CVE-2025-59484 AutomationDirect CLICK PLUS Use of a Broken or Risky Cryptographic Algorithm

The use of a broken or risky cryptographic algorithm was discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software uses an insecure implementation of the RSA encryption algorithm...

GO-2025-3929 Denial of service when computing scalar multiplication using fake-GLV algorithm in github.com/consensys/gnark

Denial of service when computing scalar multiplication using fake-GLV algorithm in github.com/consensys/gnark...

BMC Control-M 安全漏洞

BMC Control-M is an application from BMC, Inc. simplifies application and data workflow orchestration locally or as a service. A security vulnerability exists in BMC Control-M versions 9.0.18 through 9.0.20, which stems from the Blowfish encryption algorithm that uses a hard-coded key, and could...

PT-2025-41786

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue in the crypto/af alg module where concurrent writes to the same af alg socket can lead to data interleaving and inconsistencies in the internal socket...

ENJ: Optimizing Noise with Genetic Algorithms to Jailbreak LSMs

The widespread application of Large Speech Models LSMs has made their security risks increasingly prominent. Traditional speech adversarial attack methods face challenges in balancing effectiveness and stealth. This paper proposes Evolutionary Noise Jailbreak ENJ, which utilizes a genetic algorit...

PT-2025-37246

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The skcipher walk functions lacked necessary error checks after memory allocation, potentially leading to issues if allocation failed. This could impact the crypto subsystem on x86/aeg...

Linux Distros Unpatched Vulnerability : CVE-2025-48994

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared...

CVE-2025-55053

CVE-2025-55053 is a CWE-328 weak-hash issue. Connected sources indicate Baicells devices (NOVA430e/430i, NOVA436Q, NEUTRINO430, NOVA846) are affected, with the vulnerability stemming from weak hashing that could bypass security features. There is no explicit product/version-specific fix details i...

PT-2025-36927

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. affected versions not specified Description: The issue involves the use of a weak hash. Recommendations: At the moment, there is no information about a newer version that contains a fix for this...

FuzzRDUCC: Fuzzing with Reconstructed Def-Use Chain Coverage

Binary-only fuzzing often struggles with achieving thorough code coverage and uncovering hidden vulnerabilities due to limited insight into a program's internal dataflows. Traditional grey-box fuzzers guide test case generation primarily using control flow edge coverage, which can overlook bugs n...

zram: fix NULL pointer in comp_algorithm_show()

...

Integer overflow in the LZO algorithm variant in Oberhumer liblzo2 and lzo-2 before 2.07 on 32-bit platforms might allow remote attackers to execute arbitrary code via a crafted Literal Run.

...

The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted public key to a program that uses HTTPS client certificates or SSH server libraries.

...

A Quantum Genetic Algorithm-Enhanced Self-Supervised Intrusion Detection System for Wireless Sensor Networks in the Internet of Things

The rapid expansion of the Internet of Things IoT and Wireless Sensor Networks WSNs has significantly increased the attack surface of such systems, making them vulnerable to a wide range of cyber threats. Traditional Intrusion Detection Systems IDS often fail to meet the stringent requirements of...

CVE-2025-9828

A vulnerability was determined in Tenda CP6 11.10.00.243. The affected element is the function sub2B7D04 of the component uhttp. Executing manipulation can lead to risky cryptographic algorithm. The attack may be launched remotely. This attack is characterized by high complexity. The exploitabili...

kernel: crypto: algif_hash - fix double free in hash_accept

In the Linux kernel, the following vulnerability has been resolved: crypto: algifhash - fix double free in hashaccept If accept2 is called on socket type algifhash with MSGMORE flag set and cryptoahashimport fails, sk2 is freed. However, it is also freed in afalgrelease, leading to...

Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.

Summary Multiple vulnerabilities were addressed in IBM Concert Software version 2.0.0 Vulnerability Details CVEID:CVE-2025-33102 DESCRIPTION: IBM Concert Software uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. CWE:CWE-327:...

RHEL 8 : kernel (RHSA-2025:14742)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:14742 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: netsched: hfsc: Fix a UAF...

CVE-2025-30064

An insufficiently secured internal function allows session generation for arbitrary users. The decodeParam function checks the JWT but does not verify which signing algorithm was used. As a result, an attacker can use the "ex:action" parameter in the VerifyUserByThrustedService function to genera...

Linux Distros Unpatched Vulnerability : CVE-2024-31208

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Synapse is an open-source Matrix homeserver. A remote Matrix user with malicious intent, sharing a room with Synapse instances before 1.105.1, can dispatch...