10079 matches found
WIFISKY 7-layer Flow Control Router 安全漏洞
WIFISKY 7-layer Flow Control Router is a router from WIFISKY. A security vulnerability exists in the WIFISKY 7-layer Flow Control Router, which is a result of a command injection attack due to the misuse of parameter t in the confirm.php interface...
PT-2025-26993
Name of the Vulnerable Software and Affected Versions: WIFISKY 7-layer Flow Control Router affected versions not specified Description: A remote command injection issue exists in the confirm.php interface of the WIFISKY 7-layer Flow Control Router. This is due to insufficient input validation,...
Universal and Efficient Detection of Adversarial Data through Nonuniform Impact on Network Layers
Deep Neural Networks DNNs are notoriously vulnerable to adversarial input designs with limited noise budgets. While numerous successful attacks with subtle modifications to original input have been proposed, defense techniques against these attacks are relatively understudied. Existing defense...
Living Long Doing Pentests
Whitepaper called Living Long Doing Pentests. It discusses basic LLDP protocol fuzzing and usage from a pentester's point of view...
iterate Cyberduck和iterate Mountain Duck 安全漏洞
iterate Cyberduck and iterate Mountain Duck are both open source file transfer clients from iterate. A security vulnerability exists in iterate Cyberduck 9.1.6 and earlier and iterate Mountain Duck 4.17.5 and earlier, which stems from improper handling of TLS certificate fixing and could lead to...
UBUNTU-CVE-2025-6032
A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack...
USN-7594-1 linux, linux-gcp, linux-raspi, linux-realtime vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - ARM64 architecture; - PowerPC architecture; - RISC-V architecture; - User-Mode Linux UML; - x...
Physical Layer Challenge-Response Authentication between Ambient Backscatter Devices
Ambient backscatter communication AmBC has become an integral part of ubiquitous Internet of Things IoT applications due to its energy-harvesting capabilities and ultra-low-power consumption. However, the open wireless environment exposes AmBC systems to various attacks, and existing authenticati...
Texas Instruments LP-CC2652RB SimpleLink CC13XX CC26XX SDK 安全漏洞
Texas Instruments LP-CC2652RB SimpleLink CC13XX CC26XX SDK is a software development kit from Texas Instruments, USA. A security vulnerability exists in Texas Instruments LP-CC2652RB SimpleLink CC13XX CC26XX SDK version 7.41.00.17, which originates from a denial of service due to the sending of a...
The vulnerability of the `easy_uci_set_option_string_0()` function in the `/cgi-bin/lighttpd.cgi` file of the LB-LINK BL-AC3600 router’s microprogramming system allows a hacker to execute arbitrary code.
The vulnerability of the easyucisetoptionstring0 function in the /cgi-bin/lighttpd.cgi file of the LB-LINK BL-AC3600 router microprogramming system is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability could allow an attacker operating...
OSI Stack Redesign for Quantum Networks: Requirements, Technologies, Challenges, and Future Directions
Quantum communication is poised to become a foundational element of next-generation networking, offering transformative capabilities in security, entanglement-based connectivity, and computational offloading. However, the classical OSI model-designed for deterministic and error-tolerant...
LURK-T: Limited Use of Remote Keys with Added Trust in TLS 1.3
In many web applications, such as Content Delivery Networks CDNs, TLS credentials are shared, e.g., between the website's TLS origin server and the CDN's edge servers, which can be distributed around the globe. To enhance the security and trust for TLS 1.3 in such scenarios, we propose LURK-T, a...
Optimizing Resource Allocation and Energy Efficiency in Federated Fog Computing for IoT
Address Resolution Protocol ARP spoofing attacks severely threaten Internet of Things IoT networks by allowing attackers to intercept, modify, or block communications. Traditional detection methods are insufficient due to high false positives and poor adaptability. This research proposes a...
NAP-Tuning: Neural Augmented Prompt Tuning for Adversarially Robust Vision-Language Models
Vision-Language Models VLMs such as CLIP have demonstrated remarkable capabilities in understanding relationships between visual and textual data through joint embedding spaces. Despite their effectiveness, these models remain vulnerable to adversarial attacks, particularly in the image modality,...
Optimistic MEV in Ethereum Layer 2s: Why Blockspace Is Always in Demand
Layer 2 rollups are rapidly absorbing DeFi activity, securing over $40 billion and accounting for nearly half of Ethereum's DEX volume by Q1 2025, yet their MEV dynamics remain understudied. We address this gap by defining and quantifying optimistic MEV, a form of speculative, on-chain cyclic...
Movable Antennas Meet Low-Altitude Wireless Networks: Fundamentals, Opportunities, and Future Directions
With the rapid development of low-altitude applications, there is an increasing demand for low-altitude wireless networks LAWNs to simultaneously achieve high-rate communication, precise sensing, and reliable control in the low-altitude airspace. In this paper, we first present a typical system...
CVE-2025-48886 hydra-node dangerously assumes L1 event finality and does not consider failed transactions
Hydra is a layer-two scalability solution for Cardano. Prior to version 0.22.0, the process assumes L1 event finality and does not consider failed transactions. Currently, Cardano L1 is monitored for certain events which are necessary for state progression. At the moment, Hydra considers those...
CVE-2025-48886 hydra-node dangerously assumes L1 event finality and does not consider failed transactions
Hydra is a layer-two scalability solution for Cardano. Prior to version 0.22.0, the process assumes L1 event finality and does not consider failed transactions. Currently, Cardano L1 is monitored for certain events which are necessary for state progression. At the moment, Hydra considers those...
Hydra 安全漏洞
Hydra is a Nix open source continuous integration service based on the Nix project. A security vulnerability exists in versions prior to Hydra 0.22.0 that stems from a failed transaction on Cardano L1 that was not considered and could lead to a reorganization attack...
Probing the Robustness of Large Language Models Safety to Latent Perturbations
Safety alignment is a key requirement for building reliable Artificial General Intelligence. Despite significant advances in safety alignment, we observe that minor latent shifts can still trigger unsafe responses in aligned models. We argue that this stems from the shallow nature of existing...