ex_webrtc client-role handshake is missing DTLS peer fingerprint validation

Summary Missing DTLS peer certificate fingerprint validation in the DTLS client active role removes one side of WebRTC's mutual authentication. The bug is not independently exploitable for media interception in standard deployments, but enables a full man-in-the-middle attack when chained with...

Anamorphic Encryption with CCA Security: A Standard Model Construction

Anamorphic encryption serves as a vital tool for covert communication, maintaining secrecy even during post-compromise scenarios. Particularly in the receiver-anamorphic setting, a user can shield hidden messages even when coerced into surrendering their secret keys. However, a major bottleneck i...

Quantum-Resistant Networks Using Post-Quantum Cryptography

Quantum networks rely on both quantum and classical channels for coordinated operation. Current architectures employ entanglement distribution and key exchange over quantum channels but often assume that classical communication is sufficiently secure. In practice, classical channels protected by...

EUVD-2019-11406

Malware in sbrugna...

EUVD-2022-7730

Malicious code in bioql PyPI...

CVE-2025-53903

CVE-2025-53903 affects The Scratch Channel’s web application, with a cross-site scripting (XSS) vulnerability stemming from unsanitized input in /api/users.js. The issue is addressed by commit 90b39eb56b27b2bac29001abb1a3cac0964b8ddb. Public documents describe the vulnerability and fix; exploitat...

Secure Quantum Key Distribution against Correlated Leakage Source

Quantum key distribution QKD provides information theoretic security based on quantum mechanics, however, its practical deployment is challenged by imperfections of source devices. Among various source loopholes, correlations between transmitted pulses pose a significant yet underexplored securit...

CVE-2018-13878

An XSS issue was discovered in packages/rocketchat-mentions/Mentions.js in Rocket.Chat before 0.65. The real name of a username is displayed unescaped when the user is mentioned using the @ symbol in a channel or private chat. Consequently, it is possible to exfiltrate the secret token of every...

CVE-2025-23178

CWE-923: Improper Restriction of Communication Channel to Intended Endpoints...

CVE-2025-32945

The vulnerability allows an existing user to add playlists to a different user’s channel using the PeerTube REST API. The vulnerable code sets the owner of the new playlist to be the user who performed the request, and then sets the associated channel to the channel ID supplied by the request,...

CVE-2024-50489

Authentication Bypass Using an Alternate Path or Channel vulnerability in realtyworkstation Realty Workstation realty-workstation allows Authentication Bypass.This issue affects Realty Workstation: from n/a through = 1.0.45...

CVE-2024-54005

A vulnerability has been identified in COMOS V10.3 All versions V10.3.3.5.8, COMOS V10.4.0 All versions, COMOS V10.4.1 All versions, COMOS V10.4.2 All versions, COMOS V10.4.3 All versions V10.4.3.0.47, COMOS V10.4.4 All versions V10.4.4.2, COMOS V10.4.4.1 All versions V10.4.4.1.21. The PDMS/E3D...

Mattermost Unauthorized Access Vulnerability

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from an unauthorized access vulnerability that stems from failing to properly authorize access to an archive channel when viewing the archive channel is disabled. An attacker could...

CVE-2023-43754

Mattermost contains a vulnerability where permalink previews do not verify the setting that controls viewing archived channels. The root cause is a missing check during permalink preview generation, allowing members to see previews for archived channels even when the setting to view archived chan...

MGASA-2022-0447 Updated freerdp packages fix security vulnerability

In affected versions there is an out of bound read in ZGFX decoder component of FreeRDP. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it likely resulting in a crash. CVE-2022-39316 Affected versions of FreeRDP are missing a range check for input...

MGASA-2021-0571 Updated olm packages fix security vulnerability

Updated olm packages fix security vulnerability: The olmsessiondescribe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of t...

VMware Carbon Black Named to the 2021 CRN Security 100 List

We are proud to announce that CRN®, a brand of The Channel Company, has named VMware Carbon Black to its annual Security 100 list. The Security 100 list features leading IT channel security vendors and is compiled by a panel of CRN editors, recognizing channel-focused security vendors across five...

CVE-2016-8732

Multiple security flaws exists in InvProtectDrv.sys which is a part of Invincea Dell Protected Workspace 5.1.1-22303. Weak restrictions on the driver communication channel and additional insufficient checks allow any application to turn off some of the protection mechanisms provided by the Invinc...

Microsoft's official Youtube channel hacked

Microsoft 's official Youtube channel hacked It appears that someone has hacked into Microsoft's account on Youtube and removed all videos. As can be seen in the picture, there are currently no videos at all anymore see the red arrow in the screenshot and the comment about the website is not "Wis...