Lucene search
K

36 matches found

HackRead
HackRead
added 2026/03/04 10:28 p.m.8 views

Institutional DeFi: Building Secure Bridges Between Decentralized Protocols and Corporate Treasury

Institutional DeFi helps corporations improve treasury liquidity, speed cross-border settlements, and manage capital using secure permissioned blockchain protocols...

5.9AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.22 views

EUVD-2022-6271

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.01937EPSS
Exploits0References6
Packet Storm News
Packet Storm News
added 2025/06/21 12:0 a.m.8 views

From Permissioned to Proof-of-Stake Consensus

This paper presents the first generic compiler that transforms any permissioned consensus protocol into a proof-of-stake permissionless consensus protocol. For each of the following properties, if the initial permissioned protocol satisfies that property in the partially synchronous setting, the...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/09 11:0 a.m.10 views

Think Your IdP or CASB Covers Shadow IT? These 5 Risks Prove Otherwise

You don’t need a rogue employee to suffer a breach. All it takes is a free trial that someone forgot to cancel. An AI-powered note-taker quietly syncing with your Google Drive. A personal Gmail account tied to a business-critical tool. That’s shadow IT. And today, it’s not just about unsanctioned...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/28 12:0 a.m.4 views

Permissioned LLMs: Enforcing Access Control in Large Language Models

In enterprise settings, organizational data is segregated, siloed and carefully protected by elaborate access control frameworks. These access control structures can completely break down if an LLM fine-tuned on the siloed data serves requests, for downstream tasks, from individuals with disparat...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/28 12:0 a.m.3 views

Securing the Software Package Supply Chain for Critical Systems

Software systems have grown as an indispensable commodity used across various industries, and almost all essential services depend on them for effective operation. The software is no longer an independent or stand-alone piece of code written by a developer but rather a collection of packages...

7.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 6:26 a.m.9 views

CVE-2024-49202

Keyfactor Command before 12.5.0 has Incorrect Access Control: access tokens are over permissioned, aka 64099. The fixed versions are 11.5.1.1, 11.5.2.1, 11.5.3.1, 11.5.4.5, 11.5.6.1, 11.6.0, 12.2.0.1, 12.3.0.1, 12.4.0.1, 12.5.0, and 24.4.0...

7.6CVSS7.1AI score0.00283EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2025/05/23 12:0 a.m.6 views

SecurePay: Enabling Secure and Fast Payment Processing for Platform Economy

Recent years have witnessed a rapid development of platform economy, as it effectively addresses the trust dilemma between untrusted online buyers and merchants. However, malicious platforms can misuse users' funds and information, causing severe security concerns. Previous research efforts aimed...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/15 12:0 a.m.3 views

AC-LoRA: (Almost) Training-Free Access Control-Aware Multi-Modal LLMs

Corporate LLMs are gaining traction for efficient knowledge dissemination and management within organizations. However, as current LLMs are vulnerable to leaking sensitive information, it has proven difficult to apply them in settings where strict access control is necessary. To this end, we desi...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/01 12:0 a.m.4 views

Decentralized Vulnerability Disclosure Via Permissioned Blockchain: a Secure, Transparent Alternative to Centralized CVE Management

This paper proposes a decentralized, blockchain-based system for the publication of Common Vulnerabilities and Exposures CVEs, aiming to mitigate the limitations of the current centralized model primarily overseen by MITRE. The proposed architecture leverages a permissioned blockchain, wherein on...

7AI score
Exploits0
Vulnrichment
Vulnrichment
added 2024/12/18 12:0 a.m.12 views

CVE-2024-49202

Keyfactor Command before 12.5.0 has Incorrect Access Control: access tokens are over permissioned, aka 64099. The fixed versions are 11.5.1.1, 11.5.2.1, 11.5.3.1, 11.5.4.5, 11.5.6.1, 11.6.0, 12.2.0.1, 12.3.0.1, 12.4.0.1, 12.5.0, and 24.4.0...

