OreaHax-Framework

OreaHax-Framework ╔════════════════════════════════════...

PT-2026-26340

Name of the Vulnerable Software and Affected Versions wolfSSL version 5.8.4 Description The software contains a flaw in the constant-time masking logic within the sp 256 get entry 256 9 function. When compiled with GCC targeting RISC-V RV32I using the -O3 optimization flag, the logic is altered...

From Consensus to Chaos: A Vulnerability Assessment of the RAFT Algorithm

In recent decades, the RAFT distributed consensus algorithm has become a main pillar of the distributed systems ecosystem, ensuring data consistency and fault tolerance across multiple nodes. Although the fact that RAFT is well known for its simplicity, reliability, and efficiency, its security...

PT-2026-27729

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the kernel’s ksmbd component related to Message Authentication Code MAC comparisons. The issue stems from the use of memcmp for MAC comparisons, which is susceptible to...

Rectifying Adversarial Examples Using Their Vulnerabilities

Deep neural network-based classifiers are prone to errors when processing adversarial examples AEs. AEs are minimally perturbed input data undetectable to humans posing significant risks to security-dependent applications. Hence, extensive research has been undertaken to develop defense mechanism...

The Quantum State Continuity Problem and Temporal Enforcement against Fork Attacks

We introduce the Quantum State Continuity Problem QSCP, a security objective orthogonal to identity authentication that captures whether a systems current execution is a legitimate continuation of a unique past execution. We show that classical and stateless quantum authentication mechanisms fail...

SourceBroken: A Large-Scale Analysis on the (Un)Reliability of SourceRank in the PyPI Ecosystem

SourceRank is a scoring system made of 18 metrics that assess the popularity and quality of open-source packages. Despite being used in several recent studies, none has thoroughly analyzed its reliability against evasion attacks aimed at inflating the score of malicious packages, thereby...

PT-2025-53852

Name of the Vulnerable Software and Affected Versions ISOinsight versions affected versions not specified Description ISOinsight, developed by NetVision Information, exhibits a Reflected Cross-site Scripting issue. This allows attackers who do not need to be logged in to execute arbitrary...

CLSA-2025-1767001153 pam: Fix of CVE-2025-8941

CVE-2025-8941: fix additiinally potential privilege escalationvia multiple symlink attacks and race conditions...

Practical Quantum Teleportation with Finite-Energy Codebooks

Quantum communication exploits non-classical correlations to achieve efficient and unconditionally secure exchange of information. In particular, the quantum teleportation protocol allows for a deterministic and secure transfer of unknown quantum states by using pre-shared quantum entanglement an...

OpenCart 竞争条件问题漏洞

OpenCart is an open source e-commerce system by the OpenCart team in China. The system provides modules for product reviews, product ratings, and product additions. A competitive conditions issue vulnerability exists in OpenCart 4.1.0.3 and prior versions, which stems from competitive conditions...

CVE-2025-68927 Improper Neutralization of HTML Tags in a Web Page in libredesk

Libredesk is a self-hosted customer support desk. Prior to version 0.8.6-beta, LibreDesk is vulnerable to stored HTML injection in the contact notes feature. When adding notes via POST /api/v1/contacts/id/notes, the backend automatically wraps user input in tags. However, by intercepting the...

CVE-2025-68927

Libredesk prior to version 0.8.6-beta is vulnerable to stored HTML injection in the contact notes feature. Notes added via POST /api/v1/contacts/{id}/notes are wrapped in tags; removing the wrapper in transit allows attackers to inject arbitrary HTML (e.g., forms, images) that is stored and rend...

When the Base Station Flies: Rethinking Security for UAV-Based 6G Networks

The integration of non-terrestrial networks NTNs into 6G systems is crucial for achieving seamless global coverage, particularly in underserved and disaster-prone regions. Among NTN platforms, unmanned aerial vehicles UAVs are especially promising due to their rapid deployability. However, this...

Microsoft Edge (Chromium-based) Spoofing Vulnerability (CNVD-2026-00010)

Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. A spoofing vulnerability exists in Microsoft Edge Chromium-based, which can be exploited by attackers to perform spoofing attacks...

Anviz AIM CrossChex Standard 安全漏洞

Anviz AIM CrossChex Standard is a time and attendance and access control management software from Anviz Corporation. A security vulnerability exists in Anviz AIM CrossChex Standard version 4.3.6.0, which stems from a user import field that can be used to insert malicious formulas, potentially...

Denmark Accuses Russia of Conducting Two Cyberattacks

News: The Danish Defence Intelligence Service DDIS announced on Thursday that Moscow was behind a cyber-attack on a Danish water utility in 2024 and a series of distributed denial-of-service DDoS attacks on Danish websites in the lead-up to the municipal and regional council elections in November...

Failure Analysis of Safety Controllers in Autonomous Vehicles under Object-Based LiDAR Attacks

Autonomous vehicles rely on LiDAR based perception to support safety critical control functions such as adaptive cruise control and automatic emergency braking. While previous research has shown that LiDAR perception can be manipulated through object based spoofing and injection attacks, the impa...

PT-2025-52861

Name of the Vulnerable Software and Affected Versions Online Farm System version 1.0 Description A flaw exists in Online Farm System 1.0 that allows for SQL injection. The issue is located in the /addProduct.php file, specifically through manipulation of the Username argument. This allows for...

Odysseus: Jailbreaking Commercial Multimodal LLM-Integrated Systems Via Dual Steganography

By integrating language understanding with perceptual modalities such as images, multimodal large language models MLLMs constitute a critical substrate for modern AI systems, particularly intelligent agents operating in open and interactive environments. However, their increasing accessibility al...