovering Digit Content from Smartphone Loudspeakers Using Channel State Information

Eavesdropping on sounds emitted by mobile device loudspeakers can capture sensitive digital information, such as SMS verification codes, credit card numbers, and withdrawal passwords, which poses significant security risks. Existing schemes either require expensive specialized equipment, rely on...

CVE-2025-30345

An issue was discovered in OpenSlides before 4.2.5. When creating new chats via the chatgroup.create action, the user is able to specify the name of the chat. Some HTML elements such as SCRIPT are filtered, whereas others are not. In most cases, HTML entities are encoded properly, but not when...

CVE-2025-30345

OpenSlides CVE-2025-30345 affects OpenSlides versions prior to 4.2.5. The vulnerability arises in the chat_group.create action: while some HTML elements (e.g., SCRIPT) are filtered, others are not, and HTML entities are not consistently encoded when deleting chats or deleting messages, potentiall...

Linux Distros Unpatched Vulnerability : CVE-2022-35978

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Minetest is a free open-source voxel game engine with easy modding and game creation. In single player, a mod can set a global setting that controls the Lua...

CVE-2025-21694

In the Linux kernel, the following vulnerability has been resolved: fs/proc: fix softlockup in readvmcore part 2 Since commit 5cbcb62dddf5 "fs/proc: fix softlockup in readvmcore" the number of softlockups in readvmcore at kdump time have gone down, but they still happen sometimes. In a memory...

CVE-2025-25183 vLLM using built-in hash() from Python 3.12 leads to predictable hash collisions in vLLM prefix cache

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Maliciously constructed statements can lead to hash collisions, resulting in cache reuse, which can interfere with subsequent responses and cause unintended behavior. Prefix caching makes use of Python's built-i...