[SECURITY] Fedora 44 Update: sentencepiece-0.2.1-1.fc44

The SentencePiece is an unsupervised text tokenizer for Neural Network-based text generation. It is an unsupervised text tokenizer and detokenizer mainly for Neural Network-based text generation systems where the vocabulary size is predetermined prior to the neural model training. SentencePiece...

Terminus-ai

Terminus-ai a foundation model trainthe entirety of exploit-...

Owner-Harm: A Missing Threat Model for AI Agent Safety

Existing AI agent safety benchmarks focus on generic criminal harm cybercrime, harassment, weapon synthesis, leaving a systematic blind spot for a distinct and commercially consequential threat category: agents harming their own deployers. Real-world incidents illustrate the gap: Slack AI...

Allocation of Resources Without Limits or Throttling

Overview @fedify/vocab-runtime is a Runtime library for code-generated Activity Vocabulary APIs Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the recursive handling of HTTP redirects in the remote and authenticated document loader...

Chamilo 跨站脚本漏洞

Chamilo is an open-source learning management system developed by Chamilo. Versions of Chamilo prior to 1.11.30 had a cross-site scripting vulnerability. This vulnerability stemmed from a storage-based cross-site scripting flaw in the vocabulary function, which could allow users with teacher role...

Deserialization of Untrusted Data

Overview keras is a Keras is a high-level neural networks API for Python.. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the .keras archives when they are initialized with a path to a vocabulary file. The model deserialization process when loading the...

EUVD-2011-3337

Malware in sbrugna...

EUVD-2012-1654

Malware in sbrugna...

Enhancing LLM Watermark Resilience against Both Scrubbing and Spoofing Attacks

Watermarking is a promising defense against the misuse of large language models LLMs, yet it remains vulnerable to scrubbing and spoofing attacks. This vulnerability stems from an inherent trade-off governed by watermark window size: smaller windows resist scrubbing better but are easier to...

Out-of-Bounds

Overview Affected versions of this package are vulnerable to Out-of-Bounds via the tokenize function in the file llama-vocab.cpp. An attacker can achieve arbitrary code execution or cause a denial of service by providing specially crafted text input that triggers a heap overflow during the...

Out-of-Bounds

Overview Affected versions of this package are vulnerable to Out-of-Bounds via the tokentopiece function in the file llama-vocab.cpp. An attacker can cause arbitrary memory corruption and potentially execute code by supplying a specially crafted GGUF model that triggers a buffer overflow during...

DEBIAN-CVE-2025-49847

llama.cpp is an inference of several LLM models in C/C++. Prior to version b5662, an attacker‐supplied GGUF model vocabulary can trigger a buffer overflow in llama.cpp’s vocabulary‐loading code. Specifically, the helper trycopy in llama.cpp/src/vocab.cpp: llamavocab::impl::tokentopiece casts a ve...

UBUNTU-CVE-2025-49847

llama.cpp is an inference of several LLM models in C/C++. Prior to version b5662, an attacker‐supplied GGUF model vocabulary can trigger a buffer overflow in llama.cpp’s vocabulary‐loading code. Specifically, the helper trycopy in llama.cpp/src/vocab.cpp: llamavocab::impl::tokentopiece casts a ve...

CVE-2025-49847

llama.cpp is an inference of several LLM models in C/C++. Prior to version b5662, an attacker‐supplied GGUF model vocabulary can trigger a buffer overflow in llama.cpp’s vocabulary‐loading code. Specifically, the helper trycopy in llama.cpp/src/vocab.cpp: llamavocab::impl::tokentopiece casts a ve...

llama.cpp 安全漏洞

llama.cpp is a multimodal model by the individual developer Georgi Gerganov. A security vulnerability exists in versions of llama.cpp prior to b5662, which stems from a buffer overflow that may be triggered by the GGUF model vocabulary, potentially leading to memory corruption and execution of...

Joint-GCG: Unified Gradient-Based Poisoning Attacks on Retrieval-Augmented Generation Systems

Retrieval-Augmented Generation RAG systems enhance Large Language Models LLMs by retrieving relevant documents from external corpora before generating responses. This approach significantly expands LLM capabilities by leveraging vast, up-to-date external knowledge. However, this reliance on...

TrojanStego: Your Language Model Can Secretly Be a Steganographic Privacy Leaking Agent

As large language models LLMs become integrated into sensitive workflows, concerns grow over their potential to leak confidential information. We propose TrojanStego, a novel threat model in which an adversary fine-tunes an LLM to embed sensitive context information into natural-looking outputs v...

Optimized Couplings for Watermarking Large Language Models

Large-language models LLMs are now able to produce text that is, in many cases, seemingly indistinguishable from human-generated content. This has fueled the development of watermarks that imprint a signal'' in LLM-generated text with minimal perturbation of an LLM's output. This paper provides a...

Moodle 安全漏洞

Moodle is a free e-learning software platform open-sourced by Moodle, also known as a course management system, learning management system, or virtual learning environment. A security vulnerability exists in Moodle that stems from an insufficient capability check enabling a user who is authorized...

SLiMS 9 Bulian Security Vulnerability

SLiMS 9 Bulian is a free and open source software from the SLiMS community in Indonesia. It is used for library resource management e.g. books, journals, digital files and other library materials and administration. A security vulnerability exists in SLiMS 9 Bulian version v9.6.1, which stems fro...