42 matches found
Flatpress < v1.2.1 - Cross Site Scripting
Flatpress v1.2.1 was discovered to contain a reflected cross-site scripting XSS vulnerability via the page parameter at /flatpress/admin.php. id: CVE-2022-40047 info: name: Flatpress v1.2.1 - Cross Site Scripting author: r3Y3r53 severity: medium description: | Flatpress v1.2.1 was discovered to...
GO-2026-4953 goshs is Missing Write Protection for Parametric Data Values in github.com/patrickhener/goshs
goshs is Missing Write Protection for Parametric Data Values in github.com/patrickhener/goshs...
PT-2026-42366
goshs is Missing Write Protection for Parametric Data Values in github.com/patrickhener/goshs...
Missing Write Protection for Parametric Data Values
Overview Affected versions of this package are vulnerable to Missing Write Protection for Parametric Data Values through improper sanitization of the destination path in the rename process. An attacker can overwrite files outside the intended root directory by supplying crafted destination paths...
Missing Write Protection for Parametric Data Values
Overview Affected versions of this package are vulnerable to Missing Write Protection for Parametric Data Values through improper sanitization of the destination path in the rename process. An attacker can overwrite files outside the intended root directory by supplying crafted destination paths...
EUVD-2026-21589
goshs is Missing Write Protection for Parametric Data Values...
Secure Retrieval-Augmented Generation against Poisoning Attacks
Large language models LLMs have transformed natural language processing NLP, enabling applications from content generation to decision support. Retrieval-Augmented Generation RAG improves LLMs by incorporating external knowledge but also introduces security risks, particularly from data poisoning...
Spring Framework annotation detection mechanism may result in improper authorization
The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue if such annotations are used for authorization decisions. Your application may be affected by...
Mitigating Jailbreaks with Intent-Aware LLMs
Despite extensive safety-tuning, large language models LLMs remain vulnerable to jailbreak attacks via adversarially crafted instructions, reflecting a persistent trade-off between safety and task performance. In this work, we propose Intent-FT, a simple and lightweight fine-tuning approach that...
Optimal Debiased Inference on Privatized Data Via Indirect Estimation and Parametric Bootstrap
We design a debiased parametric bootstrap framework for statistical inference from differentially private data. Existing usage of the parametric bootstrap on privatized data ignored or avoided handling the effect of clamping, a technique employed by the majority of privacy mechanisms. Ignoring th...
Towards Reliable Forgetting: a Survey on Machine Unlearning Verification, Challenges, and Future Directions
With growing demands for privacy protection, security, and legal compliance e.g., GDPR, machine unlearning has emerged as a critical technique for ensuring the controllability and regulatory alignment of machine learning models. However, a fundamental challenge in this field lies in effectively...
The vulnerability of Cobalt Ashlar-Vellum’s software for parametric automated design and 3D modeling lies in its ability to read data beyond the buffer limit in memory, allowing an attacker to execute arbitrary code.
The vulnerability of Cobalt Ashlar-Vellum software for parametric automated design and 3D modeling lies in the reading of data beyond the buffer in memory during the processing of AR format files. Exploiting this vulnerability allows an attacker to execute arbitrary code...
SILENT: a New Lens on Statistics in Software Timing Side Channels
Cryptographic research takes software timing side channels seriously. Approaches to mitigate them include constant-time coding and techniques to enforce such practices. However, recent attacks like Meltdown 42, Spectre 37, and Hertzbleed 70 have challenged our understanding of what it means for...
The vulnerability of the Cobalt Ashlar-Vellum software for parametric automated design and 3D modeling lies in its ability to read data beyond the acceptable range of memory. This allows a malicious actor to execute arbitrary code.
The vulnerability of the Cobalt Ashlar-Vellum software for parametric automated design and 3D modeling lies in the ability to read data beyond the acceptable range in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code within the context of the current process...
The vulnerability of Cobalt Ashlar-Vellum software for parametric automated design and 3D modeling lies in its integer overflow vulnerabilities, allowing an attacker to execute arbitrary code.
The vulnerability of the Cobalt Ashlar-Vellum software for parametric automated design and 3D modeling is related to a numerical overflow condition. Exploiting this vulnerability could allow an attacker to execute arbitrary code within the context of the current process...
The vulnerability of Cobalt Ashlar-Vellum’s software-based parametric automated design and 3D modeling capabilities lies in its ability to exploit memory after release, allowing an attacker to execute arbitrary code.
The vulnerability of Cobalt Ashlar-Vellum’s parametric automated design and 3D modeling software lies in its ability to exploit memory after it is freed. Exploiting this vulnerability allows an attacker to execute arbitrary code within the context of the current process...
The vulnerability of Cobalt Ashlar-Vellum’s software for parametric automated design and 3D modeling lies in its integer overflow vulnerabilities, allowing an attacker to execute arbitrary code.
The vulnerability of Cobalt Ashlar-Vellum software for parametric automated design and 3D modeling is related to a numerical overflow condition. Exploiting this vulnerability could allow an attacker to execute arbitrary code within the context of the current process...
The vulnerability of Cobalt Ashlar-Vellum’s software for parametric automated design and 3D modeling lies in buffer overflow attacks in dynamic memory, allowing an attacker to execute arbitrary code.
The vulnerability of the Cobalt Ashlar-Vellum software for parametric automated design and 3D modeling is related to buffer overflow in dynamic memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code within the context of the current process...
The vulnerability of Cobalt Ashlar-Vellum’s software for parametric automated design and 3D modeling lies in its ability to read data beyond the buffer limit in memory, allowing an attacker to execute arbitrary code.
The vulnerability of Cobalt Ashlar-Vellum software for parametric automated design and 3D modeling lies in the reading of data beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code within the context of the current process...
The vulnerability of the Cobalt Ashlar-Vellum software for parametric automated design and 3D modeling lies in errors related to data type mixing, allowing a hacker to execute arbitrary code.
The vulnerability of the Cobalt Ashlar-Vellum software for parametric automated design and 3D modeling is related to errors in data type mixing. Exploiting this vulnerability could allow an attacker to execute arbitrary code within the context of the current process...