Aggregator

A vulnerability, which was classified as critical, was found in NVIDIA GeForce, RTX PRO, RTX, Quadro, Tesla and Guest driver on Windows. Affected is an unknown function in the library nvlddmkm.sys of the component Kernel Mode Layer. The manipulation results in integer overflow. This vulnerability is cataloged as CVE-2025-33218. The attack must be initiated from a local position. There is no exploit available.

A vulnerability was found in NVIDIA GeForce, RTX PRO, RTX, Quadro and Tesla on Windows. It has been declared as critical. This vulnerability affects unknown code. Executing a manipulation can lead to use after free. This vulnerability appears as CVE-2025-33217. The attack requires local access. There is no available exploit.

A vulnerability was found in NVIDIA GeForce, RTX PRO, RTX, Quadro, Tesla and Virtual GPU Manager. It has been rated as critical. This issue affects some unknown processing of the component Virtual GPU Manager. The manipulation leads to use after free. This vulnerability is traded as CVE-2025-33220. An attack has to be approached locally. There is no exploit available.

A vulnerability identified as problematic has been detected in HasThemes WC Builder Plugin up to 1.0.18 on WordPress. This affects an unknown part. Performing a manipulation results in cross site scripting. This vulnerability was named CVE-2024-29926. The attack may be initiated remotely. There is no available exploit.

A vulnerability was found in wpweb WooCommerce Social Login Plugin up to 2.6.3 on WordPress. It has been rated as problematic. Affected is an unknown function. The manipulation leads to deserialization. This vulnerability is traded as CVE-2024-37502. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability categorized as critical has been discovered in WPWeb WooCommerce PDF Vouchers Plugin up to 4.9.4 on WordPress. This vulnerability affects unknown code. Such manipulation leads to path traversal. This vulnerability is referenced as CVE-2024-39651. It is possible to launch the attack remotely. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability marked as problematic has been reported in WPWeb Docket Plugin up to 1.6.x on WordPress. The affected element is an unknown function. The manipulation leads to incorrect authorization. This vulnerability is listed as CVE-2024-43131. The attack may be initiated remotely. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability identified as problematic has been detected in WebberZone Better Search Plugin up to 3.3.0 on WordPress. This affects an unknown function of the component Search Result Handler. This manipulation causes cross site scripting. This vulnerability is tracked as CVE-2024-29142. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability marked as problematic has been reported in HasThemes Extensions for CF7 Plugin up to 3.0.6 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is referenced as CVE-2024-29102. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability has been found in HasThemes HT Easy GA4 Plugin up to 1.1.7 on WordPress and classified as problematic. This vulnerability affects unknown code. Performing a manipulation results in cross site scripting. This vulnerability is reported as CVE-2024-29094. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability has been found in HasTheme WishSuite Plugin up to 1.3.7 on WordPress and classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is documented as CVE-2024-29927. The attack can be initiated remotely. There is not any exploit available.

A vulnerability identified as problematic has been detected in WPWeb Elite WooCommerce PDF Vouchers Plugin up to 4.9.4 on WordPress. This affects an unknown part. Performing a manipulation results in cross site scripting. This vulnerability is cataloged as CVE-2024-39652. It is possible to initiate the attack remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability labeled as problematic has been found in WPWeb Social Auto Poster Plugin up to 5.3.15 on WordPress. The impacted element is an unknown function. Executing a manipulation can lead to cross site scripting. This vulnerability is tracked as CVE-2024-47369. The attack can be launched remotely. No exploit exists.

Session 10C: Privacy Preservation

Authors, Creators & Presenters: Eduardo Chielle (New York University Abu Dhabi), Michail Maniatakos (New York University Abu Dhabi)

PAPER
Recurrent Private Set Intersection for Unbalanced Databases with Cuckoo Hashing and Leveled FHE

A Private Set Intersection (PSI) protocol is a cryptographic method allowing two parties, each with a private set, to determine the intersection of their sets without revealing any information about their entries except for the intersection itself. While extensive research has focused on PSI protocols, most studies have centered on scenarios where two parties possess sets of similar sizes, assuming a semi-honest threat model. However, when the sizes of the parties' sets differ significantly, a generalized solution tends to underperform compared to a specialized one, as recent research has demonstrated. Additionally, conventional PSI protocols are typically designed for a single execution, requiring the entire protocol to be re-executed for each set intersection. This approach is suboptimal for applications such as URL denylisting and email filtering, which may involve multiple set intersections of small sets against a large set (e.g., one for each email received). In this study, we propose a novel PSI protocol optimized for the recurrent setting where parties have unbalanced set sizes. We implement our protocol using Levelled Fully Homomorphic Encryption and Cuckoo hashing, and introduce several optimizations to ensure real-time performance. By utilizing the Microsoft SEAL library, we demonstrate that our protocol can perform private set intersections in 20 ms and 240 ms on 10 Gbps and 100 Mbps networks, respectively. Compared to existing solutions, our protocol offers significant improvements, reducing set intersection times by one order of magnitude on slower networks and by two orders of magnitude on faster networks.

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.

Permalink

The post NDSS 2025 – Recurrent Private Set Intersection For Unbalanced Databases With Cuckoo Hashing appeared first on Security Boulevard.

A survey of 506 cybersecurity leaders and practitioners working for organizations with more than 500 employees, published today, finds that while 80% report security and DevOps teams are using shared observability tools, less than half (45%) say the two teams are very aligned on tooling and workflows compared to 43% that said these teams are..

The post Survey Surfaces Lots of Room for DevSecOps Improvement appeared first on Security Boulevard.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in multiple Fortinet products to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Broadcom VMware vCenter Server vulnerability, tracked as CVE-2026-24858 (CVSS score of 9.4), to its Known Exploited Vulnerabilities (KEV) catalog. This week, Fortinet started rolling out patches for […]

5 min readManaging digital identities for both human and non-human users is a central challenge for modern organizations. As companies adopt more SaaS platforms, microservices, and multi-cloud environments, they face two major identity challenges: Each login represents a potential vulnerability and productivity loss. According to 1Password, one in three employees (34%) reuse passwords at work, even when […]

The post SSO vs. Federated Identity Management: A Guide appeared first on Aembit.

The post SSO vs. Federated Identity Management: A Guide appeared first on Security Boulevard.

A vulnerability labeled as critical has been found in CloverHackyColor CloverBootloader. The impacted element is an unknown function of the file MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma. The manipulation results in out-of-bounds write. This vulnerability is cataloged as CVE-2026-24795. The attack must be initiated from a local position. There is no exploit available. The affected component should be upgraded.

A vulnerability labeled as problematic has been found in Froxlor Server Management Panel 0.10.16. This issue affects some unknown processing. Such manipulation of the argument username/name/firstname leads to cross site scripting. This vulnerability is traded as CVE-2020-36978. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability marked as critical has been reported in vLLM up to 0.14.0. This vulnerability affects the function MediaConnector. Performing a manipulation results in server-side request forgery. This vulnerability is reported as CVE-2026-24779. The attack is possible to be carried out remotely. No exploit exists. It is suggested to upgrade the affected component.