981 matches found
CVE-2025-59509
CVE-2025-59509 affects Windows Speech, with the issue described as insertion of sensitive information into data sent by Windows Speech. The impact is local disclosure of information to an authorized attacker. The Connected documents confirm Windows-related fixes and hotpatch updates, but do not p...
CVE-2025-59509 Windows Speech Recognition Information Disclosure Vulnerability
...
CVE-2025-59509 Windows Speech Recognition Information Disclosure Vulnerability
...
CVE-2025-59508 Windows Speech Recognition Elevation of Privilege Vulnerability
...
CVE-2025-59508
CVE-2025-59508 is reported in Windows Speech as a race-condition in concurrent execution on a shared resource, enabling local privilege escalation for an authorized attacker. The connected NCSC advisory lists Windows Speech CVE-2025-59508 with an impact of obtaining increased rights. Public detai...
CVE-2025-59508 Windows Speech Recognition Elevation of Privilege Vulnerability
...
Windows Speech Recognition Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Speech allows an authorized attacker to elevate privileges locally...
Windows Speech Recognition Information Disclosure Vulnerability
Insertion of sensitive information into sent data in Windows Speech allows an authorized attacker to disclose information locally...
A Visual Perception-Based Tunable Framework and Evaluation Benchmark for H.265/HEVC ROI Encryption
ROI selective encryption, as an efficient privacy protection technique, encrypts only the key regions in the video, thereby ensuring security while minimizing the impact on coding efficiency. However, existing ROI-based video encryption methods suffer from insufficient flexibility and lack of a...
Smartphone User Fingerprinting on Wireless Traffic
Due to the openness of the wireless medium, smartphone users are susceptible to user privacy attacks, where user privacy information is inferred from encrypted Wi-Fi wireless traffic. Existing attacks are limited to recognizing mobile apps and their actions and cannot infer the smartphone user...
CVE-2025-12108 Missing Authentication for Critical Function Survision License Plate Recognition Camera
The Survision LPR Camera system does not enforce password protection by default. This allows access to the configuration wizard immediately without a login prompt or credentials check...
CVE-2025-12108 Missing Authentication for Critical Function Survision License Plate Recognition Camera
The Survision LPR Camera system does not enforce password protection by default. This allows access to the configuration wizard immediately without a login prompt or credentials check...
Survision LPR Camera 访问控制错误漏洞
Survision LPR Camera is a license plate recognition camera from Survision France. An access control error vulnerability exists in Survision LPR Camera that stems from password protection not being enforced by default, which could lead to unauthorized access...
Would you sext ChatGPT? (Lock and Code S06E22)
This week on the Lock and Code podcast … In the final, cold winter months of the year, ChatGPT could be heating up. On October 14, OpenAI CEO Sam Altman said that the "restrictions" that his company previously placed on their flagship product, ChatGPT, would be removed, allowing, perhaps, for...
CVE-2025-43027
CVE-2025-43027 affects Genetec Security Center, with a critical issue in the ALPR Manager role that could allow an attacker to gain administrative access to the system. Public descriptions cite a base score of 9.8 (CVSS v3.1) and network, unauthenticated, no-user-interaction exploitability, causi...
PT-2025-44402
Name of the Vulnerable Software and Affected Versions Genetec Security Center affected versions not specified Description A critical severity issue has been identified in the ALPR Manager role of Security Center that could allow attackers to gain administrative access to the Genetec Security Cent...
CyberNER: A Harmonized STIX Corpus for Cybersecurity Named Entity Recognition
Extracting structured intelligence via Named Entity Recognition NER is critical for cybersecurity, but the proliferation of datasets with incompatible annotation schemas hinders the development of comprehensive models. While combining these resources is desirable, we empirically demonstrate that...
Vulnerabilities fixed in Oracle Commerce
Oracle has fixed vulnerabilities in several subcomponents of Oracle Commerce products, including Oracle Middleware Common Libraries, Oracle Documaker, Oracle WebCenter Forms Recognition, Oracle WebLogic Server, and Oracle Application Testing Suite. The vulnerabilities allow unauthenticated...
Failures in Face Recognition
Interesting article on people with nonstandard faces and how facial recognition systems fail for them. Some of those living with facial differences tell WIRED they have undergone multiple surgeries and experienced stigma for their entire lives, which is now being echoed by the technology they are...
Congratulations to the top MSRC 2025 Q3 security researchers!
Congratulations to all the researchers recognized in this quarter’sMicrosoft Researcher Recognition Programleaderboard! Thank you to everyone for your hard work and continued partnership to secure customers...