71 matches found
PyTorch 安全漏洞
PyTorch is a Python package open-sourced by PyTorch. PyTorch suffers from a security vulnerability that stems from an inconsistency between the bernoullip decomposition function and the CPU implementation, no details of the vulnerability are provided at this time...
Linux Distros Unpatched Vulnerability : CVE-2020-27824
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in OpenJPEG's encoder in the opjdwtcalcexplicitstepsizes function. This flaw allows an attacker who can supply crafted input to decomposition...
Log2Sig: Frequency-Aware Insider Threat Detection Via Multivariate Behavioral Signal Decomposition
Insider threat detection presents a significant challenge due to the deceptive nature of malicious behaviors, which often resemble legitimate user operations. However, existing approaches typically model system logs as flat event sequences, thereby failing to capture the inherent frequency dynami...
Enhanced Deep Learning DeepFake Detection Integrating Handcrafted Features
The rapid advancement of deepfake and face swap technologies has raised significant concerns in digital security, particularly in identity verification and onboarding processes. Conventional detection methods often struggle to generalize against sophisticated facial manipulations. This study...
Joint Resource Optimization over Licensed and Unlicensed Spectrum in Spectrum Sharing UAV Networks against Jamming Attacks
Unmanned aerial vehicle UAV communication is of crucial importance in realizing heterogeneous practical wireless application scenarios. However, the densely populated users and diverse services with high data rate demands has triggered an increasing scarcity of UAV spectrum utilization. To tackle...
SVAgent: AI Agent for Hardware Security Verification Assertion
Verification using SystemVerilog assertions SVA is one of the most popular methods for detecting circuit design vulnerabilities. However, with the globalization of integrated circuit design and the continuous upgrading of security requirements, the SVA development model has exposed major...
HyDRA: a Hybrid Dual-Mode Network for Closed- and Open-Set RFFI with Optimized VMD
Device recognition is vital for security in wireless communication systems, particularly for applications like access control. Radio Frequency Fingerprint Identification RFFI offers a non-cryptographic solution by exploiting hardware-induced signal distortions. This paper proposes HyDRA, a Hybrid...
WaFusion: a Wavelet-Enhanced Diffusion Framework for Face Morph Generation
Biometric face morphing poses a critical challenge to identity verification systems, undermining their security and robustness. To address this issue, we propose WaFusion, a novel framework combining wavelet decomposition and diffusion models to generate high-quality, realistic morphed face image...
Differentially Private Federated Low Rank Adaptation beyond Fixed-Matrix
Large language models LLMs typically require fine-tuning for domain-specific tasks, and LoRA offers a computationally efficient approach by training low-rank adapters. LoRA is also communication-efficient for federated LLMs when multiple users collaboratively fine-tune a global LLM model without...
Privacy-Preserving LLM Interaction with Socratic Chain-Of-Thought Reasoning and Homomorphically Encrypted Vector Databases
Large language models LLMs are increasingly used as personal agents, accessing sensitive user data such as calendars, emails, and medical records. Users currently face a trade-off: They can send private records, many of which are stored in remote databases, to powerful but untrusted LLM providers...
COALESCE: Economic and Security Dynamics of Skill-Based Task Outsourcing among Team of Autonomous LLM Agents
The meteoric rise and proliferation of autonomous Large Language Model LLM agents promise significant capabilities across various domains. However, their deployment is increasingly constrained by substantial computational demands, specifically for Graphics Processing Unit GPU resources. This pape...
CVE-2023-44378
gnark is a zk-SNARK library that offers a high-level API to design circuits. Prior to version 0.9.0, for some in-circuit values, it is possible to construct two valid decomposition to bits. In addition to the canonical decomposition of a, for small values there exists a second decomposition for a...
CRAKEN: Cybersecurity LLM Agent with Knowledge-Based Execution
Large Language Model LLM agents can automate cybersecurity tasks and can adapt to the evolving cybersecurity landscape without re-engineering. While LLM agents have demonstrated cybersecurity capabilities on Capture-The-Flag CTF competitions, they have two key limitations: accessing latest...
Verifiably Forgotten? Gradient Differences Still Enable Data Reconstruction in Federated Unlearning
Federated Unlearning FU has emerged as a critical compliance mechanism for data privacy regulations, requiring unlearned clients to provide verifiable Proof of Federated Unlearning PoFU to auditors upon data removal requests. However, we uncover a significant privacy vulnerability: when gradient...
OpenVM allows the byte decomposition of pc in AUIPC chip to overflow
The fix to https://cantina.xyz/code/c486d600-bed0-4fc6-aed1-de759fd29fa2/findings/21 has a typo that still results in the highest limb of pc being range checked to 8-bits instead of 6-bits. In the AIR, we do...
CVE-2025-46723
OpenVM is a performant and modular zkVM framework built for customization and extensibility. In version 1.0.0, OpenVM is vulnerable to overflow through byte decomposition of pc in AUIPC chip. A typo results in the highest limb of pc being range checked to 8-bits instead of 6-bits. This results in...
CVE-2025-46723
OpenVM is a performant and modular zkVM framework built for customization and extensibility. In version 1.0.0, OpenVM is vulnerable to overflow through byte decomposition of pc in AUIPC chip. A typo results in the highest limb of pc being range checked to 8-bits instead of 6-bits. This results in...
CVE-2025-46723 OpenVM byte decomposition of pc in AUIPC chip can overflow
OpenVM is a performant and modular zkVM framework built for customization and extensibility. In version 1.0.0, OpenVM is vulnerable to overflow through byte decomposition of pc in AUIPC chip. A typo results in the highest limb of pc being range checked to 8-bits instead of 6-bits. This results in...
CVE-2025-46723 OpenVM byte decomposition of pc in AUIPC chip can overflow
OpenVM is a performant and modular zkVM framework built for customization and extensibility. In version 1.0.0, OpenVM is vulnerable to overflow through byte decomposition of pc in AUIPC chip. A typo results in the highest limb of pc being range checked to 8-bits instead of 6-bits. This results in...
CVE-2025-46723
OpenVM (version 1.0.0) contains a vulnerability in the AUIPC chip path where pc limb decomposition overflows due to a off-by-one typo in the 8-bit vs 6-bit check. The root cause is a mis-specified enumeration in the pc_limbs loop, causing pc_limbs[3] to be checked with 8-bit bounds instead of 6-b...