Aggregator

NDSS 2025 – Exploring User Perceptions Of Security Auditing In The Web3 Ecosystem

Security Boulevard
5 days 6 hours ago

SESSION Session 1C: Privacy & Usability 1

Authors, Creators & Presenters: Molly Zhuangtong Huang (University of Macau), Rui Jiang (University of Macau), Tanusree Sharma (Pennsylvania State University), Kanye Ye Wang (University of Macau)

PAPER Exploring User Perceptions of Security Auditing in the Web3 Ecosystem

In the rapidly evolving Web3 ecosystem, transparent auditing has emerged as a critical component for both applications and users. However, there is a significant gap in understanding how users perceive this new form of auditing and its implications for Web3 security. Utilizing a mixed-methods approach that incorporates a case study, user interviews, and social media data analysis, our study leverages a risk perception model to comprehensively explore Web3 users' perceptions regarding information accessibility, the role of auditing, and its influence on user behavior. Based on these extensive findings, we discuss how this open form of auditing is shaping the security of the Web3 ecosystem, identifying current challenges, and providing design implications.

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the organization’s’ YouTube channel.

Permalink

The post NDSS 2025 – Exploring User Perceptions Of Security Auditing In The Web3 Ecosystem appeared first on Security Boulevard.

Marc Handelman

CVE-2025-10291 | linlinjava litemall up to 1.8.0 /wx/aftersale/cancel WxAftersaleController ID improper authorization (EUVD-2025-29026)

Vuldb Updates
5 days 6 hours ago
A vulnerability categorized as critical has been discovered in linlinjava litemall up to 1.8.0. This affects the function WxAftersaleController of the file /wx/aftersale/cancel. Executing manipulation of the argument ID can lead to improper authorization. This vulnerability is handled as CVE-2025-10291. The attack can be executed remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2023-38831 | RARLabs WinRAR up to 6.22 ZIP Archive data authenticity (ID 174573)

Vuldb Updates
5 days 6 hours ago
A vulnerability has been found in RARLabs WinRAR up to 6.22 and classified as critical. This affects an unknown part of the component ZIP Archive Handler. This manipulation causes insufficient verification of data authenticity. This vulnerability is tracked as CVE-2023-38831. The attack is possible to be carried out remotely. Moreover, an exploit is present. The affected component should be upgraded.
vuldb.com

CVE-2025-10236 | binary-husky gpt_academic up to 3.91 LaTeX File latex_toolbox.py merge_tex_files_ \input{} path traversal (CNNVD-202509-1727)

Vuldb Updates
5 days 6 hours ago
A vulnerability was found in binary-husky gpt_academic up to 3.91. It has been declared as problematic. Impacted is the function merge_tex_files_ of the file crazy_functions/latex_fns/latex_toolbox.py of the component LaTeX File Handler. Such manipulation of the argument \input{} leads to path traversal. This vulnerability is traded as CVE-2025-10236. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2023-43208 | NextGen Healthcare Mirth Connect up to 4.4.0 on CVE os command injection

Vuldb Updates
5 days 6 hours ago
A vulnerability, which was classified as critical, was found in NextGen Healthcare Mirth Connect up to 4.4.0 on CVE. This affects an unknown part. The manipulation results in os command injection. This vulnerability is known as CVE-2023-43208. It is possible to launch the attack remotely. Furthermore, an exploit is available. You should upgrade the affected component.
vuldb.com

CVE-2022-47966 | Zoho ManageEngine Access Manager Plus Apache xmlsec Remote Code Execution (Advisory 170882)

Vuldb Updates
5 days 6 hours ago
A vulnerability, which was classified as problematic, was found in Zoho ManageEngine Access Manager Plus, Active Directory 360, ADAudit Plus, ADManager Plus, ADSelfService Plus, Analytics Plus, Application Control Plus, Asset Explorer, Browser Security Plus, Device Control Plus, Endpoint Central, Endpoint Central MSP, Endpoint DLP, Key Manager Plus, OS Deployer, PAM 360, Password Manager Pro, Patch Manager Plus, Remote Access Plus, Remote Monitoring and Management, ServiceDesk Plus, ServiceDesk Plus MSP, SupportCenter Plus and Vulnerability Manager Plus. Affected by this issue is some unknown functionality of the component Apache xmlsec. The manipulation results in Remote Code Execution. This vulnerability is cataloged as CVE-2022-47966. The attack may be launched remotely. Furthermore, there is an exploit available. You should upgrade the affected component.
vuldb.com

CVE-2025-11922 | Inactive Logout Plugin up to 3.5.5 on WordPress ina_redirect_page_individual_user cross site scripting (EUVD-2025-37405)

VulDB Recent Entries
5 days 6 hours ago
A vulnerability described as problematic has been identified in Inactive Logout Plugin up to 3.5.5 on WordPress. This issue affects some unknown processing. Such manipulation of the argument ina_redirect_page_individual_user leads to cross site scripting. This vulnerability is listed as CVE-2025-11922. The attack may be performed from remote. There is no available exploit.
vuldb.com

CVE-2025-11174 | Document Library Lite Plugin up to 1.1.6 on WordPress dll_load_posts authorization (EUVD-2025-37407)

VulDB Recent Entries
5 days 6 hours ago
A vulnerability marked as problematic has been reported in Document Library Lite Plugin up to 1.1.6 on WordPress. This vulnerability affects the function dll_load_posts. This manipulation causes missing authorization. This vulnerability is tracked as CVE-2025-11174. The attack is possible to be carried out remotely. No exploit exists.
vuldb.com

CVE-2025-11816 | WP Legal Pages Policy Generator, Terms & Conditions Generator Plugin disconnect_account_request authorization (EUVD-2025-37408)

VulDB Recent Entries
5 days 6 hours ago
A vulnerability labeled as critical has been found in WP Legal Pages Policy Generator, Terms & Conditions Generator Plugin and Privacy Policy Generator, Terms & Conditions Generator Plugin up to 3.5.1 on WordPress. This affects the function disconnect_account_request. The manipulation results in missing authorization. This vulnerability is identified as CVE-2025-11816. The attack can be executed remotely. There is not any exploit available.
vuldb.com

CVE-2025-11920 | WPCOM Member Plugin up to 1.7.14 on WordPress Shortcode action file inclusion (EUVD-2025-37406)

VulDB Recent Entries
5 days 6 hours ago
A vulnerability identified as critical has been detected in WPCOM Member Plugin up to 1.7.14 on WordPress. Affected by this issue is some unknown functionality of the component Shortcode Handler. The manipulation of the argument action leads to file inclusion. This vulnerability is referenced as CVE-2025-11920. Remote exploitation of the attack is possible. No exploit is available.
vuldb.com

Managed ad