CVE-2021-1410

A vulnerability in the distribution list feature of Cisco Webex Meetings could allow an authenticated, remote attacker to modify a distribution list that belongs to another user of their organization. The vulnerability is due to insufficient authorization enforcement for requests to update...

CVE-2021-26251

Improper input validation in the IntelR Distribution of OpenVINOTM Toolkit may allow an authenticated user to potentially enable denial of service via network access...

CVE-2020-11967

In IQrouter through 3.3.1, remote attackers can control the device restart network, reboot, upgrade, reset because of Incorrect Access Control. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration which has a...

CVE-2024-12093

An issue has been discovered in GitLab CE/EE affecting all versions from 11.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Improper XPath validation allows modified SAML response to bypass 2FA requirement under specialized conditions...

CVE-2019-15136

The Access Control plugin in eProsima Fast RTPS through 1.9.0 does not check partition permissions from remote participant connections, which can lead to policy bypass for a secure Data Distribution Service DDS partition...

CVE-2019-15137

The Access Control plugin in eProsima Fast RTPS through 1.9.0 allows fnmatch pattern matches with topic name strings instead of the permission expressions themselves, which can lead to unintended connections between participants in a Data Distribution Service DDS network...

CVE-2019-14810

A vulnerability has been found in the implementation of the Label Distribution Protocol LDP protocol in EOS. Under race conditions, the LDP agent can establish an LDP session with a malicious peer potentially allowing the possibility of a Denial of Service DoS attack on route updates and in turn...

Verifying Differentially Private Median Estimation

Differential Privacy DP is a robust privacy guarantee that is widely employed in private data analysis today, finding broad application in domains such as statistical query release and machine learning. However, DP achieves privacy by introducing noise into data or query answers, which malicious...

EC-LDA : Label Distribution Inference Attack against Federated Graph Learning with Embedding Compression

Graph Neural Networks GNNs have been widely used for graph analysis. Federated Graph Learning FGL is an emerging learning framework to collaboratively train graph data from various clients. However, since clients are required to upload model parameters to the server in each round, this provides t...

Mitigating Cyber Risk in the Age of Open-Weight LLMs: Policy Gaps and Technical Realities

Open-weight general-purpose AI GPAI models offer significant benefits but also introduce substantial cybersecurity risks, as demonstrated by the offensive capabilities of models like DeepSeek-R1 in evaluations such as MITRE's OCCULT. These publicly available models empower a wider range of actors...

The vulnerability of the Git-based software platform for collaborative code development on GitLab, related to unlimited resource distribution, allows a hacker to cause a service failure.

The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to the unlimited distribution of resources. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures...

openssl: X.400 address type confusion in X.509 GeneralName

A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled for example, the application sets the X509VFLAGCRLCHECK flag, this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call,...

Network-Wide Quantum Key Distribution with Onion Routing Relay (Conference Version)

The advancement of quantum computing threatens classical cryptographic methods, necessitating the development of secure quantum key distribution QKD solutions for QKD Networks QKDN. In this paper, a novel key distribution protocol, Onion Routing Relay ORR, that integrates onion routing OR with...

Network-Wide Quantum Key Distribution with Onion Routing Relay

The advancement of quantum computing threatens classical cryptographic methods, necessitating the development of secure quantum key distribution QKD solutions for QKD Networks QKDN. In this paper, a novel key distribution protocol, Onion Routing Relay ORR, that integrates onion routing OR with...

GO-2025-3687 Babylon Integer Overflow in Distribution Module CumulativeRewardRatio Calculation Leading to Chain Halt in github.com/babylonlabs-io/babylon

Babylon Integer Overflow in Distribution Module CumulativeRewardRatio Calculation Leading to Chain Halt in github.com/babylonlabs-io/babylon...

Babylon Integer Overflow in Distribution Module CumulativeRewardRatio Calculation Leading to Chain Halt

Summary Minting large amount of tokens through ibc transfer and then depositing them in validator rewards pool via DepositValidatorRewardsPool message can lead to integer overflow panic when calculating cumulativerewardratio for the validator. This calculation happens in x/epoching module...

Defending the Edge: Representative-Attention for Mitigating Backdoor Attacks in Federated Learning

Federated learning FL enhances privacy and reduces communication cost for resource-constrained edge clients by supporting distributed model training at the edge. However, the heterogeneous nature of such devices produces diverse, non-independent, and identically distributed non-IID data, making t...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection through the improper handling of gas limits in precompile executions. An attacker can manipulate the state of the blockchain by causing certain functions to execute with insufficient gas, leading to incomplete...

org.apache.iotdb:client-example (>=2.0.1-beta <=2.0.2-1), org.apache.iotdb:customize-mqtt-example (=2.0.1-beta) +8 more potentially affected by CVE-2025-26864 via org.apache.iotdb:node-commons (>=2.0.1-beta <=2.0.2-1)

org.apache.iotdb:node-commons MAVEN version =2.0.1-beta, =2.0.1-beta, =2.0.1-beta, =2.0.2-1 - org.apache.iotdb:iotdb-distribution =2.0.1-beta - org.apache.iotdb:iotdb-server =2.0.1-beta - org.apache.iotdb:pipe-count-point-processor-example =2.0.1-beta - org.apache.iotdb:trigger-example =2.0.1-bet...

Alibaba Cloud Linux 3 : 0068: krb5 (ALINUX3-SA-2021:0068)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2021:0068 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2021-36222: ecverify in...