56 matches found
EUVD-2026-42317
Handshakes which used Encrypted Client Hello could be de-anonymized by a passive network observer due to a disclosure of pre-shared key identities in the unencrypted client hello...
CVE-2026-42505
Handshakes which used Encrypted Client Hello could be de-anonymized by a passive network observer due to a disclosure of pre-shared key identities in the unencrypted client hello...
PT-2026-56479
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Handshakes using Encrypted Client Hello ECH, a mechanism designed to encrypt the initial handshake of a TLS connection to protect client privacy, could be...
EUVD-2020-18842
Malware in sbrugna...
EUVD-2022-1975
Malicious code in bioql PyPI...
EUVD-2025-13505
Malicious code in bioql PyPI...
Benchmarking Fraud Detectors on Private Graph Data
We introduce the novel problem of benchmarking fraud detectors on private graph-structured data. Currently, many types of fraud are managed in part by automated detection algorithms that operate over graphs. We consider the scenario where a data holder wishes to outsource development of fraud...
CVE-2021-32750
MuWire is a file publishing and networking tool that protects the identity of its users by using I2P technology. Users of MuWire desktop client prior to version 0.8.8 can be de-anonymized by an attacker who knows their full ID. An attacker could send a message with a subject line containing a URL...
CVE-2025-46340
Misskey CSS style injection vulnerability (CVE-2025-46340) affects 12.0.0 up to 2025.4.0 due to inadequate validation in UrlPreviewService and MkUrlPreview, enabling arbitrary CSS in MkUrlPreview and potential de-anonymization/related client attacks. UrlPreviewService.wrap avoids non-http/https U...
PT-2025-19769 · Misskey · Misskey
Name of the Vulnerable Software and Affected Versions: Misskey versions 12.0.0 through 2025.4.0 Description: The issue arises from an oversight in validation performed in UrlPreviewService and MkUrlPreview, allowing an attacker to inject arbitrary CSS into the MkUrlPreview component. This can lea...
GHSA-69M9-RPRC-2X7G Moodle reveals student identities through assignment submissions search on anonymous submissions
A flaw has was found in Moodle where anonymous assignment submissions can be de-anonymized via search, revealing student identities...
Moodle reveals student identities through assignment submissions search on anonymous submissions
A flaw has was found in Moodle where anonymous assignment submissions can be de-anonymized via search, revealing student identities...
CVE-2025-3628
A flaw has was found in Moodle where anonymous assignment submissions can be de-anonymized via search, revealing student identities...
CVE-2025-3628 Moodle: moodle assignment submission search leaks anonymous student identities
A flaw has was found in Moodle where anonymous assignment submissions can be de-anonymized via search, revealing student identities...
CVE-2025-3628
A flaw has was found in Moodle where anonymous assignment submissions can be de-anonymized via search, revealing student identities...
PT-2025-17910
Name of the Vulnerable Software and Affected Versions Moodle affected versions not specified Description A flaw was found in Moodle where anonymous assignment submissions can be de-anonymized via search, revealing student identities. Recommendations At the moment, there is no information about a...
Moodle 信息泄露漏洞
Moodle is Moodle open source set of free e-learning software platform, also known as course management system, learning management system or virtual learning environment. Moodle suffers from an information disclosure vulnerability that stems from the fact that anonymous assignment submissions can...
CVE-2020-26230
Radar COVID is the official COVID-19 exposure notification app for Spain. In affected versions of Radar COVID, identification and de-anonymization of COVID-19 positive users that upload Radar COVID TEKs to the Radar COVID server is possible. This vulnerability enables the identification and...
CVE-2023-36325
i2p before 2.3.0 Java allows de-anonymizing the public IPv4 and IPv6 addresses of i2p hidden services aka eepsites via a correlation attack across the IPv4 and IPv6 addresses that occurs when a tunneled, replayed message has a behavior discrepancy it may be dropped, or may result in a Wrong...
Tor anonymity compromised by law enforcement. Is it still safe to use?
Despite people generally considering the Tor network as an essential tool for anonymous browsing, german law enforcement agencies have managed to de-anonymize Tor users after putting surveillance on Tor servers for months. Before we go into the what the agencies did, let's take a look at some...