MOSAIC-Bench: Measuring Compositional Vulnerability Induction in Coding Agents

Coding agents often pass per-prompt safety review yet ship exploitable code when their tasks are decomposed into routine engineering tickets. The challenge is structural: existing safety alignment evaluates overt requests in isolation, leaving models blind to malicious end-states that emerge from...

Why LLMs Fail: A Failure Analysis and Partial Success Measurement for Automated Security Patch Generation

Large Language Models LLMs show promise for Automated Program Repair APR, yet their effectiveness on security vulnerabilities remains poorly characterized. This study analyzes 319 LLM-generated security patchesacross 64 Java vulnerabilities from the Vul4J benchmark. Using tri-axis evaluation...

Towards Reliable and Practical LLM Security Evaluations Via Bayesian Modelling

Before adopting a new large language model LLM architecture, it is critical to understand vulnerabilities accurately. Existing evaluations can be difficult to trust, often drawing conclusions from LLMs that are not meaningfully comparable, relying on heuristic inputs or employing metrics that fai...

National Instruments Circuit Design Suite

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose information or execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this these vulnerabilities, such as: Minimize...

Hitachi Energy TropOS Devices Series 1400/2400/6400

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for...

CVE-2024-54300

creationtimestamp| type| source ---|---|--- 2024-12-14 01:29:57+00:00| seen| https://infosec.exchange/users/cve/statuses/113648585732532425...

K15399: Usermin remote vulnerability CVE-2014-3883

Security Advisory Description Description Usermin before 1.600 allows remote attackers to execute arbitrary operating-system commands via unspecified vectors related to a user action. CVE-2014-3883 Impact None. No F5 products are vulnerable to this vulnerability. Status F5 Product Development has...

K12597: PHP vulnerability CVE-2010-4156

Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this article have not been evaluated for...

SA44440 - April 21 2020 OpenSSL Security Advisory

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. On April 21 2020, the OpenSSL project announced a new security advisory. These issues may affect Pulse Secure product. Refer to KB43892 - What releases will Pulse Secure apply fixes to...

K13518: Multiple PHP vulnerabilities

Security Advisory Description The following PHP vulnerabilities require malicious user input in order to be exploited. For each item in the list, the affected command or component is not used by any F5 product, or its inputs are sanitized to prevent exploitation: CVE-2012-2376 CVE-2012-2311...

Exploit for Path Traversal in Zimbra Collaboration

CVE-2022-37042 Zimbra CVE-2022-37042 Nuclei weaponized tem...

Security Bulletin: Sterling Order Management and Spring vulnerability CVE-2022-22965

Abstract Is Sterling Order Management affected by Spring vulnerability CVE-2022-22965? Content IBM is aware of a recently surfaced vulnerability CVE-2022-22965 and has evaluated whether any Sterling Order Management applications are affected. The following is a summary of our evaluation: Componen...

Security Notice: NVIDIA Response to Log4j Vulnerabilities - December 2021

This notice is a response to the remote code execution vulnerabilities in the Log4j Java library, which is also known as Log4Shell. The CVE IDs of these vulnerabilities are as follows: CVE-2021-44228 CVE-2021-45046 CVE-2021-45105 NVIDIA is aware of these vulnerabilities and is evaluating their...

HackerOne: Improper UUID validation results in bypass of #419896

This was found while evaluating the vulnerability and patch identified in 419896. I determined the deployed patch to be effective. However, I noticed tracer values could be sent which didn't conform to the UUID specification as characters outside of the a-f and 0-9 ranges could be used. For...

WAVSEP 1.0.3 – Web Application Vulnerability Scanner Evaluation Project

WAVSEP 1.0.3 – Web Application Vulnerability Scanner Evaluation Project A vulnerable web application designed to help assessing the features, quality and accuracy of web application vulnerability scanners. This evaluation platform contains a collection of unique vulnerable web pages that can be...

Section network viagra intrusion detection system technology think-vulnerability warning-the black bar safety net

With the rapid development of Internet, the network security more and more by governments, businesses, and even personal attention. In the past, prevent network attacks the most common method is the firewall. However, relying solely on a firewall does not guarantee sufficient security, if the...