CVE-2025-6706 Running certain aggregation operations with the SBE engine may lead to unexpected behavior on MongoDB Server

An authenticated user may trigger a use after free that may result in MongoDB Server crash and other unexpected behavior, even if the user does not have authorization to shut down a server. The crash is triggered on affected versions by issuing an aggregation framework operation using a specific...

Running certain aggregation operations with the SBE engine may lead to unexpected behavior on MongoDB Server

An authenticated user may trigger a use after free that may result in MongoDB Server crash and other unexpected behavior, even if the user does not have authorization to shut down a server. The crash is triggered on affected versions by issuing an aggregation framework operation using a specific...

PT-2025-26971

Name of the Vulnerable Software and Affected Versions: MongoDB Server versions prior to 6.0.21 MongoDB Server versions prior to 7.0.17 MongoDB Server versions prior to 8.0.4 Description: An authenticated user may trigger a use after free, resulting in a MongoDB Server crash and other unexpected...

MongoDB -- Running certain aggregation operations with the SBE engine may lead to unexpected behavior

[email protected] reports: An authenticated user may trigger a use after free that may result in MongoDB Server crash and other unexpected behavior, even if the user does not have authorization to shut down a server. The crash is triggered on affected versions by issuing an aggregation framework...

FreeBSD : MongoDB -- Running certain aggregation operations with the SBE engine may lead to unexpected behavior (5e64770c-52aa-11f0-b522-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 5e64770c-52aa-11f0-b522-b42e991fc52e advisory. [email protected] reports: An authenticated user may trigger a use after free that may result in MongoDB...

RepuNet: a Reputation System for Mitigating Malicious Clients in DFL

Decentralized Federated Learning DFL enables nodes to collaboratively train models without a central server, introducing new vulnerabilities since each node independently selects peers for model aggregation. Malicious nodes may exploit this autonomy by sending corrupted models model poisoning,...

Privacy-Preserving Federated Learning against Malicious Clients Based on Verifiable Functional Encryption

Federated learning is a promising distributed learning paradigm that enables collaborative model training without exposing local client data, thereby protect data privacy. However, it also brings new threats and challenges. The advancement of model inversion attacks has rendered the plaintext...

EBS-CFL: Efficient and Byzantine-robust Secure Clustered Federated Learning

Despite federated learning FL's potential in collaborative learning, its performance has deteriorated due to the data heterogeneity of distributed users. Recently, clustered federated learning CFL has emerged to address this challenge by partitioning users into clusters according to their...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: bnxten: Fixed the receive ring space parameters when XDP is active. The MTU setting at the time a XDP multi-buffer is attached determines whether the aggregation ring will be used and the rxskbfunc handler. This is done in...

FicGCN: Unveiling the Homomorphic Encryption Efficiency from Irregular Graph Convolutional Networks

Graph Convolutional Neural Networks GCNs have gained widespread popularity in various fields like personal healthcare and financial systems, due to their remarkable performance. Despite the growing demand for cloud-based GCN services, privacy concerns over sensitive graph data remain significant...

Byzantine Outside, Curious Inside: Reconstructing Data through Malicious Updates

Federated learning FL enables decentralized machine learning without sharing raw data, allowing multiple clients to collaboratively learn a global model. However, studies reveal that privacy leakage is possible under commonly adopted FL protocols. In particular, a server with access to client...

cn.herodotus.engine:message-spring-boot-starter (>=2.7.3.4 <=3.0.0-M2), com.airbus-cyber-security.graylog:graylog-plugin-aggregation-count (>=4.0.0 <=4.1.1) +179 more potentially affected by CVE-2025-27819 via org.apache.kafka:kafka_2.13 (>=2.4.0 <=3.3.2)

org.apache.kafka:kafka2.13 MAVEN version =2.4.0, =2.7.3.4, =4.0.0, =4.0.0, =4.0.0, =4.0.1, =2.10.6.9, =2.10.6.9, =2.10.6.9, =2.10.6.9, =2.10.6.9, =2.10.6.9, =2.10.6.9, =2.10.6.9, =1.0.0, =1.2.0 - com.cerner.c...

SecEmb: Sparsity-Aware Secure Federated Learning of On-Device Recommender System with Large Embedding

Federated recommender system FedRec has emerged as a solution to protect user data through collaborative training techniques. A typical FedRec involves transmitting the full model and entire weight updates between edge devices and the server, causing significant burdens to devices with limited...

Network Hexagons under Attack: Secure Crowdsourcing of Geo-Referenced Data

A critical requirement for modern-day Intelligent Transportation Systems ITS is the ability to collect geo-referenced data from connected vehicles and mobile devices in a safe, secure and anonymous way. The Nexagon protocol, which builds on the IETF Locator/ID Separation Protocol LISP and the...

Client-Side Zero-Shot LLM Inference for Comprehensive In-Browser URL Analysis

Malicious websites and phishing URLs pose an ever-increasing cybersecurity risk, with phishing attacks growing by 40% in a single year. Traditional detection approaches rely on machine learning classifiers or rule-based scanners operating in the cloud, but these face significant challenges in...

Clustering and Median Aggregation Improve Differentially Private Inference

Differentially private DP language model inference is an approach for generating private synthetic text. A sensitive input example is used to prompt an off-the-shelf large language model LLM to produce a similar example. Multiple examples can be aggregated together to formally satisfy the DP...

Secure and Private Federated Learning: Achieving Adversarial Resilience through Robust Aggregation

Federated Learning FL enables collaborative machine learning across decentralized data sources without sharing raw data. It offers a promising approach to privacy-preserving AI. However, FL remains vulnerable to adversarial threats from malicious participants, referred to as Byzantine clients, wh...

SHE-LoRA: Selective Homomorphic Encryption for Federated Tuning with Heterogeneous LoRA

Federated fine-tuning of large language models LLMs is critical for improving their performance in handling domain-specific tasks. However, prior work has shown that clients' private data can actually be recovered via gradient inversion attacks. Existing privacy preservation techniques against su...

VideoMarkBench: Benchmarking Robustness of Video Watermarking

The rapid development of video generative models has led to a surge in highly realistic synthetic videos, raising ethical concerns related to disinformation and copyright infringement. Recently, video watermarking has been proposed as a mitigation strategy by embedding invisible marks into...

Zero-Trust Foundation Models: a New Paradigm for Secure and Collaborative Artificial Intelligence for Internet of Things

This paper focuses on Zero-Trust Foundation Models ZTFMs, a novel paradigm that embeds zero-trust security principles into the lifecycle of foundation models FMs for Internet of Things IoT systems. By integrating core tenets, such as continuous verification, least privilege access LPA, data...