GHSA-Q29P-9PFR-J652 libcrux-sha3: Incorrect output from SHAKE squeeze functions

The incremental squeeze functions in the portable SHAKE XOF API, when attempting to squeeze more than RATE 168 for SHAKE128, 136 for SHAKE256 bytes, performed an additional permutation of the state before producing the first output block, thus discarding the first block of RATE bytes of valid XOF...

Incorrect Output of Incremental Portable SHAKE API

The incremental squeeze functions in the portable SHAKE XOF API, when attempting to squeeze more than RATE 168 for SHAKE128, 136 for SHAKE256 bytes, performed an additional permutation of the state before producing the first output block, thus discarding the first block of RATE bytes of valid XOF...

Malicious code in desert-shake-new (npm)

The package desert-shake-new was found to contain malicious code...

MAL-2025-43974 Malicious code in desert-shake-new (npm)

The package desert-shake-new was found to contain malicious code...

Malicious code in simple-js-shake-256 (npm)

The package simple-js-shake-256 was found to contain malicious code...

MAL-2025-33272 Malicious code in simple-js-shake (npm)

The package simple-js-shake was found to contain malicious code...

MAL-2025-33273 Malicious code in simple-js-shake-128 (npm)

The package simple-js-shake-128 was found to contain malicious code...

Malicious code in simple-js-shake-128 (npm)

The package simple-js-shake-128 was found to contain malicious code...

Malicious code in simple-js-shake (npm)

The package simple-js-shake was found to contain malicious code...

MAL-2025-33274 Malicious code in simple-js-shake-256 (npm)

The package simple-js-shake-256 was found to contain malicious code...

ZK-SERIES: Privacy-Preserving Authentication Using Temporal Biometric Data

Biometric authentication relies on physiological or behavioral traits that are inherent to a user, making them difficult to lose, forge or forget. Biometric data with a temporal component enable the following authentication protocol: recent readings of the underlying biometrics are encoded as tim...

CVE-2023-32365

The issue was addressed with improved checks. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, iOS 16.5 and iPadOS 16.5. Shake-to-undo may allow a deleted photo to be re-surfaced without authentication...

Energy-Efficient NTT Sampler for Kyber Benchmarked on FPGA

Kyber is a lattice-based key encapsulation mechanism selected for standardization by the NIST Post-Quantum Cryptography PQC project. A critical component of Kyber's key generation process is the sampling of matrix elements from a uniform distribution over the ring Rq . This step is one of the mos...

CVE-2024-23240

The issue was addressed with improved checks. This issue is fixed in iOS 17.4 and iPadOS 17.4. Shake-to-undo may allow a deleted photo to be re-surfaced without authentication...

CVE-2024-23240

The issue was addressed with improved checks. This issue is fixed in iOS 17.4 and iPadOS 17.4. Shake-to-undo may allow a deleted photo to be re-surfaced without authentication...

Authentication flaw

The issue was addressed with improved checks. This issue is fixed in iOS 17.4 and iPadOS 17.4. Shake-to-undo may allow a deleted photo to be re-surfaced without authentication...

CVE-2024-23240

The issue was addressed with improved checks. This issue is fixed in iOS 17.4 and iPadOS 17.4. Shake-to-undo may allow a deleted photo to be re-surfaced without authentication...

Apple iOS and iPadOS Security Vulnerabilities

Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS version 17.4, iPadOS version 17.4, which stems from a shake undo feature that...

PT-2024-19735 · Apple · Ios +1

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 17.4 iPadOS versions prior to 17.4 Description: The issue allows a deleted photo to be re-surfaced without authentication through the shake-to-undo feature. This is due to inadequate checks that have been improved in the...

shake-hands.de Improper Access Control vulnerability OBB-3771396

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...