686 matches found
Per-Element Secure Aggregation against Data Reconstruction Attacks in Federated Learning
Federated learning FL enables collaborative model training without sharing raw data, but individual model updates may still leak sensitive information. Secure aggregation SecAgg mitigates this risk by allowing the server to access only the sum of client updates, thereby concealing individual...
From Split to Share: Private Inference with Distributed Feature Sharing
Cloud-based Machine Learning as a Service MLaaS raises serious privacy concerns when handling sensitive client data. Existing Private Inference PI methods face a fundamental trade-off between privacy and efficiency: cryptographic approaches offer strong protection but incur high computational...
Linux Distros Unpatched Vulnerability : CVE-2023-52611
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: sdio: Honor the host maxreqsize in the RX path Lukas reports skboverpanic error...
Experimental Evaluation of Post-Quantum Homomorphic Encryption for Privacy-Preserving V2X Communication
Intelligent Transportation Systems ITS fundamentally rely on vehicle-generated data for applications such as congestion monitoring and route optimization, making the preservation of user privacy a critical challenge. Homomorphic Encryption HE offers a promising solution by enabling computation on...
MongoDB 6.0.x < 6.0.21 / 7.0.x < 7.0.17 / 8.0.x < 8.0.4 Unexpected Behavior (SERVER-106746)
The version of MongoDB installed on the remote host is 6.0 prior to 6.0.21, 7.0 prior to 7.0.17 and 8.0 prior to 8.0.4. It is, therefore, affected by a vulnerability as referenced in the SERVER-106746 advisory. - An authenticated user may trigger a use after free that may result in MongoDB Server...
MongoDB 6.0.x < 6.0.22 / 7.0.x < 7.0.20 / 8.0.x < 8.0.7 Privilege Escalation (SERVER-106752)
The version of MongoDB installed on the remote host is 6.0 prior to 6.0.22, 7.0 prior to 7.0.20 and 8.0 prior to 8.0.7. It is, therefore, affected by a vulnerability as referenced in the SERVER-106752 advisory. - An unauthorized user may leverage a specially crafted aggregation pipeline to access...
CVE-2025-38477 net/sched: sch_qfq: Fix race condition on qfq_aggregate
In the Linux kernel, the following vulnerability has been resolved: net/sched: schqfq: Fix race condition on qfqaggregate A race condition can occur when 'agg' is modified in qfqchangeagg called during qfqenqueue while other threads access it concurrently. For example, qfqdumpclass may trigger a...
DP2Guard: a Lightweight and Byzantine-Robust Privacy-Preserving Federated Learning Scheme for Industrial IoT
Privacy-Preserving Federated Learning PPFL has emerged as a secure distributed Machine Learning ML paradigm that aggregates locally trained gradients without exposing raw data. To defend against model poisoning threats, several robustness-enhanced PPFL schemes have been proposed by integrating...
Adaptive Network Security Policies Via Belief Aggregation and Rollout
Evolving security vulnerabilities and shifting operational conditions require frequent updates to network security policies. These updates include adjustments to incident response procedures and modifications to access controls, among others. Reinforcement learning methods have been proposed for...
A Privacy-Preserving Framework for Advertising Personalization Incorporating Federated Learning and Differential Privacy
To mitigate privacy leakage and performance issues in personalized advertising, this paper proposes a framework that integrates federated learning and differential privacy. The system combines distributed feature extraction, dynamic privacy budget allocation, and robust model aggregation to balan...
Numeric Truncation Error
Overview Affected versions of this package are vulnerable to Numeric Truncation Error in the aggregation process. An attacker can cause data corruption, unauthorized data modification, or application crashes by submitting specially crafted input that leads to the number of aggregate terms exceedi...
Differentially Private Federated Low Rank Adaptation beyond Fixed-Matrix
Large language models LLMs typically require fine-tuning for domain-specific tasks, and LoRA offers a computationally efficient approach by training low-rank adapters. LoRA is also communication-efficient for federated LLMs when multiple users collaboratively fine-tune a global LLM model without...
PT-2025-31074
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition can occur when agg is modified while other threads access it concurrently, potentially leading to a NULL dereference or a use-after-free. The issue arises from concurren...
AdeptHEQ-FL: Adaptive Homomorphic Encryption for Federated Learning of Hybrid Classical-Quantum Models with Dynamic Layer Sparing
Federated Learning FL faces inherent challenges in balancing model performance, privacy preservation, and communication efficiency, especially in non-IID decentralized environments. Recent approaches either sacrifice formal privacy guarantees, incur high overheads, or overlook quantum-enhanced...
MongoDB Server Authorization Issues Vulnerability (CNVD-2025-15515)
MongoDB Server is the United States MongoDB company's set of open source NoSQL database . The database provides collection-oriented storage , dynamic query , data replication and automatic failover and other functions . A security vulnerability exists in MongoDB Server versions prior to 8.0.7,...
CVE-2025-6713
An unauthorized user may leverage a specially crafted aggregation pipeline to access data without proper authorization due to improper handling of the $mergeCursors stage in MongoDB Server. This may lead to access to data without further authorisation. This issue affects MongoDB Server MongoDB...
UBUNTU-CVE-2025-6713
An unauthorized user may leverage a specially crafted aggregation pipeline to access data without proper authorization due to improper handling of the $mergeCursors stage in MongoDB Server. This may lead to access to data without further authorisation. This issue affects MongoDB Server MongoDB...
CVE-2025-6713 MongoDB Server may be susceptible to privilege escalation due to $mergeCursors stage
An unauthorized user may leverage a specially crafted aggregation pipeline to access data without proper authorization due to improper handling of the $mergeCursors stage in MongoDB Server. This may lead to access to data without further authorisation. This issue affects MongoDB Server MongoDB...
CVE-2025-6713
CVE-2025-6713 affects MongoDB Server: versions before 8.0.7 (8.0.x), 7.0 before 7.0.19, and 6.0 before 6.0.22 are vulnerable due to improper handling of the $mergeCursors stage in aggregation pipelines. An unauthorized user can potentially access data without proper authorization through crafted ...
MongoDB -- may be susceptible to privilege escalation due to $mergeCursors stage
[email protected] reports: An unauthorized user may leverage a specially crafted aggregation pipeline to access data without proper authorization due to improper handling of the $mergeCursors stage in MongoDB Server. This may lead to access to data without further authorisation...