CVE-2025-14972

Countermeasures for DPA within SYMCRYPTO engine on SixG301xxx devices are not sufficiently random and will eventually repeat. KSU keys using SYMCRYPTO will be impacted by this vulnerability...

libsndfile: integer overflow in ima_reader_init()

A flaw was found in the libsndfile library. An integer overflow in the IMA ADPCM codec can occur when a specially crafted WAV audio file is processed, specifically with malicious samplesperblock and blocks values. This can lead to a heap-based buffer overflow, causing a crash to the application...

ParamStriker

ParamStriker Offline JSON & Query Parameter Exploit Frame...

CVE-2026-44546 Header injection via WebSocket upgrade parser differential allows ASGI scope header spoofing

daphne before 4.2.2 reconstructs a raw HTTP request from Twisted's parsed headers and feeds it to autobahn for WebSocket handshake processing. Twisted does not treat \x0b, \x0c, \x1c, \x1d, \x1e, or \x85 as header line separators, but autobahn decodes header values to str and calls splitlines. An...

Protecting On-Device AI Inference: A Systematic Review of Attacks and Defence Mechanisms

The need for secure and private Artificial Intelligence AI and Machine Learning ML on edge and mobile devices has increased the necessity of protecting the architecture of these systems from threats to both security and privacy. With an ever-increasing number of pre-trained AI models being used o...

freerdp: FreeRDP has an out-of-bounds read in ADPCM decoders due to missing predictor/step_index bounds checks

An out of bounds read flaw has been discovered in FreeRDP. This out-of-bounds read exists in the MS-ADPCM and IMA-ADPCM decoders due to unchecked predictor and stepindex values from input data. An attacker may be able to leverage this weakness to leak global data...

On Reliability of Efficient Membership Inference Vulnerability Evaluation

Membership inference attacks MIAs are popular methods for empirically assessing the leakage of sensitive information in the training data through models or statistics learned from the data. The MIA vulnerability is often evaluated through false positive rate FPR and true positive rate TPR of a...

freerdp: FreeRDP has a division-by-zero in ADPCM decoders when `nBlockAlign` is 0

A division by zero flaw has been discovered in FreeRDP. This division by zero exists in the MS-ADPCM and IMA-ADPCM decoders when nBlockAlign is 0, leading to a crash. In libfreerdp/codec/dsp.c, both ADPCM decoders use size % blocksize where blocksize = context-common.format.nBlockAlign. The...

Auditing Apple'S DifferentialPrivacy.Framework: Implementation Bugs, Misconfigurations, and Practical Risks

Since 2016, Apple has claimed that device analytics collected to improve user experience are protected by differential privacy DP. Apple's DifferentialPrivacy.framework is deployed across its operating systems and handles sensitive signals such as Safari domains, keyboard events, photo attributes...

ContraFix: Agentic Vulnerability Repair Via Differential Runtime Evidence and Skill Reuse

Large language model LLM agents are increasingly used for automated vulnerability repair AVR, where repository-level reasoning enables them to inspect context and produce source-code patches. However, recent empirical results show that these agents still struggle with real-world vulnerabilities...

CVE-2025-14972 Insufficient DPA countermeasure reseeding

Countermeasures for DPA within SYMCRYPTO engine on SixG301xxx devices are not sufficiently random and will eventually repeat. KSU keys using SYMCRYPTO will be impacted by this vulnerability...

EUVD-2025-209883

Countermeasures for DPA within SYMCRYPTO engine on SixG301xxx devices are not sufficiently random and will eventually repeat. KSU keys using SYMCRYPTO will be impacted by this vulnerability...

CVE-2025-14972

CVE-2025-14972 affects the SYMCRYPTO engine on SixG301xxx devices, where DPA countermeasures are not sufficiently random, leading to eventual repetition. The vulnerability could impact KSU keys using SYMCRYPTO. The CVSS in the provided data indicates physical attack vector with high complexity an...

CVE-2025-14972

Countermeasures for DPA within SYMCRYPTO engine on SixG301xxx devices are not sufficiently random and will eventually repeat. KSU keys using SYMCRYPTO will be impacted by this vulnerability...

Silicon Simplicity SDK 安全特征问题漏洞

The Silicon Simplicity SDK is an embedded software development platform provided by Silicon Corporation in the United States. It is used to build IoT products based on our 2-series and upcoming 3-series wireless and MCU devices. The Silicon Simplicity SDK has a security feature vulnerability, whi...

PT-2026-41300

Countermeasures for DPA within SYMCRYPTO engine on SixG301xxx devices are not sufficiently random and will eventually repeat. KSU keys using SYMCRYPTO will be impacted by this vulnerability...

PickleFuzzer: A Case Study in Fuzzing for Discrepancies between Python Pickle Implementations

Python's native serialization protocol, pickle, is a powerful but insecure format for transferring untrusted data. It is frequently used, especially for saving machine learning models, despite known security challenges. While developers sometimes mitigate this risk by restricting imports during...

freerdp: FreeRDP has an out-of-bounds read in ADPCM decoders due to missing predictor/step_index bounds checks

An out of bounds read flaw has been discovered in FreeRDP. This out-of-bounds read exists in the MS-ADPCM and IMA-ADPCM decoders due to unchecked predictor and stepindex values from input data. An attacker may be able to leverage this weakness to leak global data...

freerdp: FreeRDP: Denial of Service via crafted audio data in RDP

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A remote attacker can exploit a sizet underflow vulnerability in the IMA-ADPCM and MS-ADPCM audio decoders by sending specially crafted audio data over the RDPSND audio channel. This underflow leads to a...

Strategic Commitments Shape Collective Cybersecurity under AI Inequality

The growing integration of AI into cybersecurity is reshaping the balance between attackers and defenders. When access to advanced AI-enabled defence tools is uneven, resource-limited defenders may be unable to adopt effective protection, creating persistent system vulnerabilities. We study the...