5468 matches found
CVE-2010-4764
Open Ticket Request System OTRS before 2.4.10, and 3.x before 3.0.3, does not present warnings about incoming encrypted e-mail messages that were based on revoked PGP or GPG keys, which makes it easier for remote attackers to spoof e-mail communication by leveraging a key that has a revocation...
When Safety Detectors Aren'T Enough: a Stealthy and Effective Jailbreak Attack on LLMs Via Steganographic Techniques
Jailbreak attacks pose a serious threat to large language models LLMs by bypassing built-in safety mechanisms and leading to harmful outputs. Studying these attacks is crucial for identifying vulnerabilities and improving model security. This paper presents a systematic survey of jailbreak method...
Interpretable Anomaly Detection in Encrypted Traffic Using SHAP with Machine Learning Models
The widespread adoption of encrypted communication protocols such as HTTPS and TLS has enhanced data privacy but also rendered traditional anomaly detection techniques less effective, as they often rely on inspecting unencrypted payloads. This study aims to develop an interpretable machine...
CVE-2006-5912
Unspecified vulnerability in Campware Campsite before 2.6.2 has unknown impact and attack vectors, related to a "Security fix for you-know-what," possibly related to encrypted passwords...
CVE-1999-0429
The Lotus Notes 4.5 client may send a copy of encrypted mail in the clear across the network if the user does not set the "Encrypt Saved Mail" preference...
ibm-semeru: IBM Semeru Runtime denial of service
A flaw was found in IBM Semeru Runtime. This vulnerability allows a denial of service via a crafted AES/CBC encrypted input...
Pura: an Efficient Privacy-Preserving Solution for Face Recognition
Face recognition is an effective technology for identifying a target person by facial images. However, sensitive facial images raises privacy concerns. Although privacy-preserving face recognition is one of potential solutions, this solution neither fully addresses the privacy concerns nor is...
Fedora 41 : perl-Mojolicious (2025-c38fd06bec)
The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-c38fd06bec advisory. Mojolicious versions from 0.999922 through 9.39 for Perl uses a hard coded string, or the application's class name, as a HMAC session secret by...
SUSE CVE-2025-48188
libpspp-core.a in GNU PSPP through 2.0.1 has an incorrect call from fillbuffer in data/encrypted-file.c to the Gnulib rijndaelDecrypt function, leading to a heap-based buffer over-read...
PT-2025-22117 · Salesforce · Omnis Studio
Name of the Vulnerable Software and Affected Versions: Salesforce OmniStudio versions prior to Spring 2025 Description: The issue is related to an Improper Preservation of Permissions vulnerability in Salesforce OmniStudio DataMapper, which allows the exposure of encrypted data. Recommendations:...
OpenPGP.js's message signature verification can be spoofed
Impact A maliciously modified message can be passed to either openpgp.verify or openpgp.decrypt, causing these functions to return a valid signature verification result while returning data that was not actually signed. This flaw allows signature verifications of inline non-detached signed messag...
GHSA-8QFF-QR5Q-5PR8 OpenPGP.js's message signature verification can be spoofed
Impact A maliciously modified message can be passed to either openpgp.verify or openpgp.decrypt, causing these functions to return a valid signature verification result while returning data that was not actually signed. This flaw allows signature verifications of inline non-detached signed messag...
CVE-2025-47934 OpenPGP.js's message signature verification can be spoofed
OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. Startinf in version 5.0.1 and prior to versions 5.11.3 and 6.1.1, a maliciously modified message can be passed to either openpgp.verify or openpgp.decrypt, causing these functions to return a valid signature verification result...
CVE-2025-47934
OpenPGP.js CVE-2025-47934 affects versions prior to 5.11.3 and 6.1.1, where a maliciously modified message can cause openpgp.verify or openpgp.decrypt to return a valid signature verification while the data may not have been signed. This affects inline-signed messages and signed-and-encrypted mes...
CVE-2025-47934 OpenPGP.js's message signature verification can be spoofed
OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. Startinf in version 5.0.1 and prior to versions 5.11.3 and 6.1.1, a maliciously modified message can be passed to either openpgp.verify or openpgp.decrypt, causing these functions to return a valid signature verification result...
Update NetScaler Console certificate
NetScaler Console allows you to replace the default inbuilt database certificates with your own certificates from a trusted certificate authority. You can also configure your own cipher suites in the NetScaler Console database. This feature provides greater flexibility and security for your...
Privacy-Preserving AI for Encrypted Medical Imaging: a Framework for Secure Diagnosis and Learning
The rapid integration of Artificial Intelligence AI into medical diagnostics has raised pressing concerns about patient privacy, especially when sensitive imaging data must be transferred, stored, or processed. In this paper, we propose a novel framework for privacy-preserving diagnostic inferenc...
PT-2025-23069 · Fortinet · Fortiportal
Name of the Vulnerable Software and Affected Versions: Fortinet FortiPortal versions 7.0.0 through 7.0.9 Fortinet FortiPortal versions 7.2.0 through 7.2.5 Fortinet FortiPortal version 7.4.0 Description: The issue allows an authenticated attacker with at least read-only admin permissions to view...
Private LoRA Fine-Tuning of Open-Source LLMs with Homomorphic Encryption
Preserving data confidentiality during the fine-tuning of open-source Large Language Models LLMs is crucial for sensitive applications. This work introduces an interactive protocol adapting the Low-Rank Adaptation LoRA technique for private fine-tuning. Homomorphic Encryption HE protects the...
ARTEC EMA Mail 安全漏洞
ARTEC EMA Mail is an enterprise-class encrypted mail system from ARTEC. A security vulnerability exists in ARTEC EMA Mail version 6.92 that stems from vulnerability to cross-site request forgery attacks...