Lucene search
K

686 matches found

Packet Storm News
Packet Storm News
added 2025/08/06 12:0 a.m.3 views

Per-Element Secure Aggregation against Data Reconstruction Attacks in Federated Learning

Federated learning FL enables collaborative model training without sharing raw data, but individual model updates may still leak sensitive information. Secure aggregation SecAgg mitigates this risk by allowing the server to access only the sum of client updates, thereby concealing individual...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/06 12:0 a.m.2 views

From Split to Share: Private Inference with Distributed Feature Sharing

Cloud-based Machine Learning as a Service MLaaS raises serious privacy concerns when handling sensitive client data. Existing Private Inference PI methods face a fundamental trade-off between privacy and efficiency: cryptographic approaches offer strong protection but incur high computational...

6.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/08/06 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2023-52611

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: sdio: Honor the host maxreqsize in the RX path Lukas reports skboverpanic error...

5.5CVSS5.9AI score0.00224EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2025/08/04 12:0 a.m.3 views

Experimental Evaluation of Post-Quantum Homomorphic Encryption for Privacy-Preserving V2X Communication

Intelligent Transportation Systems ITS fundamentally rely on vehicle-generated data for applications such as congestion monitoring and route optimization, making the preservation of user privacy a critical challenge. Homomorphic Encryption HE offers a promising solution by enabling computation on...

6.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/07/30 12:0 a.m.6 views

MongoDB 6.0.x < 6.0.21 / 7.0.x < 7.0.17 / 8.0.x < 8.0.4 Unexpected Behavior (SERVER-106746)

The version of MongoDB installed on the remote host is 6.0 prior to 6.0.21, 7.0 prior to 7.0.17 and 8.0 prior to 8.0.4. It is, therefore, affected by a vulnerability as referenced in the SERVER-106746 advisory. - An authenticated user may trigger a use after free that may result in MongoDB Server...

8.8CVSS5.9AI score0.00214EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/07/29 12:0 a.m.13 views

MongoDB 6.0.x < 6.0.22 / 7.0.x < 7.0.20 / 8.0.x < 8.0.7 Privilege Escalation (SERVER-106752)

The version of MongoDB installed on the remote host is 6.0 prior to 6.0.22, 7.0 prior to 7.0.20 and 8.0 prior to 8.0.7. It is, therefore, affected by a vulnerability as referenced in the SERVER-106752 advisory. - An unauthorized user may leverage a specially crafted aggregation pipeline to access...

7.7CVSS5.9AI score0.00336EPSS
Exploits0References2
OSV
OSV
added 2025/07/28 11:21 a.m.3 views

CVE-2025-38477 net/sched: sch_qfq: Fix race condition on qfq_aggregate

In the Linux kernel, the following vulnerability has been resolved: net/sched: schqfq: Fix race condition on qfqaggregate A race condition can occur when 'agg' is modified in qfqchangeagg called during qfqenqueue while other threads access it concurrently. For example, qfqdumpclass may trigger a...

4.7CVSS6AI score0.00115EPSS
Exploits0References13
Packet Storm News
Packet Storm News
added 2025/07/21 12:0 a.m.3 views

DP2Guard: a Lightweight and Byzantine-Robust Privacy-Preserving Federated Learning Scheme for Industrial IoT

Privacy-Preserving Federated Learning PPFL has emerged as a secure distributed Machine Learning ML paradigm that aggregates locally trained gradients without exposing raw data. To defend against model poisoning threats, several robustness-enhanced PPFL schemes have been proposed by integrating...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/07/20 12:0 a.m.22 views

Adaptive Network Security Policies Via Belief Aggregation and Rollout

Evolving security vulnerabilities and shifting operational conditions require frequent updates to network security policies. These updates include adjustments to incident response procedures and modifications to access controls, among others. Reinforcement learning methods have been proposed for...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/07/17 12:0 a.m.3 views

A Privacy-Preserving Framework for Advertising Personalization Incorporating Federated Learning and Differential Privacy

To mitigate privacy leakage and performance issues in personalized advertising, this paper proposes a framework that integrates federated learning and differential privacy. The system combines distributed feature extraction, dynamic privacy budget allocation, and robust model aggregation to balan...

