CVE-2025-25014

A Prototype pollution vulnerability in Kibana leads to arbitrary code execution via crafted HTTP requests to machine learning and reporting endpoints...

BIT-KIBANA-2025-25014 Kibana arbitrary code execution via prototype pollution

A Prototype pollution vulnerability in Kibana leads to arbitrary code execution via crafted HTTP requests to machine learning and reporting endpoints...

BIT-ELK-2025-25014 Kibana arbitrary code execution via prototype pollution

A Prototype pollution vulnerability in Kibana leads to arbitrary code execution via crafted HTTP requests to machine learning and reporting endpoints...

Optimal Regret of Bernoulli Bandits under Global Differential Privacy

As sequential learning algorithms are increasingly applied to real life, ensuring data privacy while maintaining their utilities emerges as a timely question. In this context, regret minimisation in stochastic bandits under $ε$-global Differential Privacy DP has been widely studied. Unlike bandit...

Efficient Full-Stack Private Federated Deep Learning with Post-Quantum Security

Federated learning FL enables collaborative model training while preserving user data privacy by keeping data local. Despite these advantages, FL remains vulnerable to privacy attacks on user updates and model parameters during training and deployment. Secure aggregation protocols have been...

FedTDP: a Privacy-Preserving and Unified Framework for Trajectory Data Preparation Via Federated Learning

Trajectory data, which capture the movement patterns of people and vehicles over time and space, are crucial for applications like traffic optimization and urban planning. However, issues such as noise and incompleteness often compromise data quality, leading to inaccurate trajectory analyses and...

User Behavior Analysis in Privacy Protection with Large Language Models: a Study on Privacy Preferences with Limited Data

With the widespread application of large language models LLMs, user privacy protection has become a significant research topic. Existing privacy preference modeling methods often rely on large-scale user data, making effective privacy preference analysis challenging in data-limited environments...

Moodle Authorization Issues Vulnerability

Moodle is Moodle open source set of free e-learning software platform, also known as course management system, learning management system or virtual learning environment. Moodle suffers from an authorization issue vulnerability that stems from an insufficient capability check, which can be...

Moodle Information Disclosure Vulnerability (CNVD-2025-10585)

Moodle is Moodle open source set of free e-learning software platform, also known as course management system, learning management system or virtual learning environment. Moodle suffers from an information disclosure vulnerability that can be exploited by an attacker to obtain sensitive student...

Moodle Information Disclosure Vulnerability (CNVD-2025-10584)

Moodle is Moodle open source set of free e-learning software platform, also known as course management system, learning management system or virtual learning environment. Moodle suffers from an information disclosure vulnerability that stems from a security issue that can be exploited by an...

Moodle Code Injection Vulnerability (CNVD-2025-10583)

Moodle is Moodle open source set of free e-learning software platform, also known as course management system, learning management system or virtual learning environment. Moodle suffers from a code injection vulnerability that stems from a security issue in the Moodle LMS Dropbox repository that...

Moodle Information Disclosure Vulnerability

Moodle is Moodle open source set of free e-learning software platform, also known as course management system, learning management system or virtual learning environment. Moodle suffers from an information disclosure vulnerability that stems from the fact that anonymous assignment submissions can...

SAP Learning Solution Cross-Site Request Forgery Vulnerability

SAP Learning Solution is an enterprise-wide learning management system from SAP. SAP Learning Solution suffers from a cross-site request forgery vulnerability that arises from a web application that does not adequately validate that a request is coming from a trusted user. An attacker could explo...

Unspecified Vulnerability in Moodle

Moodle is a free e-learning software platform, also known as a course management system, learning management system or virtual learning environment. Moodle suffers from a security vulnerability that stems from the need for additional checks to ensure that users only have access to authorized grou...

Unspecified Vulnerability in Moodle

Moodle is a free e-learning software platform, also known as a course management system, learning management system or virtual learning environment. A security vulnerability exists in Moodle, which stems from a lack of a checking mechanism that can be exploited by an attacker to delete sections o...

Federated Learning for Cyber Physical Systems: a Comprehensive Survey

The integration of machine learning ML in cyber physical systems CPS is a complex task due to the challenges that arise in terms of real-time decision making, safety, reliability, device heterogeneity, and data privacy. There are also open research questions that must be addressed in order to ful...

Privacy Challenges in Image Processing Applications

As image processing systems proliferate, privacy concerns intensify given the sensitive personal information contained in images. This paper examines privacy challenges in image processing and surveys emerging privacy-preserving techniques including differential privacy, secure multiparty...

Large Language Models Are Autonomous Cyber Defenders

Fast and effective incident response is essential to prevent adversarial cyberattacks. Autonomous Cyber Defense ACD aims to automate incident response through Artificial Intelligence AI agents that plan and execute actions. Most ACD approaches focus on single-agent scenarios and leverage...

DMRL: Data- and Model-Aware Reward Learning for Data Extraction

Large language models LLMs are inherently vulnerable to unintended privacy breaches. Consequently, systematic red-teaming research is essential for developing robust defense mechanisms. However, current data extraction methods suffer from several limitations: 1 rely on dataset duplicates...

FedRE: Robust and Effective Federated Learning with Privacy Preference

Despite Federated Learning FL employing gradient aggregation at the server for distributed training to prevent the privacy leakage of raw data, private information can still be divulged through the analysis of uploaded gradients from clients. Substantial efforts have been made to integrate local...