Privacy-Preserving Inconsistency Measurement

We investigate a new form of privacy-preserving inconsistency measurement for multi-party communication. Intuitively, for two knowledge bases KA, KB of two agents A, B, our results allow to quantitatively assess the degree of inconsistency for KA U KB without having to reveal the actual contents ...

Spa-VLM: Stealthy Poisoning Attacks on RAG-Based VLM

With the rapid development of the Vision-Language Model VLM, significant progress has been made in Visual Question Answering VQA tasks. However, existing VLM often generate inaccurate answers due to a lack of up-to-date knowledge. To address this issue, recent research has introduced...

DP-RTFL: Differentially Private Resilient Temporal Federated Learning for Trustworthy AI in Regulated Industries

Federated Learning FL has emerged as a critical paradigm for enabling privacy-preserving machine learning, particularly in regulated sectors such as finance and healthcare. However, standard FL strategies often encounter significant operational challenges related to fault tolerance, system...

TeleSparse: Practical Privacy-Preserving Verification of Deep Neural Networks

Verification of the integrity of deep learning inference is crucial for understanding whether a model is being applied correctly. However, such verification typically requires access to model weights and potentially sensitive or private training data. So-called Zero-knowledge Succinct...

Engineering Trustworthy Machine-Learning Operations with Zero-Knowledge Proofs

As Artificial Intelligence AI systems, particularly those based on machine learning ML, become integral to high-stakes applications, their probabilistic and opaque nature poses significant challenges to traditional verification and validation methods. These challenges are exacerbated in regulated...

CVE-2024-46326

Public Knowledge Project pkp-lib 3.4.0-7 and earlier is vulnerable to Open redirect due to a lack of input sanitization in the logout function...

CVE-2024-6229

A stored cross-site scripting XSS vulnerability exists in the 'Upload Knowledge' feature of stangirard/quivr, affecting the latest version. Users can upload files via URL, which allows the insertion of malicious JavaScript payloads. These payloads are stored on the server and executed whenever an...

CVE-2024-38533

ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. There is possible invalid stack access due to the addresses used to access the stack not properly being converted to cells. This issue has been patched in version 1.5.0...

CVE-2024-56137

MaxKB, which stands for Max Knowledge Base, is an open source knowledge base question-answering system based on a large language model and retrieval-augmented generation RAG. Prior to version 1.9.0, a remote command execution vulnerability exists in the module of function library. The vulnerabili...

CVE-2024-45040

gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Prior to version 0.11.0, commitments to private witnesses in Groth16 as implemented break the zero-knowledge property. The vulnerability affects only Groth16 proofs with commitments. Notably, PLONK proofs are not...

CVE-2024-51677

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ajay Knowledge Base knowledgebase allows Stored XSS.This issue affects Knowledge Base: from n/a through = 2.2.0...

CVE-2024-33588

Missing Authorization vulnerability in codeSavory Knowledge Base documentation & wiki plugin – BasePress.This issue affects Knowledge Base documentation & wiki plugin – BasePress: from n/a through 2.16.1...

CVE-2024-33590

Server-Side Request Forgery SSRF vulnerability in codeSavory Knowledge Base documentation & wiki plugin – BasePress.This issue affects Knowledge Base documentation & wiki plugin – BasePress: from n/a through 2.16.1...

CVE-2024-20948

Vulnerability in the Oracle Knowledge Management product of Oracle E-Business Suite component: Setup, Admin. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge...

CVE-2024-20943

Vulnerability in the Oracle Knowledge Management product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Knowledge...

CVE-2024-50965

Cross Site Scripting vulnerability in Public Knowledge Project PKP Platform OJS/OMP/OPS- before v.3.3.0.16 allows an attacker to execute arbitrary code and escalate privileges via a crafted script...

CVE-2024-33589

Missing Authorization vulnerability in WPOmnia KB Support.This issue affects KB Support: from n/a through 1.6.0...

CVE-2023-28958

IBM Watson Knowledge Catalog on Cloud Pak for Data 4.0 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 251782...

CVE-2023-28955

IBM Watson Knowledge Catalog on Cloud Pak for Data 4.0 could allow an authenticated user send a specially crafted request that could cause a denial of service. IBM X-Force ID: 251704...

CVE-2023-37890

Missing Authorization vulnerability in WPOmnia KB Support – WordPress Help Desk and Knowledge Base allows Accessing Functionality Not Properly Constrained by ACLs. Users with a role as low as a subscriber can view other customers.This issue affects KB Support – WordPress Help Desk and Knowledge...