PT-2026-1353

Name of the Vulnerable Software and Affected Versions AIOHTTP versions 3.13.2 and below Description AIOHTTP, an asynchronous HTTP client/server framework for asyncio and Python, is susceptible to a denial-of-service DoS attack. When optimizations are enabled using -O or PYTHONOPTIMIZE=1, and an...

CuFuzz: Hardening CUDA Programs through Transformation and Fuzzing

GPUs have gained significant popularity over the past decade, extending beyond their original role in graphics rendering. This evolution has brought GPU security and reliability to the forefront of concerns. Prior research has shown that CUDA's lack of memory safety can lead to serious...

PT-2026-26340

Name of the Vulnerable Software and Affected Versions wolfSSL version 5.8.4 Description The software contains a flaw in the constant-time masking logic within the sp 256 get entry 256 9 function. When compiled with GCC targeting RISC-V RV32I using the -O3 optimization flag, the logic is altered...

WordPress Image Optimizer by wps.sk plugin <= 1.2.0 - Cross-Site Request Forgery to Bulk Image Optimization vulnerability

Cross-Site Request Forgery to Bulk Image Optimization vulnerability discovered by Sarawut Poolkhet MisterHelloz in WordPress Plugin Image Optimizer by wps.sk versions = 1.2.0...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992530)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992530 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: Fix use after free for wext Key information in wext.connect is not reset on...

EUVD-2025-205256

Missing Authorization vulnerability in FolioVision FV Simpler SEO fv-all-in-one-seo-pack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FV Simpler SEO: from n/a through = 1.9.6...

CVE-2023-54158 btrfs: don't free qgroup space unless specified

In the Linux kernel, the following vulnerability has been resolved: btrfs: don't free qgroup space unless specified Boris noticed in his simple quotas testing that he was getting a leak with Sweet Tea's change to subvol create that stopped doing a transaction commit. This was just a side effect o...

Security Bulletin: Components with known vulnerabilities in IBM Security QRadar Analyst Workflow for IBM QRadar SIEM

Summary Multiple components with known vulnerabilities were addressed in a IBM Security QRadar Analyst Workflow for IBM QRadar SIEM release Vulnerability Details CVEID:CVE-2025-64756 DESCRIPTION: Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions...

Optimizing Epsilon Security Parameters in QKD

We investigate the optimization of epsilon-security parameters in quantum key distribution QKD, aiming to improve the achievable secure key rate under a fixed overall composable security level. For this purpose, we employ a continuous genetic algorithm CGA to optimize the epsilon-security...

Jailbreak-Zero: A Path to Pareto Optimal Red Teaming for Large Language Models

This paper introduces Jailbreak-Zero, a novel red teaming methodology that shifts the paradigm of Large Language Model LLM safety evaluation from a constrained example-based approach to a more expansive and effective policy-based framework. By leveraging an attack LLM to generate a high volume of...

EUVD-2025-203717

In the Linux kernel, the following vulnerability has been resolved: s390: Disable ARCHWANTOPTIMIZEHUGETLBVMEMMAP As reported by Luiz Capitulino enabling HVO on s390 leads to reproducible crashes. The problem is that kernel page tables are modified without flushing corresponding TLB entries. Even ...

CVE-2025-68179

The CVE-2025-68179 entry concerns the Linux kernel: on s390, enabling ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP can lead to crashes/data corruption due to page-table modifications not flushing TLBs. The fix is to disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP (a revert of the original patch), since HVO hook...

SUSE SLES16 Security Update : binutils (SUSE-SU-2025:21195-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:21195-1 advisory. Changes in binutils: - Update to current 2.45 branch at 94cb1c075 to include fix for PR33584 a problem related to LTO vs fortran...

Important: Red Hat Security Advisory: Red Hat AI Inference Server Model Optimization Tools 3.2.5 (CUDA)

Red Hat AI Inference Server Model Optimization Tools 3.2.5 CUDA is now available. Red Hat® AI Inference Server Model Optimization Tools...

CVE-2025-13912

Multiple constant-time implementations in wolfSSL before version 5.8.4 may be transformed into non-constant-time binary by LLVM optimizations, which can potentially result in observable timing discrepancies and lead to information disclosure through timing side-channel attacks...

Important: Red Hat Security Advisory: Red Hat AI Inference Server Model Optimization Tools 3.2.2 (CUDA)

Red Hat AI Inference Server Model Optimization Tools 3.2.2 CUDA is now available. Red Hat® AI Inference Server Model Optimization Tools...

PrivLLMSwarm: Privacy-Preserving LLM-Driven UAV Swarms for Secure IoT Surveillance

Large Language Models LLMs are emerging as powerful enablers for autonomous reasoning and natural-language coordination in unmanned aerial vehicle UAV swarms operating within Internet of Things IoT environments. However, existing LLM-driven UAV systems process sensitive operational data in...

ThinkTrap: Denial-Of-Service Attacks against Black-Box LLM Services Via Infinite Thinking

Large Language Models LLMs have become foundational components in a wide range of applications, including natural language understanding and generation, embodied intelligence, and scientific discovery. As their computational requirements continue to grow, these models are increasingly deployed as...

EUVD-2025-201539

The 10Web Booster – Website speed optimization, Cache & Page Speed optimizer plugin for WordPress is vulnerable to arbitrary folder deletion due to insufficient file path validation in the getcachedirforpagefromurl function in all versions up to, and including, 2.32.7. This makes it possible for...

CVE-2025-12190

The Image Optimizer by wps.sk plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.0. This is due to missing or incorrect nonce validation on the imagopbyajaxoptimizegallery function. This makes it possible for unauthenticated attackers to...