962 matches found
Important: Red Hat Security Advisory: nodejs22 security, bug fix, and enhancement update
An update for nodejs22 is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
ALSA-2026:35891 Important: nodejs:24 security, bug fix, and enhancement update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input CVE-2026-42338 undici: undici: Denial of Service due to...
CVE-2026-53908
creationtimestamp| type| source ---|---|--- 2026-07-01 13:45:15+00:00| seen| https://cert.pl/en/posts/2026/07/CVE-2026-53902 2026-07-01 15:22:29+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mplt3afj6f2d...
CVE-2026-53238
creationtimestamp| type| source ---|---|--- 2026-07-01 02:43:48+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0812 2026-07-06 06:51:27+00:00| seen| https://www.hkcert.org/security-bulletin/debian-linux-kernel-multiple-vulnerabilities20260706...
CVE-2026-35098
creationtimestamp| type| source ---|---|--- 2026-07-01 02:37:43+00:00| seen| https://cert.pl/en/posts/2026/06/CVE-2026-35095...
On-Chip Quantum Randomness Amplification
Randomness amplification, the task of extracting uniform private bits from biased seeds that may be partly known by a malicious third party, is of central importance in cryptography. The highest security in this task is provided by a class of quantum protocols known as device-independent, which...
CVE-2026-42769 Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate
Issue Summary: An error in the callback used to verify the certificate provided in a Root CA key update Certificate Management Protocol CMP message response rendered the certificate validation ineffectual, which could lead to escalation of credentials from the Registration Authority RA level to t...
CVE-2026-42769
Summary: CVE-2026-42769 arises from an error in the CMP Root CA key rollover verification in OpenSSL. A typo in the certificate chain building code caused the verifier to add the wrong certificate ("newWithOld" instead of the intended "oldRoot") to the chain, rendering the verification ineffectiv...
PT-2026-47839
Name of the Vulnerable Software and Affected Versions OpenSSL affected versions not specified Description An error in the callback used to verify certificates during a Root CA key update in the Certificate Management Protocol CMP renders certificate validation ineffectual. Specifically, a typo in...
Microsoft Windows Attestation 输入验证错误漏洞
Microsoft Windows Attestation is an open-source device certification service based on TPM hardware trust roots, developed by Microsoft in the United States. Microsoft Windows Attestation has a security vulnerability that stems from a violation of trust boundaries, which may allow authorized...
CVE-2026-8938
The auto making JSON-LD plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the amJLcertification function. This makes it possible for unauthenticated attackers to update the plugin's...
eCPPT-Penetration-Testing-Reports
eCPPT Penetration Testing Reports Penetration testing lab rep...
WordPress plugin auto making JSON-LD 跨站请求伪造漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
WordPress auto making JSON-LD plugin <= 4.5.3 - Cross-Site Request Forgery to Plugin Certification Settings vulnerability
Cross-Site Request Forgery to Plugin Certification Settings vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin auto making JSON-LD versions = 4.5.3...
Encrypted Neural Networks without Overflows
Fully homomorphic encryption FHE enables private inference by evaluating neural networks on encrypted data. In this way, we can delegate the computation to a third party server without ever revealing the user's data. Currently, the CKKS scheme is the backbone of most efficient FHE implementations...
Numerical Security Analysis for Practical Quantum Key Distribution
Quantum key distribution QKD promises information-theoretic security based on quantum mechanics and idealized device models. Practical implementations, however, deviate from these models due to unavoidable device imperfections, and existing security proofs fall short of capturing the complexity o...
Dell ECS 安全漏洞
Dell ECS is an enterprise-level object storage solution from the American company Dell. Versions 3.8.1.0 to 3.8.1.7 of Dell ECS, as well as versions prior to 4.3.0.0 of Dell ObjectScale, have security vulnerabilities. These vulnerabilities stem from a certification bypass in Geo replication, whic...
CVE-2025-13480
creationtimestamp| type| source ---|---|--- 2026-04-20 02:55:00+00:00| seen| https://cert.pl/en/posts/2026/04/CVE-2025-13480 2026-04-20 11:39:05+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjwezimq2l2e...
Description of the security update for SharePoint Server Subscription Edition: April 14, 2026 (KB5002853)
None None...
CVE-2025-13822
creationtimestamp| type| source ---|---|--- 2026-04-14 03:55:00+00:00| seen| https://cert.pl/en/posts/2026/04/CVE-2025-13822 2026-04-15 09:42:12+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116408066492828654...