CodeGuard: a Generalized and Stealthy Backdoor Watermarking for Generative Code Models

Generative code models GCMs significantly enhance development efficiency through automated code generation and code summarization. However, building and training these models require computational resources and time, necessitating effective digital copyright protection to prevent unauthorized lea...

Diffusion-Based Task-Oriented Semantic Communications with Model Inversion Attack

Semantic communication has emerged as a promising neural network-based system design for 6G networks. Task-oriented semantic communication is a novel paradigm whose core goal is to efficiently complete specific tasks by transmitting semantic information, optimizing communication efficiency and ta...

PT-2025-26726

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 140 Firefox ESR versions prior to 128.12 Description: The issue arises from incorrect URL parsing when handling an embed tag, potentially rewriting the URL to a specific domain, such as youtube.com, and bypassing...

O2Former:Direction-Aware and Multi-Scale Query Enhancement for SAR Ship Instance Segmentation

Instance segmentation of ships in synthetic aperture radar SAR imagery is critical for applications such as maritime monitoring, environmental analysis, and national security. SAR ship images present challenges including scale variation, object density, and fuzzy target boundary, which are often...

HE-LRM: Encrypted Deep Learning Recommendation Models Using Fully Homomorphic Encryption

Fully Homomorphic Encryption FHE is an encryption scheme that not only encrypts data but also allows for computations to be applied directly on the encrypted data. While computationally expensive, FHE can enable privacy-preserving neural inference in the client-server setting: a client encrypts...

LLM Embedding-Based Attribution (LEA): Quantifying Source Contributions to Generative Model'S Response for Vulnerability Analysis

Security vulnerabilities are rapidly increasing in frequency and complexity, creating a shifting threat landscape that challenges cybersecurity defenses. Large Language Models LLMs have been widely adopted for cybersecurity threat analysis. When querying LLMs, dealing with new, unseen...

Private Training and Data Generation by Clustering Embeddings

Deep neural networks often use large, high-quality datasets to achieve high performance on many machine learning tasks. When training involves potentially sensitive data, this process can raise privacy concerns, as large models have been shown to unintentionally memorize and reveal sensitive...

KGMark: a Diffusion Watermark for Knowledge Graphs

Knowledge graphs KGs are ubiquitous in numerous real-world applications, and watermarking facilitates protecting intellectual property and preventing potential harm from AI-generated content. Existing watermarking methods mainly focus on static plain text or image data, while they can hardly be...

Improper Restriction Of Rendered UI Layers Or Frames

@haxtheweb/haxcms-nodejs is vulnerable to Improper Restriction of Rendered UI Layers or Frames. The vulnerability is due to lack of validation or sanitization of user-supplied URLs in iframe website blocks via malicious iframe embedding, allowing attackers to embed attacker-controlled sites and...

Learning Obfuscations of LLM Embedding Sequences: Stained Glass Transform

The high cost of ownership of AI compute infrastructure and challenges of robust serving of large language models LLMs has led to a surge in managed Model-as-a-service deployments. Even when enterprises choose on-premises deployments, the compute infrastructure is typically shared across many tea...

SecEmb: Sparsity-Aware Secure Federated Learning of On-Device Recommender System with Large Embedding

Federated recommender system FedRec has emerged as a solution to protect user data through collaborative training techniques. A typical FedRec involves transmitting the full model and entire weight updates between edge devices and the server, causing significant burdens to devices with limited...

When Better Features Mean Greater Risks: the Performance-Privacy Trade-Off in Contrastive Learning

With the rapid advancement of deep learning technology, pre-trained encoder models have demonstrated exceptional feature extraction capabilities, playing a pivotal role in the research and application of deep learning. However, their widespread use has raised significant concerns about the risk o...

CVE-2025-31136

FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, it's possible to run arbitrary JavaScript on the feeds page. This occurs by combining a cross-site scripting XSS issue that occurs in f.php when SVG favicons are downloaded from an attacker-controlled feed containing tags...

UBUNTU-CVE-2024-54028

An integer underflow vulnerability exists in the OLE Document DIFAT Parser functionality of catdoc 0.95. A specially crafted malformed file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability...

Catdoc 输入验证错误漏洞

Catdoc is a program that reads MS-Word files and prints them readably by an individual developer, Pete Warden in the United States. A security vulnerability exists in Catdoc version 0.95, which stems from an integer overflow in the OLE document file allocation table parser, which could lead to he...

SafeGenes: Evaluating the Adversarial Robustness of Genomic Foundation Models

Genomic Foundation Models GFMs, such as Evolutionary Scale Modeling ESM, have demonstrated significant success in variant effect prediction. However, their adversarial robustness remains largely unexplored. To address this gap, we propose SafeGenes: a framework for Secure analysis of genomic...

Synopsis: Secure and Private Trend Inference from Encrypted Semantic Embeddings

WhatsApp and many other commonly used communication platforms guarantee end-to-end encryption E2EE, which requires that service providers lack the cryptographic keys to read communications on their own platforms. WhatsApp's privacy-preserving design makes it difficult to study important phenomena...

M3S-UPD: Efficient Multi-Stage Self-Supervised Learning for Fine-Grained Encrypted Traffic Classification with Unknown Pattern Discovery

The growing complexity of encrypted network traffic presents dual challenges for modern network management: accurate multiclass classification of known applications and reliable detection of unknown traffic patterns. Although deep learning models show promise in controlled environments, their...

CVE-2024-45291

PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. It's possible for an attacker to construct an XLSX file that links images from arbitrary paths. When embedding images has been enabled in HTML writer with $writer-setEmbedImagestrue; those files will be included in th...

CVE-2024-6181

A vulnerability was found in LabVantage LIMS 2017. It has been declared as problematic. This vulnerability affects unknown code of the file /labvantage/rc?command=file=WEB-CORE/elements/files/filesembedded.jsp=32. The manipulation of the argument height/width leads to cross site scripting. The...