CVE-2025-8707 Huuge Box App com.huuge.game.zjbox AndroidManifest.xml improper export of android application components

A vulnerability was found in Huuge Box App 1.0.3 on Android. It has been classified as problematic. This affects an unknown part of the file AndroidManifest.xml of the component com.huuge.game.zjbox. The manipulation leads to improper export of android application components. Local access is...

PT-2025-32339 · Unknown · Com.Huuge.Game.Zjbox +1

Name of the Vulnerable Software and Affected Versions: Huuge Box version 1.0.3 Description: A vulnerability exists in the Huuge Box App for Android. The issue involves the improper export of Android application components due to manipulation of an unknown part of the AndroidManifest.xml file with...

Huuge Box App 安全漏洞

Huuge Box App is a mobile application from Huuge. A security vulnerability exists in Huuge Box App version 1.0.3, which originates from improper export of Android application components...

CVE-2025-21017

Out-of-bounds write in detaching crypto box in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory...

CVE-2025-21017

Out-of-bounds write in detaching crypto box in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory...

BDFirewall: Towards Effective and Expeditiously Black-Box Backdoor Defense in MLaaS

In this paper, we endeavor to address the challenges of backdoor attacks countermeasures in black-box scenarios, thereby fortifying the security of inference under MLaaS. We first categorize backdoor triggers from a new perspective, i.e., their impact on the patched area, and divide them into:...

Attractive Metadata Attack: Inducing LLM Agents to Invoke Malicious Tools

Large language model LLM agents have demonstrated remarkable capabilities in complex reasoning and decision-making by leveraging external tools. However, this tool-centric paradigm introduces a previously underexplored attack surface: adversaries can manipulate tool metadata -- such as names,...

"Energon": Unveiling Transformers from GPU Power and Thermal Side-Channels

Transformers have become the backbone of many Machine Learning ML applications, including language translation, summarization, and computer vision. As these models are increasingly deployed in shared Graphics Processing Unit GPU environments via Machine Learning as a Service MLaaS, concerns aroun...

CVE-2013-10057 Synactis PDF In-The-Box ConnectToSynactic Stack-Based Buffer Overflow

A stack-based buffer overflow vulnerability exists in Synactis PDF In-The-Box ActiveX control PDFIN1.ocx, specifically the ConnectToSynactis method. When a long string is passed to this method—intended to populate the ldCmdLine argument of a WinExec call—a strcpy operation overwrites a saved...

Malicious code in box-lib-node (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-6405 Malicious code in box-lib-node (npm)

--- -= Per source details. Do not edit below this line.=-...

Hot-Swap MarkBoard: an Efficient Black-Box Watermarking Approach for Large-Scale Model Distribution

Recently, Deep Learning DL models have been increasingly deployed on end-user devices as On-Device AI, offering improved efficiency and privacy. However, this deployment trend poses more serious Intellectual Property IP risks, as models are distributed on numerous local devices, making them...

Generating Adversarial Point Clouds Using Diffusion Model

Adversarial attack methods for 3D point cloud classification reveal the vulnerabilities of point cloud recognition models. This vulnerability could lead to safety risks in critical applications that use deep learning models, such as autonomous vehicles. To uncover the deficiencies of these models...

Removing Box-Free Watermarks for Image-To-Image Models Via Query-Based Reverse Engineering

The intellectual property of deep generative networks GNets can be protected using a cascaded hiding network HNet which embeds watermarks or marks into GNet outputs, known as box-free watermarking. Although both GNet and HNet are encapsulated in a black box called operation network, or ONet, with...

Leveraging Trustworthy AI for Automotive Security in Multi-Domain Operations: Towards a Responsive Human-AI Multi-Domain Task Force for Cyber Social Security

Multi-Domain Operations MDOs emphasize cross-domain defense against complex and synergistic threats, with civilian infrastructures like smart cities and Connected Autonomous Vehicles CAVs emerging as primary targets. As dual-use assets, CAVs are vulnerable to Multi-Surface Threats MSTs,...

BACFuzz: Exposing the Silence on Broken Access Control Vulnerabilities in Web Applications

Broken Access Control BAC remains one of the most critical and widespread vulnerabilities in web applications, allowing attackers to access unauthorized resources or perform privileged actions. Despite its severity, BAC is underexplored in automated testing due to key challenges: the lack of...

Optimizing Canaries for Privacy Auditing with Metagradient Descent

In this work we study black-box privacy auditing, where the goal is to lower bound the privacy parameter of a differentially private learning algorithm using only the algorithm's outputs i.e., final trained model. For DP-SGD the most successful method for training differentially private deep...

Attacking Interpretable NLP Systems

Studies have shown that machine learning systems are vulnerable to adversarial examples in theory and practice. Where previous attacks have focused mainly on visual models that exploit the difference between human and machine perception, text-based models have also fallen victim to these attacks...

Breaking the Illusion of Security Via Interpretation: Interpretable Vision Transformer Systems under Attack

Vision transformer ViT models, when coupled with interpretation models, are regarded as secure and challenging to deceive, making them well-suited for security-critical domains such as medical applications, autonomous vehicles, drones, and robotics. However, successful attacks on these systems ca...

PT-2026-45416

Name of the Vulnerable Software and Affected Versions GPAC Project/MP4Box versions prior to 26.02.0 Description A NULL pointer dereference exists in the gf ac4 pres b 4 back channels present function within the /media tools/av parsers.c file. This issue allows an attacker to cause a Denial of...