2025-06 Cumulative security Hotpatch for Azure Stack HCI, version 21H2 and Windows Server 2022 Datacenter: Azure Edition for x64-based Systems (KB5060525)

Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information...

2025-06 Cumulative Update for Windows 10 Version 1507 for x86-based Systems (KB5060998)

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article...

Safeguarding Multimodal Knowledge Copyright in the RAG-As-A-Service Environment

As Retrieval-Augmented Generation RAG evolves into service-oriented platforms Rag-as-a-Service with shared knowledge bases, protecting the copyright of contributed data becomes essential. Existing watermarking methods in RAG focus solely on textual knowledge, leaving image knowledge unprotected. ...

Breaking Data Silos: Towards Open and Scalable Mobility Foundation Models Via Generative Continual Learning

Foundation models have revolutionized fields such as natural language processing and computer vision by enabling general-purpose learning across diverse tasks and datasets. However, building analogous models for human mobility remains challenging due to the privacy-sensitive nature of mobility da...

CVE-2025-5533 Knowledge Base <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Knowledge Base plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'kbalert' shortcode in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-5533 Knowledge Base <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Knowledge Base plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'kbalert' shortcode in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

PT-2025-24036 · WordPress · Wp Knowledgebase

Name of the Vulnerable Software and Affected Versions: Knowledge Base plugin for WordPress versions prior to 2.3.0 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the kbalert shortcode. This allows authenticated attackers with...

FIST: a Structured Threat Modeling Framework for Fraud Incidents

Fraudulent activities are rapidly evolving, employing increasingly diverse and sophisticated methods that pose serious threats to individuals, organizations, and society. This paper proposes the FIST Framework Fraud Incident Structured Threat Framework, an innovative structured threat modeling...

When Better Features Mean Greater Risks: the Performance-Privacy Trade-Off in Contrastive Learning

With the rapid advancement of deep learning technology, pre-trained encoder models have demonstrated exceptional feature extraction capabilities, playing a pivotal role in the research and application of deep learning. However, their widespread use has raised significant concerns about the risk o...

WordPress plugin Knowledge Base 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

The vulnerability of the get_article_urls() function in the KnowledgeBaseWebReader class of the LlamaIndex framework for working with large language models allows a attacker to trigger a service denial.

The vulnerability of the getarticleurls function in the KnowledgeBaseWebReader class of the LlamaIndex framework, which is used for working with large language models, is related to an uncontrolled resource consumption when processing the maxdepth parameter. Exploiting this vulnerability could...

TracLLM: a Generic Framework for Attributing Long Context LLMs

Long context large language models LLMs are deployed in many real-world applications such as RAG, agent, and broad LLM-integrated applications. Given an instruction and a long context e.g., documents, PDF files, webpages, a long context LLM can generate an output grounded in the provided context,...

Hybrid Stabilization Protocol for Cross-Chain Digital Assets Using Adaptor Signatures and AI-Driven Arbitrage

Stablecoins face an unresolved trilemma of balancing decentralization, stability, and regulatory compliance. We present a hybrid stabilization protocol that combines crypto-collateralized reserves, algorithmic futures contracts, and cross-chain liquidity pools to achieve robust price adherence...

QA-HFL: Quality-Aware Hierarchical Federated Learning for Resource-Constrained Mobile Devices with Heterogeneous Image Quality

This paper introduces QA-HFL, a quality-aware hierarchical federated learning framework that efficiently handles heterogeneous image quality across resource-constrained mobile devices. Our approach trains specialized local models for different image quality levels and aggregates their features...

Security Bulletin: Multiple security vulnerabilities affecting IBM Knowledge Catalog for IBM Cloud Pak for Data

Summary Multiple security vulnerabilities impacting IBM Knowledge Catalog for IBM Cloud Pak for Data. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-3635 DESCRIPTION: Okio GzipSource is vulnerable to a denial of service, caused by unhandled exception. By sending a...

Security Bulletin: Multiple security vulnerabilities affecting IBM Knowledge Catalog for IBM Cloud Pak for Data

Summary Multiple security vulnerabilities impacting IBM Knowledge Catalog for IBM Cloud Pak for Data. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-28155 DESCRIPTION: Node.js Request module is vulnerable to server-side request forgery, caused by a cross-protocol...

Scaling DeFi with ZK Rollups: Design, Deployment, and Evaluation of a Real-Time Proof-Of-Concept

Ethereum's scalability limitations pose significant challenges for the adoption of decentralized applications dApps. Zero-Knowledge Rollups ZK Rollups present a promising solution, bundling transactions off-chain and submitting validity proofs on-chain to enhance throughput and efficiency. In thi...

When GPT Spills the Tea: Comprehensive Assessment of Knowledge File Leakage in GPTs

Knowledge files have been widely used in large language model LLM agents, such as GPTs, to improve response quality. However, concerns about the potential leakage of knowledge files have grown significantly. Existing studies demonstrate that adversarial prompts can induce GPTs to leak knowledge...

Confidential Guardian: Cryptographically Prohibiting the Abuse of Model Abstention

Cautious predictions -- where a machine learning model abstains when uncertain -- are crucial for limiting harmful errors in safety-critical applications. In this work, we identify a novel threat: a dishonest institution can exploit these mechanisms to discriminate or unjustly deny services under...

Head Start 安全漏洞

Head Start is a web-based knowledge mapping software open-sourced by Open Knowledge Maps. It is designed to give researchers a head start in literature review hence the name. A security vulnerability exists in the v7 version of Head Start that stems from improper handling of the url parameter in...