DRUPAL-CONTRIB-2025-125

This module provides a centralized content distribution and syndication solution so thta customers can publish, reuse, and syndicate content across a network of Drupal websites. The module doesn't sufficiently protect export routes from cross-site request forgery CSRF attacks, potentially allowin...

Pattern Based Quantum Key Distribution Using the Five Qubit Perfect Code for Eavesdropper Detection

I propose a new quantum key distribution protocol that uses the five qubit error correction code to detect the presence of eavesdropper reliably. The protocol turns any information theoretical attacks into a classical guess about the pattern. The logical qubit is encoded with a specific pattern...

Acquia Content Hub - Moderately critical - Cross-Site Request Forgery - SA-CONTRIB-2025-125

This module provides a centralized content distribution and syndication solution so thta customers can publish, reuse, and syndicate content across a network of Drupal websites. The module doesn't sufficiently protect export routes from cross-site request forgery CSRF attacks, potentially allowin...

[SECURITY] [DSA 6073-1] ffmpeg security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6073-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 07, 2025 https://www.debian.org/security/faq -...

[SECURITY] Fedora 41 Update: python-kdcproxy-1.1.0-1.fc41

This package contains a Python WSGI module for proxying KDC requests over HTTP by following the MS-KKDCP protocol. It aims to be simple to deploy, with minimal configuration...

Frequency-Matching Quantum Key Distribution

Quantum key distribution QKD enables information-theoretically secure communication against eavesdropping. However, phase instability remains a challenge across many QKD applications, particularly in schemes such as twin-field QKD and measurement-device-independent QKD. The most dominant source o...

Adversarial Limits of Quantum Certification: When Eve Defeats Detection

Security of quantum key distribution QKD relies on certifying that observed correlations arise from genuine quantum entanglement rather than eavesdropper manipulation. Theoretical security proofs assume idealized conditions, practical certification must contend with adaptive adversaries who...

An Introductory Review of the Theory of Continuous-Variable Quantum Key Distribution: Fundamentals, Protocols, and Security

Continuous-variable quantum key distribution CV-QKD has emerged as a promising approach for secure quantum communication, offering advantages such as high key generation rates, compatibility with standard telecommunication infrastructure, and potential for integration on photonic chips. This revi...

North Korean Hackers Deploy 197 npm Packages to Spread Updated OtterCookie Malware

The North Korean threat actors behind the Contagious Interview campaign have continued to flood the npm registry with 197 more malicious packages since last month. According to Socket, these packages have been downloaded over 31,000 times, and are designed to deliver a variant of OtterCookie that...

Use of Cache Containing Sensitive Information

Overview tutor is a The Docker-based Open edX distribution designed for peace of mind Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information due to the absence of proper cache-control HTTP headers and insufficient client-side session validation. An...

Malicious code in @productdevbook/auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 884cad7d1d5eb715a5945ab44c4acd884887a533f4c4334d0d88ccad9a7dd618 The package @productdevbook/auth was found to contain malicious code. Source: google-open-source-security...

Quantum Key Distribution: Bridging Theoretical Security Proofs, Practical Attacks, and Error Correction for Quantum-Augmented Networks

Quantum Key Distribution QKD is revolutionizing cryptography by promising information-theoretic security through the immutable laws of quantum mechanics. Yet, the challenge of transforming these idealized security models into practical, resilient systems remains a pressing issue, especially as...

TencentOS Server 3: krb5 (TSSA-2022:0206)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0206 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

CVE-2025-12535

CVE-2025-12535 (SureForms

CVE-2025-12535 SureForms <= 1.13.1 - Cross-Site Request Forgery Protection Bypass via Improper Nonce Distribution

The SureForms plugin for WordPress is vulnerable to Cross-Site Request Forgery Bypass in all versions up to, and including, 1.13.1. This is due to the plugin distributing generic WordPress REST API nonces wprest to unauthenticated users via the 'wpajaxnoprivrest-nonce' action. While the plugin...

CVE-2025-12535 SureForms <= 1.13.1 - Cross-Site Request Forgery Protection Bypass via Improper Nonce Distribution

The SureForms plugin for WordPress is vulnerable to Cross-Site Request Forgery Bypass in all versions up to, and including, 1.13.1. This is due to the plugin distributing generic WordPress REST API nonces wprest to unauthenticated users via the 'wpajaxnoprivrest-nonce' action. While the plugin...

CVE-2025-12842

The Booking Plugin for WordPress Appointments – Time Slot plugin for WordPress is vulnerable to unauthorized email sending in versions up to, and including, 1.4.7 due to missing validation on the tslotapptemail AJAX action. This makes it possible for unauthenticated attackers to send appointment...

WordPress SureForms plugin <= 1.13.1 - Cross-Site Request Forgery Protection Bypass via Improper Nonce Distribution vulnerability

Cross-Site Request Forgery Protection Bypass via Improper Nonce Distribution vulnerability discovered by type5afe in WordPress Plugin SureForms versions = 1.13.1...

cloud.piranha.dist:piranha-dist-micro (>=24.11.0 <=25.1.0), cloud.piranha.dist:piranha-dist-platform (>=24.11.0 <=25.1.0) +155 more potentially affected by CVE-2025-12383 via org.glassfish.jersey.core:jersey-client (=4.0.0-M1)

org.glassfish.jersey.core:jersey-client MAVEN version =4.0.0-M1 is affected by a known vulnerability. The following packages have a transitive dependency on org.glassfish.jersey.core:jersey-client and may be impacted: - cloud.piranha.dist:piranha-dist-micro =24.11.0, =24.11.0, =24.11.0, =24.11.0,...

Resilient Distribution Network Planning against Dynamic Malicious Power Injection Attacks

Active distribution networks facilitating bidirectional power exchange with renewable energy resources are susceptible to cyberattacks due to integration of a diverse array of cyber components. This study introduces a grid-level defense strategy aimed at enhancing attack resiliency based on...