Saffron-1: Towards an Inference Scaling Paradigm for LLM Safety Assurance

Existing safety assurance research has primarily focused on training-phase alignment to instill safe behaviors into LLMs. However, recent studies have exposed these methods' susceptibility to diverse jailbreak attacks. Concurrently, inference scaling has significantly advanced LLM reasoning...

openjdk: Enhance Buffered Image handling (Oracle CPU 2025-04)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracle Java SE: 8u441, 8u441-perf, 11.0.26, 17.0.14, 21.0.6, 24; Oracle GraalVM for JDK: 17.0.14, 21.0.6, 24; Oracle...

Video Signature: In-Generation Watermarking for Latent Video Diffusion Models

The rapid development of Artificial Intelligence Generated Content AIGC has led to significant progress in video generation but also raises serious concerns about intellectual property protection and reliable content tracing. Watermarking is a widely adopted solution to this issue, but existing...

Joint Data Hiding and Partial Encryption of Compressive Sensed Streams

The paper proposes a method to secure the Compressive Sensing CS streams. It consists in protecting part of the measurements by a secret key and inserting the code into the rest. The secret key is generated via a cryptographically secure pseudo-random number generator CSPRNG and XORed with the...

USN-7525-2 Tomcat vulnerability

USN-7525-1 fixed CVE-2025-24813 for tomcat9 in Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 18.04 LTS. This update fixes it for tomcat9 in Ubuntu 24.04 LTS, Ubuntu 24.10, and Ubuntu 25.10. These versions include only the tomcat library libtomcat9-java and not the full tomcat server stack...

Fedora: Security Advisory (FEDORA-2025-29900cbe83)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-21170

Vulnerability in the MySQL Connectors product of Oracle MySQL component: Connector/Python. Supported versions that are affected are 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successfu...

CVE-2024-21120

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware component: Outside In Core. Supported versions that are affected are 8.5.6 and 8.5.7. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Outside In...

CVE-2024-20995

Vulnerability in the Oracle Database Sharding component of Oracle Database Server. Supported versions that are affected are 19.3-19.22 and 21.3-21.13. Easily exploitable vulnerability allows high privileged attacker having DBA privilege with network access via Oracle Net to compromise Oracle...

CVE-2024-21063

Vulnerability in the PeopleSoft Enterprise HCM Benefits Administration product of Oracle PeopleSoft component: Benefits Administration. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where PeopleSoft...

CVE-2024-20939

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite component: Admin Console. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle CRM Technica...

CVE-2024-20915

Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite component: Login - SSO. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application...

CVE-2024-20905

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Enterprise Infrastructure SEC. Supported versions that are affected are Prior to 9.2.8.0. Easily exploitable vulnerability allows high privileged attacker with network access via JDENET to compromise JD...

CVE-2024-21515

This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the filename parameter of the admin tool/log route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The user is then prompted to login a...

CVE-2024-22275

The vCenter Server contains a partial file read vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to partially read arbitrary files containing sensitive data...

CVE-2024-21117

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware component: Outside In Core. Supported versions that are affected are 8.5.6 and 8.5.7. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Outside In...

CVE-2024-5416

The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the url parameter of multiple widgets in all versions up to, and including, 3.23.4 due to insufficient input sanitization and output escaping on user supplied...

CVE-2024-10520

The WP Project Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'check' method of the 'CreateMilestone', 'CreateTaskList', 'CreateTask', and 'DeleteTask' classes in version 2.6.14. This makes it possible for unauthenticated...

CVE-2024-24569

The Pixee Java Code Security Toolkit is a set of security APIs meant to help secure Java code. ZipSecurityisBelowCurrentDirectory is vulnerable to a partial-path traversal bypass. To be vulnerable to the bypass, the application must use toolkit version =1.1.1, use ZipSecurity as a guard against...

CVE-2024-21174

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.23, 21.3-21.14 and 23.4. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to...