SCAFFOLD-CEGIS: Preventing Latent Security Degradation in LLM-Driven Iterative Code Refinement

The application of large language models to code generation has evolved from one-shot generation to iterative refinement, yet the evolution of security throughout iteration remains insufficiently understood. Through comparative experiments on three mainstream LLMs, this paper reveals the iterativ...

EUVD-2025-25800

Malicious code in bioql PyPI...

CVE-2025-25733

Incorrect access control in the SPI Flash Chip of Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units RSUs v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 allows physically proximate attackers to arbitrarily modify SPI flash regions, leading to a degradation of the security posture of the devi...

Kapsch TrafficCom RIS-9160和Kapsch TrafficCom RIS-9260 RSU LEO 安全漏洞

The Kapsch TrafficCom RIS-9260 RSU LEO and the Kapsch TrafficCom RIS-9160 are both a road measurement unit from Kapsch TrafficCom, Austria, with functions of communication and co-management of connected vehicles in intelligent transportation. A security vulnerability exists in the Kapsch TrafficC...

CVE-2025-25733

Incorrect access control in the SPI Flash Chip of Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units RSUs v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 allows physically proximate attackers to arbitrarily modify SPI flash regions, leading to a degradation of the security posture of the devi...

K24608264: Apache Struts vulnerabilities CVE-2020-17530 and CVE-2021-31805

Security Advisory Description CVE-2020-17530 Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25. CVE-2021-31805 The fix issued for CVE-2020-17530 was incomplete. So from Apache Stru...

CVE-2021-31805

The CVE-2021-31805 entry describes a Remote Code Execution risk in Apache Struts caused by forced OGNL evaluation in tag attributes. The issue arises when untrusted input is evaluated via %{...}, enabling double OGNL evaluation and potentially remote code execution. Affected products span Apache ...

CVE-2021-31805

The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %… syntax. Using forced OGNL evaluation on untrusted user input can lead to a...

Security Bulletin: API Connect V2018 is impacted by a security degradation vulnerability in Kubernetes (CVE-2019-9946)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-9946 DESCRIPTION: Kubernetes could provide weaker than expected security, caused by an interaction when paired with the embedded CNI Container Networking Interface that uses the portmap plugin...