ml-dsa's UseHint function has off by two error when r0 equals zero

Summary There's a bug in the usehint function where it adds 1 instead of subtracting 1 when the decomposed low bits r0 equal exactly zero. FIPS 204 Algorithm 40 is pretty clear that r0 0 means strictly positive, but the current code treats zero as positive. This causes valid signatures to...

GHSA-H37V-HP6W-2PP8 ml-dsa's UseHint function has off by two error when r0 equals zero

Summary There's a bug in the usehint function where it adds 1 instead of subtracting 1 when the decomposed low bits r0 equal exactly zero. FIPS 204 Algorithm 40 is pretty clear that r0 0 means strictly positive, but the current code treats zero as positive. This causes valid signatures to...

PT-2026-5048

The ML-DSA crate is a Rust implementation of the Module-Lattice-Based Digital Signature Standard ML-DSA. Starting in version 0.0.4 and prior to version 0.1.0-rc.4, the ML-DSA signature verification implementation in the RustCrypto ml-dsa crate incorrectly accepts signatures with repeated duplicat...

CVE-2025-1101

A CWE-204 "Observable Response Discrepancy" in the login page in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enumerate valid usernames via crafted HTTP requests...

EUVD-2009-3955

Malware in sbrugna...

EUVD-2013-2855

Malware in sbrugna...

EUVD-2006-5592

Malware in sbrugna...

EUVD-2022-50648

Malicious code in bioql PyPI...

EUVD-2024-49451

Malicious code in bioql PyPI...

EUVD-2022-50649

Malicious code in bioql PyPI...

EUVD-2022-42751

Malicious code in bioql PyPI...

EUVD-2024-39561

Malicious code in bioql PyPI...

EUVD-2024-37323

Malicious code in bioql PyPI...

EUVD-2025-23822

Malicious code in bioql PyPI...

EUVD-2022-50650

Malicious code in bioql PyPI...

EUVD-2025-2003

Malicious code in bioql PyPI...

CVE-2025-46390

CWE-204: Observable Response Discrepancy...

Cache Poisoning

Next.js is vulnerable to Cache Poisoning. The vulnerability is due to improper caching of HTTP 204 responses for static pages, which allows an attacker to poison the cache and cause the 204 response to be served to all users attempting to access the affected page...

📄 Netman 204 Authentication Bypass / Remote Code Execution

Netman 204 allows for remote command execution without authentication. Exploit Title: Netman 204 - Remote command with out authentication Date: 2/4/2025 Exploit Author: parsa rezaie khiabanloo Vendor Homepage: netman-204 https://www.riello-ups.com/downloads/25-netman-204 Version: netman-204 Teste...

Netman 204 - Remote command without authentication

Exploit Title: Netman 204 - Remote command with out authentication Date: 2/4/2025 Exploit Author: parsa rezaie khiabanloo Vendor Homepage: netman-204 https://www.riello-ups.com/downloads/25-netman-204 Version: netman-204 Tested on: Windows/Linux Step 1 : Attacker can using these dorks then can fi...