AI Security Research Should Better Incentivize Defense Research

This work examines an imbalance in artificial intelligence AI security research: the field tends to produce more work on attacking AI systems than on defending them. Drawing on related academic papers, we find biased attack-to-defense ratios across subfields, including federated learning, speech...

Astra Linux - уязвимость в chromium

The use of “after free” in Speech Recognition in Google Chrome prior to version 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...

CVE-2025-33246

NVIDIA NeMo Framework for all platforms contains a vulnerability in the ASR Evaluator utility, where a user could cause a command injection by supplying crafted input to a configuration parameter. A successful exploit of this vulnerability might lead to code execution, escalation of privileges,...

CVE-2025-59509

CVE-2025-59509 affects Windows Speech, with the issue described as insertion of sensitive information into data sent by Windows Speech. The impact is local disclosure of information to an authorized attacker. The Connected documents confirm Windows-related fixes and hotpatch updates, but do not p...

CVE-2025-59509 Windows Speech Recognition Information Disclosure Vulnerability

...

CVE-2025-59509 Windows Speech Recognition Information Disclosure Vulnerability

...

CVE-2025-59508

CVE-2025-59508 is reported in Windows Speech as a race-condition in concurrent execution on a shared resource, enabling local privilege escalation for an authorized attacker. The connected NCSC advisory lists Windows Speech CVE-2025-59508 with an impact of obtaining increased rights. Public detai...

CVE-2025-59508 Windows Speech Recognition Elevation of Privilege Vulnerability

...

CVE-2025-59508 Windows Speech Recognition Elevation of Privilege Vulnerability

...

Windows Speech Recognition Information Disclosure Vulnerability

Insertion of sensitive information into sent data in Windows Speech allows an authorized attacker to disclose information locally...

Windows Speech Recognition Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Speech allows an authorized attacker to elevate privileges locally...

EUVD-2013-6466

Malware in sbrugna...

EUVD-2014-1806

Malware in sbrugna...

EUVD-2022-43222

Malicious code in bioql PyPI...

Decoding Deception: Understanding Automatic Speech Recognition Vulnerabilities in Evasion and Poisoning Attacks

Recent studies have demonstrated the vulnerability of Automatic Speech Recognition systems to adversarial examples, which can deceive these systems into misinterpreting input speech commands. While previous research has primarily focused on white-box attacks with constrained optimizations, and...

Remote Rowhammer Attack Using Adversarial Observations on Federated Learning Clients

Federated Learning FL has the potential for simultaneous global learning amongst a large number of parallel agents, enabling emerging AI such as LLMs to be trained across demographically diverse data. Central to this being efficient is the ability for FL to perform sparse gradient updates and...

The vulnerability of the Speech API’s software interface for speech recognition and synthesis on Windows operating systems allows attackers to exploit their privileges.

The vulnerability of the Speech API SAPI software interface for speech recognition and synthesis in Windows operating systems is related to a memory reclamation error. Exploiting this vulnerability can allow an attacker to increase their privileges...

The vulnerability of the Speech API’s software interface for speech recognition and synthesis on Windows operating systems allows attackers to exploit their privileges.

The vulnerability of the Speech API SAPI software interface for speech recognition and synthesis in Windows operating systems is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...

CVE-2023-21342

In RemoteSpeechRecognitionService of RemoteSpeechRecognitionService.java, there is a possible way to launch an activity from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...

Cross site scripting

Common Voice is the web app for Mozilla Common Voice, a platform for collecting speech donations in order to create public domain datasets for training voice recognition-related tools. Version 1.88.2 is vulnerable to reflected Cross-Site Scripting given that user-controlled data flows to a path...