perl: CPAN.pm does not verify TLS certificates when downloading distributions over HTTPS

A flaw was found in Perl's CPAN, which doesn't check TLS certificates when downloading content. This happens due to verifySSL missing when suing the HTTP::Tiny library during the connection. This may allow an attacker to inject into the network path and perform a Man-In-The-Middle attack, causing...

Pervasive Vulnerability Analysis and Defense for QKD-Based Quantum Private Query

Quantum Private Query QPQ based on Quantum Key Distribution QKD is among the most practically viable quantum communication protocols, with application value second only to QKD itself. However, prevalent security vulnerabilities in the post-processing stages of most existing QKD-based QPQ protocol...

[SECURITY] Fedora 42 Update: golang-github-evanw-esbuild-0.24.2-4.fc42

This is a JavaScript bundler and minifier. It packages up JavaScript and TypeScript code for distribution on the web...

[SECURITY] Fedora 43 Update: golang-github-evanw-esbuild-0.24.2-6.fc43

This is a JavaScript bundler and minifier. It packages up JavaScript and TypeScript code for distribution on the web...

Malicious code in extrazip (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f58777710463b043a0724ad1d7999807501b56667a10eced314fd036e9303fdf During initialization of the archive-support class, the package starts code from another file and downloads multi-stage malware --- Category: MALICIOUS - The...

CVE-2025-67014

Incorrect access control in DEV Systemtechnik GmbH DEV 7113 RF over Fiber Distribution System 32-0078 H.01 allows unauthenticated attackers to access an administrative endpoint...

CVE-2025-68938

A flaw was found in Gitea. An incorrect authorization allows an authenticated user with minimal privileges to delete project releases, causing a loss of availability of project assets and distribution history. Mitigation Mitigation for this issue is either not available or the currently available...

EUVD-2025-205445

Incorrect access control in DEV Systemtechnik GmbH DEV 7113 RF over Fiber Distribution System 32-0078 H.01 allows unauthenticated attackers to access an administrative endpoint...

CVE-2025-67013

The web management interface in ETL Systems Ltd DEXTRA Series ' Digital L-Band Distribution System v1.8 does not implement Cross-Site Request Forgery CSRF protection mechanisms no tokens, no Origin/Referer validation on critical configuration endpoints...

DEV 7113 RF over Fiber Distribution System 安全漏洞

The DEV 7113 RF over Fiber Distribution System is a chassis from DEV Germany that is used in telecommunications infrastructure. A security vulnerability exists in the DEV 7113 RF over Fiber Distribution System version 32-0078 H.01, which stems from improper access control and could lead to an...

PT-2025-53596

Name of the Vulnerable Software and Affected Versions DEV Systemtechnik GmbH DEV 7113 RF over Fiber Distribution System 32-0078 H.01 Description An issue exists in DEV Systemtechnik GmbH DEV 7113 RF over Fiber Distribution System 32-0078 H.01 related to access control. An unauthenticated attacker...

CVE-2025-67014

Incorrect access control in DEV Systemtechnik GmbH DEV 7113 RF over Fiber Distribution System 32-0078 H.01 allows unauthenticated attackers to access an administrative endpoint...

CVE-2025-67013

The CVE-2025-67013 entry concerns ETL Systems Ltd DEXTRA Series Digital L-Band Distribution System v1.8. The web management interface does not implement CSRF protections (no tokens, no Origin/Referer validation) on critical configuration endpoints, per Red Hat and NVD entries. Affected component:...

CVE-2025-67108

eProsima Fast-DDS v3.3 was discovered to contain improper validation for ticket revocation, resulting in insecure communications and connections...

Fast-DDS 安全漏洞

Fast-DDS is a complete DDS from eProsima Open Source. A security vulnerability exists in Fast-DDS version 3.3 that stems from an integer overflow and could lead to a denial of service attack...

CVE-2025-67111

An integer overflow in the RTPS protocol implementation of OpenDDS DDS before v3.33.0 allows attackers to cause a Denial of Service DoS via a crafted message...

CVE-2025-65865

CVE-2025-65865 concerns an integer overflow in eProsima Fast-DDS v3.3 that can lead to a Denial of Service (DoS) via crafted input. Multiple sources (Red Hat, NVD, OSV, OSV Debian/Ubuntu, CVE listing, Snyk) identify Fast-DDS 3.3 as affected. The Snyk entry specifies the vulnerable code path in Me...

Debian dsa-6089 : chromium - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6089 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6089-1 [email protected]...

Optimizing Epsilon Security Parameters in QKD

We investigate the optimization of epsilon-security parameters in quantum key distribution QKD, aiming to improve the achievable secure key rate under a fixed overall composable security level. For this purpose, we employ a continuous genetic algorithm CGA to optimize the epsilon-security...

MAD-OOD: A Deep Learning Cluster-Driven Framework for an Out-Of-Distribution Malware Detection and Classification

Out of distribution OOD detection remains a critical challenge in malware classification due to the substantial intra family variability introduced by polymorphic and metamorphic malware variants. Most existing deep learning based malware detectors rely on closed world assumptions and fail to...