1314 matches found
Hardware-Triggered Backdoors
Machine learning models are routinely deployed on a wide range of computing hardware. Although such hardware is typically expected to produce identical results, differences in its design can lead to small numerical variations during inference. In this work, we show that these variations can be...
SQLMAP-CTT-v2.0-33-Layer-Fractal-Resonance-SQL-Injection-Engine
SQLMAP-CTT-v2.0-33-Layer-Fractal-Resonance-SQL...
CVE-2025-22234
The fix applied in CVE-2025-22228 inadvertently broke the timing attack mitigation implemented in DaoAuthenticationProvider. This can allow attackers to infer valid usernames or other authentication behavior via response-time differences under certain configurations. Mitigation Mitigation for thi...
Spring Security has a broken timing attack mitigation implemented in DaoAuthenticationProvide
The fix applied in CVE-2025-22228 inadvertently broke the timing attack mitigation implemented in DaoAuthenticationProvider. This can allow attackers to infer valid usernames or other authentication behavior via response-time differences under certain configurations...
CVE-2025-22234
The fix applied in CVE-2025-22228 inadvertently broke the timing attack mitigation implemented in DaoAuthenticationProvider. This can allow attackers to infer valid usernames or other authentication behavior via response-time differences under certain configurations...
CVE-2025-22234
CVE-2025-22234 is associated with Spring Security’s timing-attack mitigation in DaoAuthenticationProvider. The described issue states that the fix applied in CVE-2025-22228 accidentally broke the mitigation, enabling an attacker to infer usernames or authentication behavior via response-time diff...
EUVD-2026-3787
The fix applied in CVE-2025-22228 inadvertently broke the timing attack mitigation implemented in DaoAuthenticationProvider. This can allow attackers to infer valid usernames or other authentication behavior via response-time differences under certain configurations...
PT-2026-3934
Neo4j Enterprise edition versions prior to 2025.11.2 and 5.26.17 are vulnerable to a potential information disclosure by an attacker who has some legitimate access to the database. The vulnerability allows attacker without read access to a property to infer information about its value by trying t...
CVE-2026-23996
CVE-2026-23996 concerns the FastAPI Api Key library. Version 1.1.0 is reported to expose a timing side-channel in verify_key(), where a random delay is applied only on verification failures. This enables an attacker to statistically distinguish valid from invalid API keys by measuring response la...
LoRA As Oracle
Backdoored and privacy-leaking deep neural networks pose a serious threat to the deployment of machine learning systems in security-critical settings. Existing defenses for backdoor detection and membership inference typically require access to clean reference models, extensive retraining, or...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001603)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001603 advisory. System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004086)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004086 advisory. The flowdissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto...
acido (=0.15.0), adstoolbox (>=2025.12.2.2 <=2026.5.19) +207 more potentially affected by CVE-2026-21226 via azure-core (>=1.10.0 <=1.37.0)
azure-core PYPI version =1.10.0, =2025.12.2.2, =0.1.12, =0.1.31, =0.1.1, =0.0.2, =0.0.53, =0.1.0, =0.9.0, =0.2.100, =0.2.123, =1.0.0, =1.0.0, =0.1.0b1, =0.1.0b2 and more Source cves: CVE-2026-21226 Source advisory: OSV:GHSA-JM66-CG57-JJV5...
CVE-2021-33649
When performing the inference shape operation of the Transpose operator, if the value in the perm element is greater than or equal to the size of the inputshape, it will access data outside of bounds of inputshape which allocated from heap buffers...
CVE-2021-41216
TensorFlow is an open source platform for machine learning. In affected versions the shape inference function for Transpose is vulnerable to a heap buffer overflow. This occurs whenever perm contains negative elements. The shape inference function does not validate that the indices in perm are al...
CVE-2021-41218
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for AllToAll can be made to execute a division by 0. This occurs whenever the splitcount argument is 0. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on...
CVE-2021-41215
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for DeserializeSparse can trigger a null pointer dereference. This is because the shape inference function assumes that the serializesparse tensor is a tensor with positive rank and having 3 ...
CVE-2025-23335
NVIDIA Triton Inference Server for Windows and Linux and the Tensor RT backend contain a vulnerability where an attacker could cause an underflow by a specific model configuration and a specific input. A successful exploit of this vulnerability might lead to denial of service...
CVE-2022-23572
Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, TensorFlow can fail to specialize a type during shape inference. This case is covered by the DCHECK function however, DCHECK is a no-op in production builds and an assertion failure in debug builds. In the first cas...
CVE-2021-41214
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for tf.ragged.cross has an undefined behavior due to binding a reference to nullptr. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1,...