Astro 安全漏洞

Astro is an Astro open source web framework for content-driven websites. A security vulnerability exists in Astro versions prior to 5.14.3, which stems from an arbitrary local file read vulnerability in the Image Optimization endpoint of the development server that could lead to information...

PT-2025-47487

Astro is a web framework. Prior to version 5.14.3, a vulnerability has been identified in the Astro framework's development server that allows arbitrary local file read access through the image optimization endpoint. The vulnerability affects Astro development environments and allows remote...

Astro 跨站脚本漏洞

Astro is an Astro open source web framework for content-driven websites. A cross-site scripting vulnerability exists in Astro versions prior to 5.15.9, which stems from an image optimization endpoint that unconditionally allows data protocol URLs, potentially leading to cross-site scripting attac...

VEIL: Jailbreaking Text-To-Video Models Via Visual Exploitation from Implicit Language

Jailbreak attacks can circumvent model safety guardrails and reveal critical blind spots. Prior attacks on text-to-video T2V models typically add adversarial perturbations to obviously unsafe prompts, which are often easy to detect and defend. In contrast, we show that benign-looking prompts...

GRAPHTEXTACK: A Realistic Black-Box Node Injection Attack on LLM-Enhanced GNNs

Text-attributed graphs TAGs, which combine structural and textual node information, are ubiquitous across many domains. Recent work integrates Large Language Models LLMs with Graph Neural Networks GNNs to jointly model semantics and structure, resulting in more general and expressive models that...

HSEC-2024-0006 fromIntegral: conversion error

fromIntegral: conversion error fromIntegral may result in coercion errors when used with optimization flags -O1 or -O2 in the following situation: - Converting negative Int to Natural does not throw an arithmetic underflow error - Converting large Integer greater than 2^64 to Natural overflow. Fo...

SUSE CVE-2025-40148

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add NULL pointer checks in dcstream cursor attribute functions The function dcstreamsetcursorattributes currently dereferences the stream pointer and nested members stream-ctx-dc-currentstate without checking for...

com.salesforce.perfeng.uiperf:ImageOptimization (=2.0.1), org.webjars:imagemin (>=0.4.6-1 <=3.1.0) +2 more potentially affected by CVE-2025-64718 via org.webjars:js-yaml (=3.0.2)

org.webjars:js-yaml MAVEN version =3.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars:js-yaml and may be impacted: - com.salesforce.perfeng.uiperf:ImageOptimization =2.0.1 - org.webjars:imagemin =0.4.6-1, =0.1.0-1, =4.0.0 -...

EUVD-2025-158261

The Convert WebP & AVIF | Quicq | Best image optimizer and compression plugin | Improve your Google Pagespeed plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxwpqaidisconnectquicqafosto' AJAX endpoint in all versions up to, an...

MTAttack: Multi-Target Backdoor Attacks against Large Vision-Language Models

Recent advances in Large Visual Language Models LVLMs have demonstrated impressive performance across various vision-language tasks by leveraging large-scale image-text pretraining and instruction tuning. However, the security vulnerabilities of LVLMs have become increasingly concerning,...

Decoupling Bias, Aligning Distributions: Synergistic Fairness Optimization for Deepfake Detection

Fairness is a core element in the trustworthy deployment of deepfake detection models, especially in the field of digital identity security. Biases in detection models toward different demographic groups, such as gender and race, may lead to systemic misjudgments, exacerbating the digital divide...

EUVD-2025-115987

Malicious code in bootstrap-optimize-css-assets-webpack-plugin-jupiter-unuk npm...

Toward Autonomous and Efficient Cybersecurity: A Multi-Objective AutoML-Based Intrusion Detection System

With increasingly sophisticated cybersecurity threats and rising demand for network automation, autonomous cybersecurity mechanisms are becoming critical for securing modern networks. The rapid expansion of Internet of Things IoT systems amplifies these challenges, as resource-constrained IoT...

JPRO: Automated Multimodal Jailbreaking Via Multi-Agent Collaboration Framework

The widespread application of large VLMs makes ensuring their secure deployment critical. While recent studies have demonstrated jailbreak attacks on VLMs, existing approaches are limited: they require either white-box access, restricting practicality, or rely on manually crafted patterns, leadin...

[SECURITY] Fedora 42 Update: qt5-qtquickcontrols2-5.15.18-1.fc42

The Qt Labs Controls module provides a set of controls that can be used to build complete interfaces in Qt Quick. Unlike Qt Quick Controls, these controls are optimized for embedded systems and so are preferred for hardware with limited resources...

Automated and Explainable Denial of Service Analysis for AI-Driven Intrusion Detection Systems

With the increasing frequency and sophistication of Distributed Denial of Service DDoS attacks, it has become critical to develop more efficient and interpretable detection methods. Traditional detection systems often struggle with scalability and transparency, hindering real-time response and...

PT-2025-45187

Path Traversal: '.../...//' vulnerability in WPMU DEV - Your All-in-One WordPress Platform Smush Image Compression and Optimization wp-smushit allows Path Traversal.This issue affects Smush Image Compression and Optimization: from n/a through = 3.17.0...

AI Summarization Optimization

These days, the most important meeting attendee isn’t a person: It’s the AI notetaker. This system assigns action items and determines the importance of what is said. If it becomes necessary to revisit the facts of the meeting, its summary is treated as impartial evidence. But clever meeting...

UBUNTU-CVE-2023-53706

In the Linux kernel, the following vulnerability has been resolved: mm/vmemmap/devdax: fix kernel crash when probing devdax devices commit 4917f55b4ef9 "mm/sparse-vmemmap: improve memory savings for compound devmaps" added support for using optimized vmmemap for devdax devices. But how vmemmap...

CVE-2023-53706 mm/vmemmap/devdax: fix kernel crash when probing devdax devices

In the Linux kernel, the following vulnerability has been resolved: mm/vmemmap/devdax: fix kernel crash when probing devdax devices commit 4917f55b4ef9 "mm/sparse-vmemmap: improve memory savings for compound devmaps" added support for using optimized vmmemap for devdax devices. But how vmemmap...