CVE-2024-47853

CVE-2024-47853 affects Mahara versions 23.04.8 and 24.04.4. The issue enables privilege escalation in certain cases during login when using Learning Tools Interoperability (LTI). CVSS 3.1 indicates high impact across confidentiality, integrity, and availability with network attack vector and low ...

Quantum-safe security: Progress towards next-generation cryptography

Quantum computing promises transformative advancements, yet it also poses a very real risk to today’s cryptographic security. In the future scalable quantum computing could break public-key cryptography methods currently in use and undermine digital signatures, resulting in compromised...

Quantum-safe security: Progress towards next-generation cryptography

Quantum computing promises transformative advancements, yet it also poses a very real risk to today’s cryptographic security. In the future scalable quantum computing could break public-key cryptography methods currently in use and undermine digital signatures, resulting in compromised...

CVE-2025-54882

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. In versions 0.8.0 through 0.9.21 and 1.0.0-beta through 1.1.0, Himmelblau stores the cloud TGT received during logon in the Kerberos credential cache. The created credential cache collection and received credentials...

CVE-2025-54781 Himmelblau leaks an Intune service access token in its logs

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. When debugging is enabled for Himmelblau in version 1.0.0, the himmelblaudtasks service leaks an Intune service access token to the system journal. This short-lived token can be used to detect the host's Intune...

Metaverse Security and Privacy Research: a Systematic Review

The rapid growth of metaverse technologies, including virtual worlds, augmented reality, and lifelogging, has accelerated their adoption across diverse domains. This rise exposes users to significant new security and privacy challenges due to sociotechnical complexity, pervasive connectivity, and...

WatchWitch: Interoperability, Privacy, and Autonomy for the Apple Watch

Smartwatches such as the Apple Watch collect vast amounts of intimate health and fitness data as we wear them. Users have little choice regarding how this data is processed: The Apple Watch can only be used with Apple's iPhones, using their software and their cloud services. We are the first to...

CVE-2025-6291

CVE-2025-6291 concerns the D-Link DIR-825 router (version 2.03) where the HTTP POST Request Handler’s function do_file allows a stack-based buffer overflow. Multiple sources (CNVD/CNNVD/NVD, CVE lists) describe a remote, unauthenticated or low-privilege path to exploit that can execute arbitrary ...

net/http: Request smuggling due to acceptance of invalid chunked data in net/http

A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...

net/http: Request smuggling due to acceptance of invalid chunked data in net/http

A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...

[SECURITY] Fedora 41 Update: samba-4.21.6-1.fc41

Samba is the standard Windows interoperability suite of programs for Linux and Unix...

[SECURITY] Fedora 42 Update: samba-4.22.2-1.fc42

Samba is the standard Windows interoperability suite of programs for Linux and Unix...

Next Generation Authentication for Data Spaces: an Authentication Flow Based on Grant Negotiation and Authorization Protocol for Verifiable Presentations (GNAP4VP)

Identity verification in Data Spaces is a fundamental aspect of ensuring security and privacy in digital environments. This paper presents an identity verification protocol tailored for shared data environments within Data Spaces. This protocol extends the Grant Negotiation and Authorization...

CVE-2025-24800

Hyperbridge is a hyper-scalable coprocessor for verifiable, cross-chain interoperability. A critical vulnerability was discovered in the ismp-grandpa crate, that allowed a malicious prover easily convince the verifier of the finality of arbitrary headers. This could be used to steal funds or...

CVE-2024-50589

An unauthenticated attacker with access to the local network of the medical office can query an unprotected Fast Healthcare Interoperability Resources FHIR API to get access to sensitive electronic health records EHR...

CVE-2023-28113

russh is a Rust SSH client and server library. Starting in version 0.34.0 and prior to versions 0.36.2 and 0.37.1, Diffie-Hellman key validation is insufficient, which can lead to insecure shared secrets and therefore breaks confidentiality. Connections between a russh client and server or those ...

CVE-2021-32966

Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are vulnerable to clear text transmission of sensitive information when configured to use LDAP via TLS and where the domain controller returns LDAP referrals, which may allow an attacker to remotely read LDA...

Agent Name Service (ANS): a Universal Directory for Secure AI Agent Discovery and Interoperability

The proliferation of AI agents requires robust mechanisms for secure discovery. This paper introduces the Agent Name Service ANS, a novel architecture based on DNS addressing the lack of a public agent discovery framework. ANS provides a protocol-agnostic registry infrastructure that leverages...

Blockchain Technology: Core Mechanisms, Evolution, and Future Implementation Challenges

Blockchain technology has emerged as one of the most transformative digital innovations of the 21st century. This paper presents a comprehensive review of blockchain's fundamental architecture, tracing its development from Bitcoin's initial implementation to current enterprise applications. We...

Enhancing Blockchain Cross Chain Interoperability: a Comprehensive Survey

Blockchain technology, introduced in 2008, has revolutionized data storage and transfer across sectors such as finance, healthcare, intelligent transportation, and the metaverse. However, the proliferation of blockchain systems has led to discrepancies in architectures, consensus mechanisms, and...