1225 matches found
A Hybrid Approach for Malware Classification Using Secondary Features Fusion
The number of malware either variant or novel is rapidly increasing, making malware detection and mitigation a complex problem. One approach to improving malware mitigation is automatic detection and malware family classification. However, traditional malware detection methods cannot classify...
Pre-Characterization of Electromagnetic Side-Channel Leakage Using Publicly Available Information: A Case Study on E-Voting Interfaces
In this work, we study the interface of the Brazilian e-Voting Machine BVM in the context of electromagnetic side-channel threats commonly referred to as TEMPEST attacks. In a TEMPEST attack against video displays, an eavesdropper uses Software-Defined Radios SDRs to recover sensitive information...
EUVD-2026-31359
Concrete CMS 9.5.0 and below is vulnerable to IDOR in surveys. To be vulnerable, a site would have to be configured in such a way that both public and private surveys are present on the site. An unauthenticated attacker can vote in the restricted survey by submitting the restricted optionID throu...
CVE-2026-8337
Concrete CMS 9.5.0 and below is vulnerable to IDOR in surveys. To be vulnerable, a site would have to be configured in such a way that both public and private surveys are present on the site. An unauthenticated attacker can vote in the restricted survey by submitting the restricted optionID throu...
CVE-2026-8337 Concrete CMS 9.5.0 and below is vulnerable to IDOR in surveys when sites are running concurrent public surveys and private surveys
Concrete CMS 9.5.0 and below is vulnerable to IDOR in surveys. To be vulnerable, a site would have to be configured in such a way that both public and private surveys are present on the site. An unauthenticated attacker can vote in the restricted survey by submitting the restricted optionID throu...
CVE-2026-8337
Concrete CMS 9.5.0 and below is vulnerable to IDOR in surveys. To be vulnerable, a site would have to be configured in such a way that both public and private surveys are present on the site. An unauthenticated attacker can vote in the restricted survey by submitting the restricted optionID throu...
PT-2026-42565
Name of the Vulnerable Software and Affected Versions Concrete CMS versions 9.5.0 and earlier Description An Insecure Direct Object Reference IDOR exists in the surveys feature. This occurs when a site is configured with both public and private surveys. An unauthenticated attacker can vote in a...
Public Voting Records: A Record, or an Attack Surface?
This is a whitepaper discussing a formal methodology for auditing voter-file disclosure regimes against linkage attacks...
Trident: Improving Malware Detection with LLMs and Behavioral Features
Traditionally, machine learning methods for PE malware detection have relied on static features like byte histograms, string information, and PE header contents. One barrier to incorporating dynamic analysis features has been the semi-structured nature of sandbox behavior reports. We show that,...
CVE-2026-34065
nimiq-primitives contains primitives e.g., block, account, transaction to be used in Nimiq's Rust implementation. Prior to version 1.3.0, an untrusted p2p peer can cause a node to panic by announcing an election macro block whose validators set contains an invalid compressed BLS voting key. Hashi...
CVE-2026-34068
nimiq-transaction provides the transaction primitive to be used in Nimiq's Rust implementation. Prior to version 1.3.0, the staking contract accepts UpdateValidator transactions that set newvotingkey=Some... while omitting newproofofknowledge. this skips the proof-of-knowledge requirement that is...
CVE-2026-34068 nimiq-transaction: UpdateValidator transactions allows voting key change without proof-of-knowledge
nimiq-transaction provides the transaction primitive to be used in Nimiq's Rust implementation. Prior to version 1.3.0, the staking contract accepts UpdateValidator transactions that set newvotingkey=Some... while omitting newproofofknowledge. this skips the proof-of-knowledge requirement that is...
CVE-2026-34068 nimiq-transaction: UpdateValidator transactions allows voting key change without proof-of-knowledge
nimiq-transaction provides the transaction primitive to be used in Nimiq's Rust implementation. Prior to version 1.3.0, the staking contract accepts UpdateValidator transactions that set newvotingkey=Some... while omitting newproofofknowledge. this skips the proof-of-knowledge requirement that is...
CVE-2026-34065 nimiq-primitives: Node crash due to missing interlink validation in election macro block proposals
nimiq-primitives contains primitives e.g., block, account, transaction to be used in Nimiq's Rust implementation. Prior to version 1.3.0, an untrusted p2p peer can cause a node to panic by announcing an election macro block whose validators set contains an invalid compressed BLS voting key. Hashi...
CVE-2026-34065
nimiq-primitives contains primitives e.g., block, account, transaction to be used in Nimiq's Rust implementation. Prior to version 1.3.0, an untrusted p2p peer can cause a node to panic by announcing an election macro block whose validators set contains an invalid compressed BLS voting key. Hashi...
CVE-2026-34065 nimiq-primitives: Node crash due to missing interlink validation in election macro block proposals
nimiq-primitives contains primitives e.g., block, account, transaction to be used in Nimiq's Rust implementation. Prior to version 1.3.0, an untrusted p2p peer can cause a node to panic by announcing an election macro block whose validators set contains an invalid compressed BLS voting key. Hashi...
nimiq-transaction: UpdateValidator transactions allows voting key change without proof-of-knowledge
Impact The staking contract accepts UpdateValidator transactions that set newvotingkey=Some... while omitting newproofofknowledge. this skips the proof-of-knowledge requirement that is needed to prevent BLS rogue-key attacks when public keys are aggregated. Because tendermint macro block...
GHSA-PF4J-PF3W-95F9 nimiq-transaction: UpdateValidator transactions allows voting key change without proof-of-knowledge
Impact The staking contract accepts UpdateValidator transactions that set newvotingkey=Some... while omitting newproofofknowledge. this skips the proof-of-knowledge requirement that is needed to prevent BLS rogue-key attacks when public keys are aggregated. Because tendermint macro block...
EUVD-2026-25062
nimiq-primitives: Node crash due to missing interlink validation in election macro block proposals...
GHSA-7C4J-2M43-2MGH nimiq-primitives: Node crash due to missing interlink validation in election macro block proposals
Impact An untrusted p2p peer can cause a node to panic by announcing an election macro block whose validators set contains an invalid compressed BLS voting key. Hashing an election macro header hashes validators and reaches Validators::votingkeys, which calls validator.votingkey.uncompress.unwrap...