What LLMs Know About Their Users

Simon Willison talks about ChatGPT's new memory dossier feature. In his explanation, he illustrates how much the LLM--and the company--knows about its users. It's a big quote, but I want you to read it all. Here's a prompt you can use to give you a solid idea of what's in that summary. I first sa...

Moderate: Red Hat Security Advisory: delve security update

An update for delve is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

ALSA-2025:9317 Moderate: delve security update

Delve is a debugger for the Go programming language. The goal of the project is to provide a simple, full featured debugging tool for Go. Delve should be easy to invoke and easy to use. Chances are if you're using a debugger, things aren't going your way. With that in mind, Delve should stay out ...

Fuzzy Location and Allocation Hub Network Design for Air Cargo Transportation Considering Sustainability and Time Window

Hub location Problems seek to find hub facilities and assign non-hub nodes to them in such a way that the flow between origin and destination should be effectively established according to the desired goal. In general, in the literature of location, it is assumed that the time horizon of hub...

Linear and Numerical SDoF Bounds of Active RIS-Assisted MIMO Wiretap Interference Channel

The multiple-input multiple-output MIMO wiretap interference channel IC serves as a canonical model for information-theoretic security, where a multiple-antenna eavesdropper attempts to intercept communications in a two-user MIMO IC system. The secure degrees-of-freedom SDoF of an active...

ROS-20250619-04

Vulnerability of http2 package of Go programming language is related to uncontrolled server resources consumption as a result of resetting Server.MaxConcurrentStreams parameter during request stream processing. as a result of resetting the Server.MaxConcurrentStreams parameter when processing a...

ROS-20250619-01

A vulnerability in the Rack module interface of the Ruby programming language interpreter is related to sending requests with an extremely large number of parameters. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service A vulnerability in the Rack...

ROS-20250619-02

A vulnerability in the Net::IMAP module of the Ruby programming language is related to uncontrolled memory allocation. memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service...

CVE-2025-28991 WordPress Evon theme <= 3.4 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in snstheme Evon snsevon allows PHP Local File Inclusion.This issue affects Evon: from n/a through = 3.4...

Moderate: Red Hat Security Advisory: go-toolset:rhel8 security update

An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detail...

OSV-2025-467 Security exception in java.base/java.lang.StringUTF16.newBytesFor

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=424839378 Crash type: Security exception Crash state: java.base/java.lang.StringUTF16.newBytesFor java.base/java.lang.AbstractStringBuilder.inflate java.base/java.lang.AbstractStringBuilder.append...

TencentOS Server 3: rust-toolset:rhel8 (TSSA-2022:0116)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0116 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

ROS-20250616-03

A vulnerability in the Rack module interface of the Ruby programming language interpreter is related to insufficient insufficient validation of data provided by an attacker in Rack::CommonLogger. Exploitation of the vulnerability could Allow an attacker acting remotely to manipulate data log entr...

CVE-2025-5990 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Crafty Controller

An input neutralization vulnerability in the Server Name form and API Key form components of Crafty Controller allows a remote, authenticated attacker to perform stored XSS via malicious form input...

[SECURITY] Fedora 41 Update: python3.12-3.12.11-1.fc41

Python 3.12 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.12 package provides the "python3.12" executable:...

[SECURITY] Fedora 41 Update: python3.11-3.11.13-1.fc41

Python 3.11 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.11 package provides the "python3.11" executable:...

[SECURITY] Fedora 42 Update: python3.11-3.11.13-1.fc42

Python 3.11 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.11 package provides the "python3.11" executable:...

GHSA-9875-CW22-F7CX XWiki allows remote code execution through default value of wiki macro wiki-type parameters

Impact Any user with edit right on a page could be the user's profile can execute code Groovy, Python, Velocity with programming right by defining a wiki macro. This allows full access to the whole XWiki installation and thus impacts its confidentiality, integrity and availability. The main probl...

CVE-2025-49586

XWiki is an open-source wiki software platform. Any XWiki user with edit right on at least one App Within Minutes application the default for all users XWiki can obtain programming right/perform remote code execution by editing the application. This vulnerability has been fixed in XWiki 17.0.0,...

CVE-2025-49581

XWiki is a generic wiki platform. Any user with edit right on a page could be the user's profile can execute code Groovy, Python, Velocity with programming right by defining a wiki macro. This allows full access to the whole XWiki installation. The main problem is that if a wiki macro parameter...