VulnCheck KEV: CVE-2023-48728

A cross-site scripting xss vulnerability exists in the functiongetOpenGraph videoName functionality of WWBN AVideo 11.6 and dev master commit 3c6bb3ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this...

Ai-Driven Vulnerability Analysis in Smart Contracts: Trends, Challenges and Future Directions

Smart contracts, integral to blockchain ecosystems, enable decentralized applications to execute predefined operations without intermediaries. Their ability to enforce trustless interactions has made them a core component of platforms such as Ethereum. Vulnerabilities such as numerical overflows,...

VulnCheck KEV: CVE-2024-52763

A cross-site scripting XSS vulnerability in the component /graphallperiods.php of Ganglia-web v3.73 to v3.75 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "g" parameter...

Obfuscation-Resilient Binary Code Similarity Analysis Using Dominance Enhanced Semantic Graph

Binary code similarity analysis BCSA serves as a core technique for binary analysis tasks such as vulnerability detection. While current graph-based BCSA approaches capture substantial semantics and show strong performance, their performance suffers under code obfuscation due to the unstable...

Unintended Proxy or Intermediary ('Confused Deputy')

Overview Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' via the ResourceGraphDefinition resources. An attacker can execute arbitrary code on cluster nodes by supplying attacker-controlled images. This is only exploitable if the user has...

Unintended Proxy or Intermediary ('Confused Deputy')

Overview Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' via the ResourceGraphDefinition resources. An attacker can execute arbitrary code on cluster nodes by supplying attacker-controlled images. This is only exploitable if the user has...

Keyed Chaotic Dynamics for Privacy-Preserving Neural Inference

Neural network inference typically operates on raw input data, increasing the risk of exposure during preprocessing and inference. Moreover, neural architectures lack efficient built-in mechanisms for directly authenticating input data. This work introduces a novel encryption method for ensuring...

Heterogeneous Secure Transmissions in IRS-Assisted NOMA Communications: CO-GNN Approach

Intelligent Reflecting Surfaces IRS enhance spectral efficiency by adjusting reflection phase shifts, while Non-Orthogonal Multiple Access NOMA increases system capacity. Consequently, IRS-assisted NOMA communications have garnered significant research interest. However, the passive nature of the...

An Accurate and Efficient Vulnerability Propagation Analysis Framework

Identifying the impact scope and scale is critical for software supply chain vulnerability assessment. However, existing studies face substantial limitations. First, prior studies either work at coarse package-level granularity, producing many false positives, or fail to accomplish whole-ecosyste...

Amatriciana: Exploiting Temporal GNNs for Robust and Efficient Money Laundering Detection

Money laundering is a financial crime that poses a serious threat to financial integrity and social security. The growing number of transactions makes it necessary to use automatic tools that help law enforcement agencies detect such criminal activity. In this work, we present Amatriciana, a nove...

Unlearning Inversion Attacks for Graph Neural Networks

Graph unlearning methods aim to efficiently remove the impact of sensitive data from trained GNNs without full retraining, assuming that deleted information cannot be recovered. In this work, we challenge this assumption by introducing the graph unlearning inversion attack: given only black-box...

PackHero: a Scalable Graph-Based Approach for Efficient Packer Identification

Anti-analysis techniques, particularly packing, challenge malware analysts, making packer identification fundamental. Existing packer identifiers have significant limitations: signature-based methods lack flexibility and struggle against dynamic evasion, while Machine Learning approaches require...

The Cost of Restaking Vs. Proof-Of-Stake

We compare the efficiency of restaking and Proof-of-Stake PoS protocols in terms of stake requirements. First, we consider the sufficient condition for the restaking graph to be secure. We show that the condition implies that it is always possible to transform such a restaking graph into secure P...

Transaction Proximity: a Graph-Based Approach to Blockchain Fraud Prevention

This paper introduces a fraud-deterrent access validation system for public blockchains, leveraging two complementary concepts: "Transaction Proximity", which measures the distance between wallets in the transaction graph, and "Easily Attainable Identities EAIs", wallets with direct transaction...

Practical Bayes-Optimal Membership Inference Attacks

We develop practical and theoretically grounded membership inference attacks MIAs against both independent and identically distributed i.i.d. data and graph-structured data. Building on the Bayesian decision-theoretic framework of Sablayrolles et al., we derive the Bayes-optimal membership...

BSAGIoT: a Bayesian Security Aspect Graph for Internet of Things (IoT)

IoT is a dynamic network of interconnected things that communicate and exchange data, where security is a significant issue. Previous studies have mainly focused on attack classifications and open issues rather than presenting a comprehensive overview on the existing threats and vulnerabilities...

CVE-2024-52520

Nextcloud Server is a self hosted personal cloud system. Due to a pre-flighted HEAD request, the link reference provider could be tricked into downloading bigger websites than intended, to find open-graph data. It is recommended that the Nextcloud Server is upgraded to 28.0.10 or 29.0.7 and...

CVE-2024-37843

Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API endpoint...

CVE-2024-34152

Mattermost versions 9.5.x = 9.5.3, 9.6.x = 9.6.1 and 8.1.x = 8.1.12 fail to perform proper access control which allows a guest to get the metadata of a public playbook run that linked to the channel they are guest via sending an RHSRuns GraphQL query request to the server...

CVE-2024-5615

The Open Graph plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.11.2 via the 'opengraphdefaultdescription' function. This makes it possible for unauthenticated attackers to extract sensitive data including partial content of...