7.3AI score0.00283EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/12/18 12:0 a.m.24 views

CVE-2024-49202

Keyfactor Command before 12.5.0 has Incorrect Access Control: access tokens are over permissioned, aka 64099. The fixed versions are 11.5.1.1, 11.5.2.1, 11.5.3.1, 11.5.4.5, 11.5.6.1, 11.6.0, 12.2.0.1, 12.3.0.1, 12.4.0.1, 12.5.0, and 24.4.0...

0.00283EPSS
Exploits0References2
CVE
CVE
added 2024/12/18 12:0 a.m.52 views

CVE-2024-49202

Keyfactor Command prior to v12.5.0 contains an Incorrect Access Control issue where access tokens have over-permissioned rights (64099). Reported across multiple sources, the vulnerability affects versions before 12.5.0 and fixes are provided in the following releases: 11.5.1.1, 11.5.2.1, 11.5.3....

7.6CVSS7.2AI score0.00283EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/07/29 4:44 p.m.13 views

tgstation-server's DreamMaker environment files outside the deployment directory can be compiled and ran by insufficiently permissioned users

Impact What kind of vulnerability is it? Who is impacted? Low permission users using the "Set .dme Path" privilege could potentially set malicious .dme files existing on the host machine to be compiled and executed. These .dme files could be uploaded via tgstation-server requiring a separate,...

9.9CVSS8.2AI score0.0121EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2024/07/29 4:44 p.m.12 views

GHSA-C3H4-9GC2-F7H4 tgstation-server's DreamMaker environment files outside the deployment directory can be compiled and ran by insufficiently permissioned users

Impact What kind of vulnerability is it? Who is impacted? Low permission users using the "Set .dme Path" privilege could potentially set malicious .dme files existing on the host machine to be compiled and executed. These .dme files could be uploaded via tgstation-server requiring a separate,...

8.4CVSS8.7AI score0.0121EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/07/29 3:0 p.m.18 views

CVE-2024-41799 tgstation-server's DreamMaker environment files outside the deployment directory can be compiled and ran by insufficiently permissioned users

tgstation-server is a production scale tool for BYOND server management. Prior to 6.8.0, low permission users using the "Set .dme Path" privilege could potentially set malicious .dme files existing on the host machine to be compiled and executed. These .dme files could be uploaded via...

8.4CVSS7.9AI score0.0121EPSS
Exploits0References3
OSV
OSV
added 2024/07/18 7:22 p.m.12 views

BIT-HYPERLEDGER-FABRIC-TOOLS-2022-31121 Improper Input Validation in fabric hyperledger

Hyperledger Fabric is a permissioned distributed ledger framework. In affected versions if a consensus client sends a malformed consensus request to an orderer it may crash the orderer node. A fix has been added in commit 0f1835949 which checks for missing consensus messages and returns an error ...

7.5CVSS7.3AI score0.01937EPSS
Exploits0References5
OSV
OSV
added 2024/07/18 7:22 p.m.10 views

BIT-HYPERLEDGER-FABRIC-PEER-2022-31121 Improper Input Validation in fabric hyperledger

Hyperledger Fabric is a permissioned distributed ledger framework. In affected versions if a consensus client sends a malformed consensus request to an orderer it may crash the orderer node. A fix has been added in commit 0f1835949 which checks for missing consensus messages and returns an error ...

7.5CVSS7.3AI score0.01937EPSS
Exploits0References5
OSV
OSV
added 2024/07/18 7:21 p.m.13 views

BIT-HYPERLEDGER-FABRIC-ORDERER-2022-36023 Remote denial of service in Hyperledger Fabric Gateway

Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. If a gateway client application sends a malformed request to a gateway peer it may crash the peer node. Version 2.4.6 checks for the malformed gateway request and returns...

7CVSS5.7AI score0.00912EPSS
Exploits0References6
OSV
OSV
added 2024/07/18 7:21 p.m.11 views

BIT-HYPERLEDGER-FABRIC-TOOLS-2022-36023 Remote denial of service in Hyperledger Fabric Gateway

Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. If a gateway client application sends a malformed request to a gateway peer it may crash the peer node. Version 2.4.6 checks for the malformed gateway request and returns...

7CVSS5.7AI score0.00912EPSS
Exploits0References6
Rows per page
Query Builder