Short Message Service (SMS) Phishing Attacks and Defenses: A Systematic Review

SMS Phishing also known as 'smishing' is a growing deceptive social engineering SE attack that leverages mobile SMS to conduct cybercrimes such as stealing sensitive information or spreading malware by tricking users into interacting with attackers' messages e.g., responding to or clicking URLs...

[SECURITY] Fedora 42 Update: rust-bytes-1.11.1-1.fc42

Types and traits for working with bytes...

[SECURITY] Fedora 43 Update: rust-bytes-1.11.1-1.fc43

Types and traits for working with bytes...

Belief in False Information: A Human-Centered Security Risk in Sociotechnical Systems

This paper provides a comprehensive literature review on the belief in false information, including misinformation, disinformation, and fake information. It addresses the increasing societal concern regarding false information, which is fueled by technological progress, especially advancements in...

EUVD-2021-1877

Malware in sbrugna...

CVE-2025-9397

CVE-2025-9397 affects givanz Vvveb up to 1.0.7.2. The flaw resides in /system/traits/media.php, where manipulating the files[] argument can cause unrestricted file uploads. This enables remote exploitation with publicly available exploits. A patch is advised; the code maintainer indicates a fix a...

CVE-2025-9397 givanz Vvveb media.php unrestricted upload

A weakness has been identified in givanz Vvveb up to 1.0.7.2. Affected is an unknown function of the file /system/traits/media.php. Executing manipulation of the argument files can lead to unrestricted upload. The attack can be launched remotely. The exploit has been made available to the public...

nodejs: Remote Crash via SignTraits::DeriveBits() in Node.js

A flaw was found in Node.js, specifically in the C++ method SignTraits::DeriveBits. This vulnerability can allow a remote attacker to crash the Node.js runtime via untrusted input, triggering an exception in a background thread...

CVE-2020-36438

An issue was discovered in the tinyfuture crate before 0.4.0 for Rust. Future does not have bounds on its Send and Sync traits...

CVE-2020-36460

An issue was discovered in the model crate through 2020-11-10 for Rust. The Shared data structure has an implementation of the Send and Sync traits without regard for the inner type...

GHSA-C2HM-MJXV-89R4 Multiple soundness issues in lexical

lexical contains multiple soundness issues: 1. Bytes::read allows creating instances of types with invalid bit patterns 1. BytesIter::read advances iterators out of bounds 1. The BytesIter trait has safety invariants but is public and not marked unsafe 1. writefloat calls MaybeUninit::assumeinit ...

Multiple soundness issues in lexical

lexical contains multiple soundness issues: 1. Bytes::read allows creating instances of types with invalid bit patterns 1. BytesIter::read advances iterators out of bounds 1. The BytesIter trait has safety invariants but is public and not marked unsafe 1. writefloat calls MaybeUninit::assumeinit ...

OSV-2023-346 UNKNOWN WRITE in void std::__1::allocator_traits<std::__1::allocator<wabt::interp::HandlerDesc> >

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=58344 Crash type: UNKNOWN WRITE Crash state: void std::1::allocatortraits void std::1::vectorwabt::interp::HandlerDesc, std::1::allocatorwabt::inter std::1::vectorwabt::interp::HandlerDesc, std::1::allocatorwabt::interp::Ha...

PT-2023-35798 · Git +1 · Wabt

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A crash has been reported with an unknown write issue. The crash involves the std:: 1::allocator traits and std:: 1::vector functions, specifically with...

(Pseudo) Random Number Generator can be gamed, allowing a user to target desirable NFT traits

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. The iteratePRNG function in the Utils.sol library is used in Tray.sol:drawing, which is used to determine the tile data that a user gets when they purchase an NFT in Tray.sol:buy. An attacker can exploi...

The users can't add traits for their CidNFT's

Lines of code Vulnerability details Proof of Concept The CidNFT contract implements the add function for the users to add traits/subprotocol Id's to their CidNFT's. During calling add function, it validates whether the user is the owner of the provided CiDNFT and the user is approved by the owner...

PT-2022-22662 · Node.Js +6 · Node.Js +6

Name of the Vulnerable Software and Affected Versions: Node.js version 18 Description: A weak randomness issue exists in the WebCrypto keygen due to a change with EntropySource in SecretKeyGenTraits::DoKeyGen in src/crypto/crypto keygen.cc. There are two main problems: 1. The return value of...

OSV-2022-514 Heap-use-after-free in AK::HashTable<AK::StringView, AK::Traits<AK::StringView>, false>::try_lookup_for

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=48405 Crash type: Heap-use-after-free READ 2 Crash state: AK::HashTable, false::trylookupfor JS::Parser::isprivateidentifiervalid JS::Parser::parseprimaryexpression...

`array!` macro is unsound in presence of traits that implement methods it calls internally

Affected versions of this crate called some methods using auto-ref. The affected code looked like this. rust let mut arr = $crate::core::mem::MaybeUninit::uninit; let mut vec = $crate::ArrayVec::::newarr.asmutptr as mut T; In this case, the problem is that asmutptr is a method of &mut MaybeUninit...

CVE-2021-42196

An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function traitsparse located in abc.c. It allows an attacker to cause Denial of Service...