AFL-ICP: Enhancing Industrial Control Protocol Reliability Via Specification-Guided Fuzzing

Industrial Control Protocols ICPs are critical to the reliability and stability of industrial infrastructure, yet their security is fundamentally compromised by a specification-blindness bottleneck. Modern fuzzers, constrained by observation-driven inference, struggle to penetrate deep protocol...

Information Theoretic Adversarial Training of Large Language Models

Large language models LLMs remain vulnerable to adversarial prompting despite advances in alignment and safety, often exhibiting harmful behaviors under novel attack strategies. While adversarial training can improve robustness, existing approaches are computationally expensive and difficult to...

Evaluating the Reliability of Multiple Large Language Models in Risk Assessment: A CIS Controls Based Approach

Proper implementation of technical and administrative controls reinforces an organization's cybersecurity posture and business resilience, reduces risks, and enhances governance, ultimately elevating business maturity. The dynamics of the technological landscape and emerging threats negatively...

PT-2026-37490

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel fails to properly reject unsupported hardware configurations in the perf/arm-cmn component. By accepting unknown Coherent Mesh Network CMN models and revisions, the syst...

arthexis (>=0.2.6 <=0.8.0), cg-django-uaa (=2.1.9) +29 more potentially affected by CVE-2026-5766 via django (>=5.2.0 <=5.2.13)

django PYPI version =5.2.0, =0.2.6, =0.1.0, =0.1.0, =1.3.0, =1.92.0.5, =4.2.0, =0.0.7, =3.0.0, =0.1.0, =0.1.1 and more Source cves: CVE-2026-5766 Source advisory: OSV:GHSA-W26R-RMM8-9C29...

Automation-Exploit-Legacy

Automation-Exploit Legacy Prototype This repository contain...

Linux Distros Unpatched Vulnerability : CVE-2026-42440

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OOM Denial of Service via Unbounded Array Allocation in Apache OpenNLP AbstractModelReader Versions Affected: before 2.5.9 before 3.0.0-M3 Description: The...

This Week in Spring - May 5th, 2026

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's May 5th, 2026, and I'm in Mainz, Germany, for the legendary JAX conference! It's been infinitely far too long since I've been at this amazing show, and I'm oh-so happy to be back here! Tonight, after my two talks here, I...

Linux Distros Unpatched Vulnerability : CVE-2026-42027

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Arbitrary Class Instantiation via Model Manifest in Apache OpenNLP ExtensionLoader Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The...

Apache OpenNLP AbstractModelReader has an OOM Denial of Service via Unbounded Array Allocation

OOM Denial of Service via Unbounded Array Allocation in Apache OpenNLP AbstractModelReader Versions Affected: Before 2.5.9 Before 3.0.0-M3 Description: The AbstractModelReader methods getOutcomes, getOutcomePatterns, and getPredicates each read a 32-bit signed integer count field from a binary...

org.apache.opennlp:opennlp-cli (>=3.0.0-M1 <=3.0.0-M2), org.apache.opennlp:opennlp-distr (>=3.0.0-M1 <=3.0.0-M2) +6 more potentially affected by CVE-2026-40682 via org.apache.opennlp:opennlp-runtime (>=3.0.0-M1 <=3.0.0-M2)

org.apache.opennlp:opennlp-runtime MAVEN version =3.0.0-M1, =3.0.0-M1, =3.0.0-M1, =3.0.0-M1, =3.0.0-M1, =3.0.0-M1, =3.0.0-M1, =3.0.0-M2 Source cves: CVE-2026-40682 Source advisory: SNYK:JAVA-ORGAPACHEOPENNLP-16419378...

Eval Injection

Overview pptagent is an An Agentic Framework for Reflective PowerPoint Generation Affected versions of this package are vulnerable to Eval Injection via the eval function when processing code generated by large language models with built-in functions available in the execution scope. An attacker...

CVE-2026-42440

OOM Denial of Service via Unbounded Array Allocation in Apache OpenNLP AbstractModelReader Versions Affected: before 2.5.9 before 3.0.0-M3 Description: The AbstractModelReader methods getOutcomes, getOutcomePatterns, and getPredicates each read a 32-bit signed integer count field from a binary...

CVE-2026-42440

CVE-2026-42440 affects Apache OpenNLP, specifically AbstractModelReader. The vulnerability arises when getOutcomes(), getOutcomePatterns(), and getPredicates() read a 32-bit signed count from a binary model stream and allocate arrays (String[numOutcomes], int[numOCTypes][], String[NUM_PREDS]) wit...

Malicious Package

Overview @tw-models/storage is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

PPTAgent 路径遍历漏洞

PPTAgent is an open-source intelligent presentation generation tool based on large models developed by ICIP-CAS. Previous versions of PPTAgent, such as 418491a, contained a path traversal vulnerability. This vulnerability stemmed from issues with the markdowntabletoimage function, which could lea...

STARE: Step-Wise Temporal Alignment and Red-Teaming Engine for Multi-Modal Toxicity Attack

Red-teaming Vision-Language Models is essential for identifying vulnerabilities where adversarial image-text inputs trigger toxic outputs. Existing approaches treat image generation as a black box, returning only terminal toxicity scores and leaving open the question of when and how toxic semanti...

Jailbroken Frontier Models Retain Their Capabilities

As language model safeguards become more robust, attackers are pushed toward developing increasingly complex jailbreaks. Prior work has found that this complexity imposes a "jailbreak tax" that degrades the target model's task performance. We show that this tax scales inversely with model...

Trident: Improving Malware Detection with LLMs and Behavioral Features

Traditionally, machine learning methods for PE malware detection have relied on static features like byte histograms, string information, and PE header contents. One barrier to incorporating dynamic analysis features has been the semi-structured nature of sandbox behavior reports. We show that,...

EUVD-2018-21838

Tenda W3002R/A302/W309R wireless routers version V5.07.64en contain a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation. Attackers can send GET requests to the /goform/AdvSetDns endpoint with a crafted...