CVE-2021-41204

TensorFlow is an open source platform for machine learning. In affected versions during TensorFlow's Grappler optimizer phase, constant folding might attempt to deep copy a resource tensor. This results in a segfault, as these tensors are supposed to not change. The fix will be included in...

CVE-2021-29982

Due to incorrect JIT optimization, we incorrectly interpreted data from the wrong type of object, resulting in the potential leak of a single bit of memory. This vulnerability affects Firefox 91 and Thunderbird 91...

CVE-2020-1392

An elevation of privilege vulnerability exists when the Windows Delivery Optimization service improperly handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1388, CVE-2020-1394, CVE-2020-1395...

CVE-2020-23446

Verint Workforce Optimization suite 15.1 15.1.0.37634 has Unauthenticated Information Disclosure via API...

CVE-2020-0983

An elevation of privilege vulnerability exists when the Windows Delivery Optimization service improperly handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0934, CVE-2020-1009, CVE-2020-1011, CVE-2020-1015...

CVE-2020-23914

An issue was discovered in cpp-peglib through v0.1.12. A NULL pointer dereference exists in the peg::AstOptimizer::optimize located in peglib.h. It allows an attacker to cause Denial of Service...

CVE-2020-13480

Verint Workforce Optimization WFO 15.2 allows HTML injection via the "send email" feature...

CVE-2020-10111

Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent Interpretation of HTTP Requests. NOTE: Citrix disputes the reported behavior as not a security issue. Citrix ADC only caches HTTP/1.1 traffic for performance optimization...

CVE-2019-25054

An issue was discovered in the pnet crate before 0.27.2 for Rust. There is a segmentation fault upon attempted dereference of an uninitialized descriptor because of an erroneous IcmpTransportChannelIterator compiler optimization...

CVE-2018-20930

cPanel before 70.0.23 allows .htaccess restrictions bypass when Htaccess Optimization is enabled SEC-401...

BadVLA: Towards Backdoor Attacks on Vision-Language-Action Models Via Objective-Decoupled Optimization

Vision-Language-Action VLA models have advanced robotic control by enabling end-to-end decision-making directly from multimodal inputs. However, their tightly coupled architectures expose novel security vulnerabilities. Unlike traditional adversarial perturbations, backdoor attacks represent a...

Fine-Tuning Your Managed Databases: Optimize Performance with Advanced Parameters

Managed database services DBaaS provide a powerful and scalable approach to deploying and managing databases without the overhead of manual maintenance...

LAGO: Few-Shot Crosslingual Embedding Inversion Attacks Via Language Similarity-Aware Graph Optimization

We propose LAGO - Language Similarity-Aware Graph Optimization - a novel approach for few-shot cross-lingual embedding inversion attacks, addressing critical privacy vulnerabilities in multilingual NLP systems. Unlike prior work in embedding inversion attacks that treat languages independently,...

AI-Driven Dynamic Firewall Optimization Using Reinforcement Learning for Anomaly Detection and Prevention

The growing complexity of cyber threats has rendered static firewalls increasingly ineffective for dynamic, real-time intrusion prevention. This paper proposes a novel AI-driven dynamic firewall optimization framework that leverages deep reinforcement learning DRL to autonomously adapt and update...

Insufficient Control Flow Management

Vyper is vulnerable to Insufficient Control Flow Management. The vulnerability is due to a fastpath optimization in the concat function that skips evaluating argument expressions when their length is zero, allowing the omission of side effects and potentially leading to unintended logic behavior ...

Agency Problems and Adversarial Bilevel Optimization under Uncertainty and Cyber Threats

We study an agency problem between a holding company and its subsidiary, exposed to cyber threats that affect the overall value of the subsidiary. The holding company seeks to design an optimal incentive scheme to mitigate these losses. In response, the subsidiary selects an optimal cybersecurity...

DeFeed: Secure Decentralized Cross-Contract Data Feed in Web 3.0 for Connected Autonomous Vehicles

Smart contracts have been a topic of interest in blockchain research and are a key enabling technology for Connected Autonomous Vehicles CAVs in the era of Web 3.0. These contracts enable trustless interactions without the need for intermediaries, as they operate based on predefined rules encoded...

Optimal Client Sampling in Federated Learning with Client-Level Heterogeneous Differential Privacy

Federated Learning with client-level differential privacy DP provides a promising framework for collaboratively training models while rigorously protecting clients' privacy. However, classic approaches like DP-FedAvg struggle when clients have heterogeneous privacy requirements, as they must...

Security Bulletin: Multiple Vulnerabilities affecting IBM Decision Optimization for Cloud Pak for Data are addressed

Summary There are multiple vulnerabilities impacting IBM Decision Optimization for Cloud Pak for Data. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-22150 DESCRIPTION: Undici is an HTTP/1.1 client. Starting in version 4.5.0 and pri...

Co-Evolutionary Defence of Active Directory Attack Graphs Via GNN-Approximated Dynamic Programming

Modern enterprise networks increasingly rely on Active Directory AD for identity and access management. However, this centralization exposes a single point of failure, allowing adversaries to compromise high-value assets. Existing AD defense approaches often assume static attacker behavior, but...