Systematic Review of Lightweight Cryptographic Algorithms

The emergence of small computing devices and the integration of processing units into everyday objects has made lightweight cryptography an essential part of the security landscape. Conventional cryptographic algorithms such as AES, RSA, and DES are unsuitable for resource-constrained devices due...

Quantum Encryption Resilience Score (QERS) for MQTT, HTTP, and HTTPS under Post-Quantum Cryptography in Computer, IoT, and IIoT Systems

Post-quantum cryptography PQC introduces significant computational and communication overhead, which poses challenges for resource-constrained computer systems, Internet of Things IoT, and Industrial IoT IIoT devices. This paper presents an experimental evaluation of the Quantum Encryption...

EUVD-2025-11142

Malicious code in bioql PyPI...

EUVD-2022-36898

Malicious code in bioql PyPI...

A Comparative Analysis of Lightweight Hash Functions Using AVR ATXMega128 and ChipWhisperer

Lightweight hash functions have become important building blocks for security in embedded and IoT systems. A plethora of algorithms have been proposed and standardized, providing a wide range of performance trade-off options for developers to choose from. This paper presents a comparative analysi...

The vulnerability of the device management platform for systems related to heating, ventilation, and air conditioning, lighting, and energy consumption within the Niagara Framework, as well as the Niagara Enterprise Security tools for access control and security, stems from the ability to disclose information through a query string, allowing attackers to compromise the confidentiality of protected information.

The vulnerability of the device management platform for heating, ventilation, and air conditioning systems, lighting, and energy consumption, as well as the Niagara Framework and its access control and security measures, is related to the disclosure of information through query strings. Exploitin...

The vulnerability of the device management platform for systems involving heating, ventilation, and air conditioning, lighting, and energy consumption within the Niagara Framework, along with the Niagara Enterprise Security tools for access control and security, stems from insufficient calculation of password hashes. This allows attackers to gain access to the device.

The vulnerability of the device management platform for systems involving heating, ventilation, and air conditioning, lighting, and energy consumption, as well as the Niagara Framework and the access control and security measures, is related to insufficient calculation of password hashes...

LingoLoop Attack: Trapping MLLMs via Linguistic Context and State Entrapment into Endless Loops

Multimodal Large Language Models MLLMs have shown great promise but require substantial computational resources during inference. Attackers can exploit this by inducing excessive output, leading to resource exhaustion and service degradation. Prior energy-latency attacks aim to increase generatio...

Energy Consumption Framework and Analysis of Post-Quantum Key-Generation on Embedded Devices

The emergence of quantum computing and Shor's algorithm necessitates an imminent shift from current public key cryptography techniques to post-quantum robust techniques. NIST has responded by standardising Post-Quantum Cryptography PQC algorithms, with ML-KEM FIPS-203 slated to replace ECDH...

Sponge Attacks on Sensing AI: Energy-Latency Vulnerabilities and Defense Via Model Pruning

Recent studies have shown that sponge attacks can significantly increase the energy consumption and inference latency of deep neural networks DNNs. However, prior work has focused primarily on computer vision and natural language processing tasks, overlooking the growing use of lightweight AI...

Growatt Cloud Applications Information Disclosure Vulnerability (CNVD-2025-14963)

Growatt Cloud Applications is a monitoring platform from Growatt in China. An information disclosure vulnerability exists in Growatt Cloud Applications version 3.6.0 and prior versions, which can be exploited by an unauthenticated attacker to query the total energy consumption information of any...

CVE-2025-31950

An unauthenticated attacker can obtain EV charger energy consumption information of other users...

CVE-2025-31147

Unauthenticated attackers can query information about total energy consumed by EV chargers of arbitrary users...

CVE-2025-31950

An unauthenticated attacker can obtain EV charger energy consumption information of other users...

CVE-2025-31950

An unauthenticated attacker can obtain EV charger energy consumption information of other users...

CVE-2025-31147

Unauthenticated attackers can query information about total energy consumed by EV chargers of arbitrary users...

CVE-2025-31147

Unauthenticated attackers can query information about total energy consumed by EV chargers of arbitrary users...

CVE-2025-31147 Growatt Cloud portal Authorization Bypass Through User-Controlled Key

Unauthenticated attackers can query information about total energy consumed by EV chargers of arbitrary users...

CVE-2025-31147

The CVE-2025-31147 entry corresponds to an information-disclosure vulnerability in Growatt Cloud Applications (China), affecting versions up to 3.6.0 and earlier. An unauthenticated attacker can query the total energy consumption information of arbitrary users’ EV chargers, exposing sensitive usa...

CVE-2025-31950 Growatt Cloud portal Authorization Bypass Through User-Controlled Key

An unauthenticated attacker can obtain EV charger energy consumption information of other users...