RecurGuard: Runtime Monitoring for Reasoning-Token Consumption Attacks

Reasoning-capable large language models can be induced to spend their generation budget on injected decoy tasks rather than answering the user's question, causing denial of service when no final answer is produced and denial of wallet when excess output tokens are billed. Input-side safety...

MaxKB 代码问题漏洞

MaxKB is an open-source question-answering system based on large language models and RAG, developed by 1Panel-dev. Versions of MaxKB prior to 2.8.1 contained code vulnerabilities. These vulnerabilities stemmed from a server-side request forgeing vulnerability in the OSS file service URL retrieval...

MaxKB 安全漏洞

MaxKB is an open-source question-answering system based on large language models and RAG, developed by 1Panel-dev. Versions of MaxKB prior to 2.8.0 contained security vulnerabilities. These vulnerabilities stemmed from access control flaws in the API for retrieving OSS file service URLs, which...

CyberMaskQA: A Privacy-Aware Benchmark for Evaluating Large Language Models in Cybersecurity Question Answering

Large language models LLMs are increasingly applied to cybersecurity question answering QA for critical tasks such as incident response and vulnerability analysis. However, real-world operational contexts, including system logs and network configurations, inherently contain sensitive identifiers,...

MaxKB 代码注入漏洞

MaxKB is an open-source question-answering system based on large language models and RAG, developed by 1Panel-dev. Versions of MaxKB 2.2.1 and earlier have a code injection vulnerability. This vulnerability stems from incorrect handling of parameters in the file...

Stealthy and Adjustable Text-Guided Backdoor Attacks on Multimodal Pretrained Models

Multimodal pretrained models are vulnerable to backdoor attacks, yet most existing methods rely on visual or multimodal triggers, which are impractical since visually embedded triggers rarely occur in real-world data. To overcome this limitation, we propose a novel Text-Guided Backdoor TGB attack...

CVE-2025-64663

Custom Question Answering Elevation of Privilege Vulnerability...

CVE-2025-64663

Custom Question Answering Elevation of Privilege Vulnerability...

CVE-2025-64663

Custom Question Answering Elevation of Privilege Vulnerability...

EUVD-2025-204416

Custom Question Answering Elevation of Privilege Vulnerability...

CVE-2025-64663 Custom Question Answering Elevation of Privilege Vulnerability

...

CVE-2025-64663 Custom Question Answering Elevation of Privilege Vulnerability

...

CVE-2025-64663

CVE-2025-64663 affects Microsoft Azure Cognitive Service for Language, specifically the Custom Question Answering component. The flaw is described as an Elevation of Privilege vulnerability caused by a flaw in the customized question and answer flow, enabling an attacker to gain elevated privileg...

Custom Question Answering Elevation of Privilege Vulnerability

...

PT-2025-52357

Name of the Vulnerable Software and Affected Versions Custom Question Answering affected versions not specified Description An elevation of privilege issue exists in Custom Question Answering. The issue allows for privilege escalation. No information is available regarding the number of potential...

KLA90827 Multiple vulnerabilities in Microsoft Azure

Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to spoof user interface, bypass security restrictions, execute arbitrary code, gain privileges. Below is a complete list of vulnerabilities: 1. A spoofing vulnerability in Azure Cosmos DB can...

EUVD-2025-10681

Malicious code in bioql PyPI...

LLaVul: a Multimodal LLM for Interpretable Vulnerability Reasoning about Source Code

Increasing complexity in software systems places a growing demand on reasoning tools that unlock vulnerabilities manifest in source code. Many current approaches focus on vulnerability analysis as a classifying task, oversimplifying the nuanced and context-dependent real-world scenarios. Even...

Enhancing Targeted Adversarial Attacks on Large Vision-Language Models through Intermediate Projector Guidance

Targeted adversarial attacks are essential for proactively identifying security flaws in Vision-Language Models before real-world deployment. However, current methods perturb images to maximize global similarity with the target text or reference image at the encoder level, collapsing rich visual...

Adversarial Attacks on VQA-NLE: Exposing and Alleviating Inconsistencies in Visual Question Answering Explanations

Natural language explanations in visual question answering VQA-NLE aim to make black-box models more transparent by elucidating their decision-making processes. However, we find that existing VQA-NLE systems can produce inconsistent explanations and reach conclusions without genuinely understandi...