Description of the security update for SharePoint Server 2019: July 8, 2025 (KB5002741)

Description of the security update for SharePoint Server 2019: July 8, 2025 KB5002741 Summary This security update resolves a Microsoft SharePoint remote code execution vulnerability, Microsoft SharePoint Server spoofing vulnerability, and Microsoft Word remote code execution vulnerability. To...

PT-2025-28654 · Ibm · Ibm Openpages With Watson

Name of the Vulnerable Software and Affected Versions: IBM OpenPages with Watson versions 8.3 through 9.0 Description: The issue provides weaker than expected security in the storage of encrypted data. An authenticated remote attacker with access to the database or a local attacker with access to...

Post-Processing in Local Differential Privacy: an Extensive Evaluation and Benchmark Platform

Local differential privacy LDP has recently gained prominence as a powerful paradigm for collecting and analyzing sensitive data from users' devices. However, the inherent perturbation added by LDP protocols reduces the utility of the collected data. To mitigate this issue, several post-processin...

LDP$^3$: an Extensible and Multi-Threaded Toolkit for Local Differential Privacy Protocols and Post-Processing Methods

Local differential privacy LDP has become a prominent notion for privacy-preserving data collection. While numerous LDP protocols and post-processing PP methods have been developed, selecting an optimal combination under different privacy budgets and datasets remains a challenge. Moreover, the la...

DATABench: Evaluating Dataset Auditing in Deep Learning from an Adversarial Perspective

The widespread application of Deep Learning across diverse domains hinges critically on the quality and composition of training datasets. However, the common lack of disclosure regarding their usage raises significant privacy and copyright concerns. Dataset auditing techniques, which aim to...

The Landscape of Memorization in LLMs: Mechanisms, Measurement, and Mitigation

Large Language Models LLMs have demonstrated remarkable capabilities across a wide range of tasks, yet they also exhibit memorization of their training data. This phenomenon raises critical questions about model behavior, privacy risks, and the boundary between learning and memorization. Addressi...

Hunting in the Dark: Metrics for Early Stage Traffic Discovery

Threat hunting is an operational security process where an expert analyzes traffic, applying knowledge and lightweight tools on unlabeled data in order to identify and classify previously unknown phenomena. In this paper, we examine threat hunting metrics and practice by studying the detection of...

Exploit for Code Injection in Langflow

CVE-2025-3248: Langflow Unauthenticated Remote Code Execution...

Exploit for Incorrect Authorization in Sudo_Project Sudo

CVE-2025-32462 – sudo -h Privilege Escalation PoC !MIT Licen...

cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory

A flaw was found in the Python tarfile module. This vulnerability allows attackers to bypass extraction filters, enabling symlink targets to escape the destination directory and allowing unauthorized modification of file metadata via the use of TarFile.extract or TarFile.extractall with the filte...

CLSA-2025-1751145522 python3.11: Fix of CVE-2024-0397

CVE-2024-0397: fix memory race condition in ssl.SSLContext methods certstorestats and getcacerts...

Search Best Practices in Veeam Data Cloud for Microsoft 365

New Search Experience for Veeam Data Cloud for Microsoft 365 We are excited to announce the initial rollout of our new search feature, designed to significantly improve the speed and efficiency of your search experience. The new search supports deleted item recovery and restore point search witho...

SoK: Can Synthetic Images Replace Real Data? A Survey of Utility and Privacy of Synthetic Image Generation

Advances in generative models have transformed the field of synthetic image generation for privacy-preserving data synthesis PPDS. However, the field lacks a comprehensive survey and comparison of synthetic image generation methods across diverse settings. In particular, when we generate syntheti...

VulnCheck KEV: CVE-2019-17574

An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated attacker can partially control the arguments of the doaction function to invoke certain popmake or pum methods, as demonstrated by controlling content and delivery of popmake-system-info.txt...

Exploit for CVE-2025-49113

CVE-2025-49113 Scanner 🔍 Description A powerful, multi-me...

[SECURITY] Fedora 42 Update: apache-commons-beanutils-1.9.4-39.fc42

The scope of this package is to create a package of Java utility methods for accessing and modifying the properties of arbitrary JavaBeans. No dependencies outside of the JDK are required, so the use of this package is very lightweight...

[SECURITY] Fedora 41 Update: apache-commons-beanutils-1.9.4-39.fc41

The scope of this package is to create a package of Java utility methods for accessing and modifying the properties of arbitrary JavaBeans. No dependencies outside of the JDK are required, so the use of this package is very lightweight...

ArgHiTZ at ArchEHR-QA 2025: a Two-Step Divide and Conquer Approach to Patient Question Answering for Top Factuality

This work presents three different approaches to address the ArchEHR-QA 2025 Shared Task on automated patient question answering. We introduce an end-to-end prompt-based baseline and two two-step methods to divide the task, without utilizing any external knowledge. Both two step approaches first...

Towards Reliable Forgetting: a Survey on Machine Unlearning Verification, Challenges, and Future Directions

With growing demands for privacy protection, security, and legal compliance e.g., GDPR, machine unlearning has emerged as a critical technique for ensuring the controllability and regulatory alignment of machine learning models. However, a fundamental challenge in this field lies in effectively...

Arbitrary Code Injection

Overview org.webjars.npm:jsonpath is a Query JavaScript objects with JSONPath expressions. Robust / safe JSONPath engine for Node.js. Affected versions of this package are vulnerable to Arbitrary Code Injection via unsafe evaluation of user-supplied JSON Path expressions. The library relies on th...