3097 matches found
CVE-2026-14535
In Trail of Bits fickling versions up to and including 0.1.11, the UnsafeImportsML analysis pass unconditionally calls AnalysisContext.shortencodenode on every import node it inspects, regardless of whether the import is flagged as unsafe. This call registers the shortened code representation in...
EUVD-2026-41676
In Trail of Bits fickling versions up to and including 0.1.11, the UnsafeImportsML analysis pass unconditionally calls AnalysisContext.shortencodenode on every import node it inspects, regardless of whether the import is flagged as unsafe. This call registers the shortened code representation in...
CVE-2026-56149
Allocation of Resources Without Limits or Throttling CWE-770 in Elasticsearch can lead to a denial of service via Excessive Allocation CAPEC-130. A user with elevated privileges can submit a specially crafted machine learning request that causes excessive memory consumption, which may render the...
CVE-2026-56149 Allocation of Resources Without Limits or Throttling in Elasticsearch Leading to Denial of Service
Allocation of Resources Without Limits or Throttling CWE-770 in Elasticsearch can lead to a denial of service via Excessive Allocation CAPEC-130. A user with elevated privileges can submit a specially crafted machine learning request that causes excessive memory consumption, which may render the...
EUVD-2026-41072
Allocation of Resources Without Limits or Throttling CWE-770 in Elasticsearch can lead to a denial of service via Excessive Allocation CAPEC-130. A user with elevated privileges can submit a specially crafted machine learning request that causes excessive memory consumption, which may render the...
CVE-2026-56149
Allocation of Resources Without Limits or Throttling CWE-770 in Elasticsearch can lead to a denial of service via Excessive Allocation CAPEC-130. A user with elevated privileges can submit a specially crafted machine learning request that causes excessive memory consumption, which may render the...
CVE-2026-56149
CVE-2026-56149 affects Elasticsearch and stems from Allocation of Resources Without Limits or Throttling (CWE-770), enabling a denial of service via Excessive memory allocation when a user with privileges to manage trained models submits a crafted machine learning request. Affected versions inclu...
PT-2026-54864
Name of the Vulnerable Software and Affected Versions Elasticsearch affected versions not specified Description An issue exists where the allocation of resources lacks limits or throttling. A user with elevated privileges can submit a specially crafted machine learning request that triggers...
CVE-2026-6330
The ML-KEM ARM64 NEON ciphertext comparison only compares half of the input, breaking the Fujisaki-Okamoto transform's implicit rejection and weakening IND-CCA2 security on that code path. The constant-time comparison effectively ignored part of the re-encrypted ciphertext, so a decapsulating par...
CVE-2026-6330
The ML-KEM ARM64 NEON ciphertext comparison only compares half of the input, breaking the Fujisaki-Okamoto transform's implicit rejection and weakening IND-CCA2 security on that code path. The constant-time comparison effectively ignored part of the re-encrypted ciphertext, so a decapsulating par...
PT-2026-52603
Name of the Vulnerable Software and Affected Versions ML-KEM affected versions not specified Description An issue exists in the ARM64 NEON ciphertext comparison where only half of the input is compared. This failure breaks the implicit rejection of the Fujisaki-Okamoto transform—a method used to...
SQL-Injection-Detection-System
SQL Injection Detection System A comprehensive full-stack web...
Evaluating and Combating the Impact of Concept Drift on the Performance of Machine Learning-Based Phishing Detection Systems
The expansion of the digital domain has resulted in a substantial increase in digital communication, with email emerging as one of the most prominent channels. The proliferation of email communication is apparent in both professional and personal contexts, thereby creating numerous vulnerabilitie...
Hiding the Trees in the Forest: Building Network Covert Channels with Hash-Based Covert Carrier Filtering
As an effective anti-censorship mechanism, network covert channels can provide data privacy protection and ensure communication security. However, the covertness of existing network covert channels primarily depends on the secrecy of their covert algorithms. With the increasing depth of research ...
The Chronicles of Radio Frequency Fingerprinting
Radio Frequency Fingerprinting RFF has evolved from an early idea for radar emitter identification into a broad research field for wireless device identification and spectrum monitoring for security. Rather than presenting a conventional literature survey, this work provides a critical historical...
Only 10% of SOCs Say They’re Getting Excellent Value From AI. Here’s What the Second Wave Has to Deliver
Eighteen months ago, the AI SOC was a marketing line. Today it's a budget item. The category has crossed over from interesting to inevitable, with billions of dollars now flowing into AI-powered security operations platforms, agentic SOC tools, and AI co-pilots built into every layer of the...
The Sound of Malware: A Memory Forensics Approach for Android Malware Analysis Via Audio Signals
Android malware analysis is currently facing increasing challenges in achieving robust classification and detecting stealth attacks. Modern threats employ advanced evasion strategies such as code obfuscation, dynamic loading, packing, and even steganographic manipulation of traditional static and...
FDM: A Framework for Decision-Making to Build ML-Based Malware Detection Systems
Selecting appropriate machine learning ML configurations for malware detection is a complex, multi-criteria problem. Model choice, feature engineering, and update mechanisms must jointly satisfy operational constraints that vary across deployment contexts. This paper proposes the Framework for...
CVE-2026-11033
CVE-2026-11033 affects Google Chrome on macOS due to an uninitialized use in WebML. The issue allows a remote attacker to potentially read sensitive data from process memory via a crafted HTML page. Affected software is Chrome on Mac, with the vulnerability described as occurring before Chrome ve...
TinyML-Driven Cybersecurity for Autonomous Spacecraft: Latency-Accuracy Analysis for SPARTA RF and Cyber Threat Detection
Autonomous spacecraft require rapid, lightweight, and reliable onboard detection of cyber-RF threats. Using the SPARTA attack model, we analyze the latency-accuracy trade-offs of TinyML-compatible classical models -- Random Forest, Logistic Regression, SVM, and MLP -- for detecting uplink jamming...