CVE-2025-6853

A vulnerability classified as critical has been found in chatchat-space Langchain-Chatchat up to 0.3.1. This affects the function uploadtempdocs of the file /knowledgebase/uploadtempdocs of the component Backend. The manipulation of the argument flag leads to path traversal. It is possible to...

LangChain-Chatchat 路径遍历漏洞

LangChain-Chatchat is a Chatchat-Space open source chatbot software developed based on the LangChain framework. A path traversal vulnerability exists in LangChain-Chatchat 0.3.1 and earlier versions, which stems from path traversal due to incorrect manipulation of the parameter flag in the file...

CVE-2025-52884

RISC Zero is a zero-knowledge verifiable general computing platform, with Ethereum integration. The risc0-ethereum repository contains Solidity verifier contracts, Steel EVM view call library, and supporting code. Prior to versions 2.1.1 and 2.2.0, the Steel.validateCommitment Solidity library...

Client Clustering Meets Knowledge Sharing: Enhancing Privacy and Robustness in Personalized Peer-To-Peer Learning

The growing adoption of Artificial Intelligence AI in Internet of Things IoT ecosystems has intensified the need for personalized learning methods that can operate efficiently and privately across heterogeneous, resource-constrained devices. However, enabling effective personalized learning in...

ZKPROV: a Zero-Knowledge Approach to Dataset Provenance for Large Language Models

As the deployment of large language models LLMs grows in sensitive domains, ensuring the integrity of their computational provenance becomes a critical challenge, particularly in regulated sectors such as healthcare, where strict requirements are applied in dataset usage. We introduce ZKPROV, a...

CVE-2025-52884 risc0-ethereum-contracts allows invalid commitment with digest value of zero to be accepted by Steel.validateCommitment

RISC Zero is a zero-knowledge verifiable general computing platform, with Ethereum integration. The risc0-ethereum repository contains Solidity verifier contracts, Steel EVM view call library, and supporting code. Prior to versions 2.1.1 and 2.2.0, the Steel.validateCommitment Solidity library...

Verifiable Unlearning on Edge

Machine learning providers commonly distribute global models to edge devices, which subsequently personalize these models using local data. However, issues such as copyright infringements, biases, or regulatory requirements may require the verifiable removal of certain data samples across all edg...

KnowML: Improving Generalization of ML-NIDS with Attack Knowledge Graphs

Despite extensive research on Machine Learning-based Network Intrusion Detection Systems ML-NIDS, their capability to detect diverse attack variants remains uncertain. Prior studies have largely relied on homogeneous datasets, which artificially inflate performance scores and offer a false sense ...

ZK-SERIES: Privacy-Preserving Authentication Using Temporal Biometric Data

Biometric authentication relies on physiological or behavioral traits that are inherent to a user, making them difficult to lose, forge or forget. Biometric data with a temporal component enable the following authentication protocol: recent readings of the underlying biometrics are encoded as tim...

Yotta: a Large-Scale Trustless Data Trading Scheme for Blockchain System

Data trading is one of the key focuses of Web 3.0. However, all the current methods that rely on blockchain-based smart contracts for data exchange cannot support large-scale data trading while ensuring data security, which falls short of fulfilling the spirit of Web 3.0. Even worse, there is...

CVE-2025-52791

Cross-Site Request Forgery CSRF vulnerability in devfelixmoira Knowledge Base - Knowledge Base Maker knowledge-base-maker allows Stored XSS.This issue affects Knowledge Base - Knowledge Base Maker: from n/a through = 1.1.8...

Network Structures As an Attack Surface: Topology-Based Privacy Leakage in Federated Learning

Federated learning systems increasingly rely on diverse network topologies to address scalability and organizational constraints. While existing privacy research focuses on gradient-based attacks, the privacy implications of network topology knowledge remain critically understudied. We conduct th...

Today'S Cat Is Tomorrow'S Dog: Accounting for Time-Based Changes in the Labels of ML Vulnerability Detection Approaches

Vulnerability datasets used for ML testing implicitly contain retrospective information. When tested on the field, one can only use the labels available at the time of training and testing e.g. seen and assumed negatives. As vulnerabilities are discovered across calendar time, labels change and...

LLM Embedding-Based Attribution (LEA): Quantifying Source Contributions to Generative Model'S Response for Vulnerability Analysis

Security vulnerabilities are rapidly increasing in frequency and complexity, creating a shifting threat landscape that challenges cybersecurity defenses. Large Language Models LLMs have been widely adopted for cybersecurity threat analysis. When querying LLMs, dealing with new, unseen...

Fair Data Exchange with Constant-Time Proofs

The Fair Data Exchange FDE protocol introduced at CCS 2024 offers atomic pay-per-file transfers with constant-size proofs, but its prover and verifier runtimes still scale linearly with the file length n. We collapse these costs to essentially constant by viewing the file as a rate-1 Reed-Solomon...

On Immutable Memory Systems for Artificial Agents: a Blockchain-Indexed Automata-Theoretic Framework Using ECDH-Keyed Merkle Chains

This paper presents a formalized architecture for synthetic agents designed to retain immutable memory, verifiable reasoning, and constrained epistemic growth. Traditional AI systems rely on mutable, opaque statistical models prone to epistemic drift and historical revisionism. In contrast, we...

CVE-2025-52791

Cross-Site Request Forgery CSRF vulnerability in devfelixmoira Knowledge Base – Knowledge Base Maker knowledge-base-maker allows Stored XSS.This issue affects Knowledge Base – Knowledge Base Maker: from n/a through = 1.1.8...

CVE-2025-52791

Cross-Site Request Forgery CSRF vulnerability in devfelixmoira Knowledge Base – Knowledge Base Maker knowledge-base-maker allows Stored XSS.This issue affects Knowledge Base – Knowledge Base Maker: from n/a through = 1.1.8...

CVE-2025-52791 WordPress Knowledge Base – Knowledge Base Maker plugin <= 1.1.8 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in devfelixmoira Knowledge Base – Knowledge Base Maker knowledge-base-maker allows Stored XSS.This issue affects Knowledge Base – Knowledge Base Maker: from n/a through = 1.1.8...

CVE-2025-52791

CVE-2025-52791 concerns the WordPress plugin “Knowledge Base – Knowledge Base Maker” (versions