3488 matches found
FuzzPilot: Plateau-Triggered Recipe Validation for Structured Text Fuzzing
FuzzPilot is a controller for AFL++ that moves expensive reasoning out of the mutation hot path. When coverage plateaus, it snapshots the corpus, prepares candidate mutation recipes, evaluates them in short isolated AFL++ micro-campaigns, and promotes only recipes with positive validation reward...
PT-2026-41417
Claude Mythos Preview case studies also, read your transcripts! https://t.co/drNlAH5mLE "Mythos demonstrates its bug reproduction and exploitation capabilities on CVE-2024-051912, an in-the-wild exploited bug that has no public report nor a working PoC whatsoever in the public domain. This bug ha...
Do Androids Dream of Breaking the Game? Systematically Auditing AI Agent Benchmarks with BenchJack
Agent benchmarks have become the de facto measure of frontier AI competence, guiding model selection, investment, and deployment. However, reward hacking, where agents maximize a score without performing the intended task, emerges spontaneously in frontier models without overfitting. We argue tha...
ARES: Adaptive Red-Teaming and End-To-End Repair of Policy-Reward System
Reinforcement Learning from Human Feedback RLHF is central to aligning Large Language Models LLMs, yet it introduces a critical vulnerability: an imperfect Reward Model RM can become a single point of failure when it fails to penalize unsafe behaviors. While existing red-teaming approaches...
Privacy-Aware Machine Unlearning with SISA for Reinforcement Learning-Based Ransomware Detection
Ransomware detection systems increasingly rely on behavior-based machine learning to address evolving attack strategies. However, emerging privacy compliance, data governance, and responsible AI deployment demand not only accurate detection but also the ability to efficiently remove the influence...
starknet-staking_audit1
Markdown https://dev.to/rdin777/starknet-btc-staking-how-to-ext...
CVE-2026-40093
nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In 1.3.0 and earlier, block timestamp validation enforces that timestamp = parent.timestamp for non-skip blocks and timestamp == parent.timestamp + MINPRODUCERTIMEOUT for skip blocks, but there is no visible upper...
GHSA-49XC-52MP-CC9J nimiq-blockchain is missing a wall-clock upper bound on block timestamps
Impact Block timestamp validation enforces that timestamp = parent.timestamp for non-skip blocks and timestamp == parent.timestamp + MINPRODUCERTIMEOUT for skip blocks, but there is no visible upper bound check against the wall clock. A malicious block-producing validator can set block timestamps...
EUVD-2026-21146
nimiq-blockchain is missing a wall-clock upper bound on block timestamps...
nimiq-blockchain is missing a wall-clock upper bound on block timestamps
Impact Block timestamp validation enforces that timestamp = parent.timestamp for non-skip blocks and timestamp == parent.timestamp + MINPRODUCERTIMEOUT for skip blocks, but there is no visible upper bound check against the wall clock. A malicious block-producing validator can set block timestamps...
CVE-2026-40093
nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In 1.3.0 and earlier, block timestamp validation enforces that timestamp = parent.timestamp for non-skip blocks and timestamp == parent.timestamp + MINPRODUCERTIMEOUT for skip blocks, but there is no visible upper...
CVE-2026-40093
nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In 1.3.0 and earlier, block timestamp validation enforces that timestamp = parent.timestamp for non-skip blocks and timestamp == parent.timestamp + MINPRODUCERTIMEOUT for skip blocks, but there is no visible upper...
CVE-2026-40093 nimiq-blockchain is missing a wall-clock upper bound on block timestamps
nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In 1.3.0 and earlier, block timestamp validation enforces that timestamp = parent.timestamp for non-skip blocks and timestamp == parent.timestamp + MINPRODUCERTIMEOUT for skip blocks, but there is no visible upper...
Exploit for CVE-2025-15260
CVE-2025-15260: Missing Authorization / Broken Access Control...
PT-2026-31733
Name of the Vulnerable Software and Affected Versions nimiq-blockchain versions 1.3.0 and earlier Description nimiq-blockchain, used for persistent block storage in Nimiq's Rust implementation, has an issue where block timestamp validation lacks an upper bound check against the wall clock in...
core-rs-albatross 安全漏洞
core-rs-albatross is a Rust implementation of the Albatross protocol developed by Nimiq. Versions of core-rs-albatross 1.3.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from a lack of upper limit checks on block timestamps, allowing malicious validators to set...
AttackEval: A Systematic Empirical Study of Prompt Injection Attack Effectiveness against Large Language Models
Prompt injection has emerged as a critical vulnerability in large language model LLM deployments, yet existing research is heavily weighted toward defenses. The attack side -- specifically, which injection strategies are most effective and why -- remains insufficiently studied.We address this gap...
CVE-2026-2424
The Reward Video Ad for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.6. This is due to insufficient input sanitization and output escaping on plugin settings such as the 'Account ID', 'Message before the...
CVE-2026-25873
OmniGen2-RL contains an unauthenticated remote code execution vulnerability in the reward server component that allows remote attackers to execute arbitrary commands by sending malicious HTTP POST requests. Attackers can exploit insecure pickle deserialization of request bodies to achieve code...
CVE-2026-2424
The Reward Video Ad for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.6. This is due to insufficient input sanitization and output escaping on plugin settings such as the 'Account ID', 'Message before the...