7AI score
Exploits0
Snyk
Snyk
added 2025/07/15 1:44 p.m.3 views

Numeric Truncation Error

Overview Affected versions of this package are vulnerable to Numeric Truncation Error in the aggregation process. An attacker can cause data corruption, unauthorized data modification, or application crashes by submitting specially crafted input that leads to the number of aggregate terms exceedi...

9.8CVSS6.7AI score0.73495EPSS
Exploits3References2
Packet Storm News
Packet Storm News
added 2025/07/14 12:0 a.m.4 views

Differentially Private Federated Low Rank Adaptation beyond Fixed-Matrix

Large language models LLMs typically require fine-tuning for domain-specific tasks, and LoRA offers a computationally efficient approach by training low-rank adapters. LoRA is also communication-efficient for federated LLMs when multiple users collaboratively fine-tune a global LLM model without...

6.7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/07/10 12:0 a.m.10 views

PT-2025-31074

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition can occur when agg is modified while other threads access it concurrently, potentially leading to a NULL dereference or a use-after-free. The issue arises from concurren...

6CVSS6.6AI score0.00115EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2025/07/09 12:0 a.m.7 views

AdeptHEQ-FL: Adaptive Homomorphic Encryption for Federated Learning of Hybrid Classical-Quantum Models with Dynamic Layer Sparing

Federated Learning FL faces inherent challenges in balancing model performance, privacy preservation, and communication efficiency, especially in non-IID decentralized environments. Recent approaches either sacrifice formal privacy guarantees, incur high overheads, or overlook quantum-enhanced...

6.8AI score
Exploits0
CNVD
CNVD
added 2025/07/08 12:0 a.m.6 views

MongoDB Server Authorization Issues Vulnerability (CNVD-2025-15515)

MongoDB Server is the United States MongoDB company's set of open source NoSQL database . The database provides collection-oriented storage , dynamic query , data replication and automatic failover and other functions . A security vulnerability exists in MongoDB Server versions prior to 8.0.7,...

7.7CVSS7AI score0.00336EPSS
Exploits0References1
OSV
OSV
added 2025/07/07 3:15 p.m.2 views

CVE-2025-6713

An unauthorized user may leverage a specially crafted aggregation pipeline to access data without proper authorization due to improper handling of the $mergeCursors stage in MongoDB Server. This may lead to access to data without further authorisation. This issue affects MongoDB Server MongoDB...

6.5CVSS6.8AI score
Exploits0References1
OSV
OSV
added 2025/07/07 3:15 p.m.4 views

UBUNTU-CVE-2025-6713

An unauthorized user may leverage a specially crafted aggregation pipeline to access data without proper authorization due to improper handling of the $mergeCursors stage in MongoDB Server. This may lead to access to data without further authorisation. This issue affects MongoDB Server MongoDB...

7.7CVSS5.8AI score0.00336EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/07/07 2:46 p.m.8 views

CVE-2025-6713 MongoDB Server may be susceptible to privilege escalation due to $mergeCursors stage

An unauthorized user may leverage a specially crafted aggregation pipeline to access data without proper authorization due to improper handling of the $mergeCursors stage in MongoDB Server. This may lead to access to data without further authorisation. This issue affects MongoDB Server MongoDB...

7.7CVSS0.00336EPSS
Exploits0References1
CVE
CVE
added 2025/07/07 2:46 p.m.83 views

CVE-2025-6713

CVE-2025-6713 affects MongoDB Server: versions before 8.0.7 (8.0.x), 7.0 before 7.0.19, and 6.0 before 6.0.22 are vulnerable due to improper handling of the $mergeCursors stage in aggregation pipelines. An unauthorized user can potentially access data without proper authorization through crafted ...

7.7CVSS6.1AI score0.00336EPSS
Exploits0References1Affected Software1
FreeBSD
FreeBSD
added 2025/07/07 12:0 a.m.6 views

MongoDB -- may be susceptible to privilege escalation due to $mergeCursors stage

[email protected] reports: An unauthorized user may leverage a specially crafted aggregation pipeline to access data without proper authorization due to improper handling of the $mergeCursors stage in MongoDB Server. This may lead to access to data without further authorisation...

7.7CVSS6.4AI score0.00336EPSS
Exploits0References1
Rows per page
Query Builder