CVE-2026-53675

BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the friends REST API that allows any authenticated attacker to enumerate another user's complete friend list. Attackers can query the friends endpoint with an arbitrary userid because the getitemspermissionscheck meth...

EUVD-2020-31249

HelloTalk through 3.4.1 stores full-precision GPS coordinates even when the user had intended to share only a country or city. Furthermore, these coordinates are placed into a database on the client of other users. The client side was changed in 2019 to encrypt that database...

Noisy Networks, Nosy Neighbors: Simple Privacy Attacks against Residential Wireless Traffic

Smart devices, such as light bulbs, TVs, fridges, etc., equipped with computing capabilities and wireless communication, are part of everyday life in many households. Previous work has already shown that a passive eavesdropper can derive private information, household routines, etc., from the...

HAPI FHIR HTTP authentication leak in redirects

When setting headers in HTTP requests, the internal HTTP client sends headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the Location: response header value. Sending the same set of headers ...

Aegis: Towards Governance, Integrity, and Security of AI Voice Agents

With the rapid advancement and adoption of Audio Large Language Models ALLMs, voice agents are now being deployed in high-stakes domains such as banking, customer service, and IT support. However, their vulnerabilities to adversarial misuse still remain unexplored. While prior work has examined...

CVE-2026-22246

Mastodon is a free, open-source social network server based on ActivityPub. Mastodon 4.3 added notifications of severed relationships, allowing end-users to inspect the relationships they lost as the result of a moderation action. The code allowing users to download lists of severed relationships...

A Practical Framework for Evaluating Medical AI Security: Reproducible Assessment of Jailbreaking and Privacy Vulnerabilities across Clinical Specialties

Medical Large Language Models LLMs are increasingly deployed for clinical decision support across diverse specialties, yet systematic evaluation of their robustness to adversarial misuse and privacy leakage remains inaccessible to most researchers. Existing security benchmarks require GPU cluster...

DualTAP: A Dual-Task Adversarial Protector for Mobile MLLM Agents

The reliance of mobile GUI agents on Multimodal Large Language Models MLLMs introduces a severe privacy vulnerability: screenshots containing Personally Identifiable Information PII are often sent to untrusted, third-party routers. These routers can exploit their own MLLMs to mine this data,...

LoRA-Leak: Membership Inference Attacks against LoRA Fine-Tuned Language Models

Language Models LMs typically adhere to a "pre-training and fine-tuning" paradigm, where a universal pre-trained model can be fine-tuned to cater to various specialized domains. Low-Rank Adaptation LoRA has gained the most widespread use in LM fine-tuning due to its lightweight computational cost...

Balancing Privacy and Utility in Correlated Data: a Study of Bayesian Differential Privacy

Privacy risks in differentially private DP systems increase significantly when data is correlated, as standard DP metrics often underestimate the resulting privacy leakage, leaving sensitive information vulnerable. Given the ubiquity of dependencies in real-world databases, this oversight poses a...

Recalling the Forgotten Class Memberships: Unlearned Models Can Be Noisy Labelers to Leak Privacy

Machine Unlearning MU technology facilitates the removal of the influence of specific data instances from trained models on request. Despite rapid advancements in MU technology, its vulnerabilities are still under explored, posing potential risks of privacy breaches through leaks of ostensibly...

Network Structures As an Attack Surface: Topology-Based Privacy Leakage in Federated Learning

Federated learning systems increasingly rely on diverse network topologies to address scalability and organizational constraints. While existing privacy research focuses on gradient-based attacks, the privacy implications of network topology knowledge remain critically understudied. We conduct th...

Leaky Thoughts: Large Reasoning Models Are Not Private Thinkers

We study privacy leakage in the reasoning traces of large reasoning models used as personal agents. Unlike final outputs, reasoning traces are often assumed to be internal and safe. We challenge this assumption by showing that reasoning traces frequently contain sensitive user data, which can be...

Black-Box Privacy Attacks on Shared Representations in Multitask Learning

Multitask learning MTL has emerged as a powerful paradigm that leverages similarities among multiple learning tasks, each with insufficient samples to train a standalone model, to solve them simultaneously while minimizing data sharing across users and organizations. MTL typically accomplishes th...

TimberStrike: Dataset Reconstruction Attack Revealing Privacy Leakage in Federated Tree-Based Systems

Federated Learning has emerged as a privacy-oriented alternative to centralized Machine Learning, enabling collaborative model training without direct data sharing. While extensively studied for neural networks, the security and privacy implications of tree-based models remain underexplored. This...

Doxing Via the Lens: Revealing Location-Related Privacy Leakage on Multi-Modal Large Reasoning Models

Recent advances in multi-modal large reasoning models MLRMs have shown significant ability to interpret complex visual content. While these models enable impressive reasoning capabilities, they also introduce novel and underexplored privacy risks. In this paper, we identify a novel category of...

When Better Features Mean Greater Risks: the Performance-Privacy Trade-Off in Contrastive Learning

With the rapid advancement of deep learning technology, pre-trained encoder models have demonstrated exceptional feature extraction capabilities, playing a pivotal role in the research and application of deep learning. However, their widespread use has raised significant concerns about the risk o...

Privacy Leaks by Adversaries: Adversarial Iterations for Membership Inference Attack

Membership inference attack MIA has become one of the most widely used and effective methods for evaluating the privacy risks of machine learning models. These attacks aim to determine whether a specific sample is part of the model's training set by analyzing the model's output. While traditional...

TrojanStego: Your Language Model Can Secretly Be a Steganographic Privacy Leaking Agent

As large language models LLMs become integrated into sensitive workflows, concerns grow over their potential to leak confidential information. We propose TrojanStego, a novel threat model in which an adversary fine-tunes an LLM to embed sensitive context information into natural-looking outputs v...

CVE-2021-22308

There is a Business Logic Errors vulnerability in Huawei Smartphone. The malicious apps installed on the device can keep taking screenshots in the background. This issue does not cause system errors, but may cause personal information leakage...