libcrux-ml-dsa: Signature Verification on AVX2 Platforms Mishandles Edge Case

The AVX2 implementation of ML-DSA verification incorrectly implemented the usehint function, mishandling an edge case that should lead to signature rejection. Impact An attacker could make the ML-DSA verifier accept a crafted invalid signature under a maliciously generated verification key, if th...

Signature Verification on AVX2 Platforms Mishandles Edge Case

The AVX2 implementation of ML-DSA verification incorrectly implemented the usehint function, mishandling an edge case that should lead to signature rejection. Impact An attacker could make the ML-DSA verifier accept a crafted invalid signature under a maliciously generated verification key, if th...

RUSTSEC-2026-0125 Signature Verification on AVX2 Platforms Mishandles Edge Case

The AVX2 implementation of ML-DSA verification incorrectly implemented the usehint function, mishandling an edge case that should lead to signature rejection. Impact An attacker could make the ML-DSA verifier accept a crafted invalid signature under a maliciously generated verification key, if th...

RUSTSEC-2026-0126 AVX2 Implementation Did Not Fully Reduce Intermediate Values

The AVX2 implementation of ML-DSA did not fully reduce intermediate inputs to the inverse NTT, which leads to a testable difference in panic behaviour of internal functions compared to the portable implementation. Impact We are not aware of inputs to the public key generation, signing or...

CVE-2026-24962

Cross-Site Request Forgery CSRF vulnerability in Brainstorm Force Sigmize sigmize allows Cross Site Request Forgery.This issue affects Sigmize: from n/a through = 0.0.9...

CVE-2026-24962

CVE-2026-24962 affects Brainstorm Force Sigmize (WordPress plugin) with versions n/a through 0.0.9. A Cross-Site Request Forgery (CSRF) flaw exists due to insufficient protection, enabling actions on behalf of authenticated users. PT-2026-6227 recommends upgrading to a version greater than 0.0.9....

CVE-2025-23829

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in codingkart Woo Update Variations In Cart woo-update-variations-in-cart allows Stored XSS.This issue affects Woo Update Variations In Cart: from n/a through = 0.0.9...

CVE-2025-11504 Quickcreator – AI Blog Writer 0.0.9 - 0.1.17 - Unauthenticated API Key Exposure

The Quickcreator – AI Blog Writer plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 0.0.9 to 0.1.17 through the /wp-content/plugins/quickcreator/dupasrala.txt file. This makes it possible for unauthenticated attackers to view the plugin's API key and subsequently us...

EUVD-2021-2423

Malware in sbrugna...

EUVD-2025-30253

Malicious code in bioql PyPI...

EUVD-2025-30255

Malicious code in bioql PyPI...

CVE-2025-52159

Hardcoded credentials in default configuration of PPress 0.0.9...

CVE-2025-54815

Server-side template injection SSTI vulnerability in PPress 0.0.9 allows attackers to execute arbitrary code via crafted themes...

PPress 安全漏洞

PPress is a Python-based blogging CMS system by the individual developer yandaozi. A security vulnerability exists in PPress version 0.0.9, which stems from hard-coded credentials included in the default configuration...

PPress 安全漏洞

PPress is a Python based blog CMS system by yandaozi individual developer. A security vulnerability exists in PPress version 0.0.9, which originates from server-side template injection and could lead to the execution of arbitrary code...

PPress 安全漏洞

PPress is a Python based blog CMS system by yandaozi individual developer. A security vulnerability exists in PPress version 0.0.9, which stems from a specially crafted session cookie that may result in elevated privileges...

CVE-2025-52159

Hardcoded credentials in default configuration of PPress 0.0.9...

CVE-2025-54815

Server-side template injection SSTI vulnerability in PPress 0.0.9 allows attackers to execute arbitrary code via crafted themes...

CVE-2025-54761

An issue was discovered in PPress 0.0.9 allowing attackers to gain escilated privlidges via crafted session cookie...

CVE-2025-52159

Hardcoded credentials in default configuration of PPress 0.0.9...