Lucene search
K

122 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.37 views

EUVD-2024-54366

Malicious code in bioql PyPI...

5.5CVSS6.6AI score0.00274EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-6780

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00773EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-25612

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.00192EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-52605

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.01164EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/07/16 2:0 p.m.3 views

CVE-2025-40918 Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely

Authen::SASL::Perl::DIGESTMD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely. The cnonce client nonce is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch time may be guessed, i...

7.2AI score0.00394EPSS
Exploits0References5
Packet Storm News
Packet Storm News
added 2025/07/08 12:0 a.m.8 views

A Formal Refutation of the Blockchain Trilemma

The so-called blockchain trilemma asserts the impossibility of simultaneously achieving scalability, security, and decentralisation within a single blockchain protocol. In this paper, we formally refute that proposition. Employing predicate logic, formal automata theory, computational complexity...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/21 12:0 a.m.5 views

Quantum Enhanced Entropy Pool for Cryptographic Applications and Proofs

This paper investigates the integration of quantum randomness into Verifiable Random Functions VRFs using the Ed25519 elliptic curve to strengthen cryptographic security. By replacing traditional pseudorandom number generators with quantum entropy sources, we assess the impact on key security and...

7AI score
Exploits0
Veracode
Veracode
added 2025/06/17 8:38 a.m.10 views

Use Of Insufficiently Random Values

vantage6 is vulnerable to Use of Insufficiently Random Values. The vulnerability is due to insecure randomness of UUID1 for auto-generating JWT secret keys, which is partially predictable and not cryptographically secure...

7.5CVSS6.4AI score0.0033EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/06/16 12:0 a.m.9 views

TencentOS Server 3: libgcrypt (TSSA-2022:0129)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2022:0129 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

5.9CVSS6.6AI score0.01423EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2025/06/12 11:2 p.m.26 views

Vantage6 Server JWT secret not cryptographically secure

Impact The JWT secret key in the vantage6 server is auto-generated unless defined by the user. The auto-generated key is a UUID1, which is not cryptographically secure as it is predictable to some extent Patches No Workarounds You may define JWT secret key in the server configuration file...

7.5CVSS6.4AI score0.0033EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2025/06/12 6:4 p.m.9 views

CVE-2025-43866 Vantage6 Server JWT secret not cryptographically secure

vantage6 is an open-source infrastructure for privacy preserving analysis. The JWT secret key in the vantage6 server is auto-generated unless defined by the user. The auto-generated key is a UUID1, which is not cryptographically secure as it is predictable to some extent. This vulnerability is...

6.3CVSS6.9AI score0.0033EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/12 6:4 p.m.37 views

CVE-2025-43866 Vantage6 Server JWT secret not cryptographically secure

vantage6 is an open-source infrastructure for privacy preserving analysis. The JWT secret key in the vantage6 server is auto-generated unless defined by the user. The auto-generated key is a UUID1, which is not cryptographically secure as it is predictable to some extent. This vulnerability is...

6.3CVSS0.0033EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/06/12 12:0 a.m.7 views

PT-2025-25343 · Vantage6 · Vantage6

Name of the Vulnerable Software and Affected Versions: vantage6 versions prior to 4.11.0 Description: The vantage6 server has a predictable JWT secret key generation issue. The auto-generated key is a UUID1, which is not cryptographically secure as it is predictable to some extent. This issue...

6.3CVSS6.3AI score0.0033EPSS
Exploits0References9
Packet Storm News
Packet Storm News
added 2025/05/26 12:0 a.m.6 views

EarthOL: a Proof-Of-Human-Contribution Consensus Protocol -- Addressing Fundamental Challenges in Decentralized Value Assessment with Enhanced Verification and Security Mechanisms

This paper introduces EarthOL, a novel consensus protocol that attempts to replace computational waste in blockchain systems with verifiable human contributions within bounded domains. While recognizing the fundamental impossibility of universal value assessment, we propose a domain-restricted...

6.9AI score
Exploits0
OpenVAS
OpenVAS
added 2025/05/26 12:0 a.m.5 views

Fedora: Security Advisory (FEDORA-2024-7908ee39a9)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.7AI score0.00432EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 11:32 a.m.12 views

CVE-2025-21617

Guzzle OAuth Subscriber signs Guzzle requests using OAuth 1.0. Prior to 0.8.1, Nonce generation does not use sufficient entropy nor a cryptographically secure pseudorandom source. This can leave servers vulnerable to replay attacks when TLS is not used. This vulnerability is fixed in 0.8.1...

6.3CVSS6.6AI score0.00451EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:19 a.m.8 views

CVE-2013-2872

Google Chrome before 28.0.1500.71 on Mac OS X does not ensure a sufficient source of entropy for renderer processes, which might make it easier for remote attackers to defeat cryptographic protection mechanisms in third-party components via unspecified vectors...

5CVSS6.7AI score0.0093EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2025/04/30 12:0 a.m.2 views

Active Light Modulation to Counter Manipulation of Speech Visual Content

High-profile speech videos are prime targets for falsification, owing to their accessibility and influence. This work proposes Spotlight, a low-overhead and unobtrusive system for protecting live speech videos from visual falsification of speaker identity and lip and facial motion. Unlike...

6.8AI score
Exploits0
Github Security Blog
Github Security Blog
added 2025/04/26 9:31 p.m.7 views

Formidable relies on hexoid to prevent guessing of filenames for untrusted executable content

Formidable aka node-formidable 2.x before 2.1.3 and 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." Also, there is a scenario in which only the last two characters of a hexoid...

3.1CVSS3.6AI score0.0036EPSS
Exploits1References8Affected Software1
OPENSUSE Linux
OPENSUSE Linux
added 2025/04/16 12:0 a.m.11 views

Security update for perl-Data-Entropy (moderate)

openSUSE Security Update: Security update for perl-Data-Entropy Announcement ID: openSUSE-SU-2025:0123-1 Rating: moderate References: 1240395 Cross-References: CVE-2025-1860 Affected Products: openSUSE Backports SLE-15-SP6 An update that fixes one vulnerability is now available. Description: This...

7.7CVSS7.3AI score0.00179EPSS
Exploits0References1
Rows per page
Query Builder