CVE-2025-32432 Craft CMS Allows Remote Code Execution

Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Starting from version 3.0.0-RC1 to before 3.9.15, 4.0.0-RC1 to before 4.14.15, and 5.0.0-RC1 to before 5.6.17, Craft is vulnerable to remote code execution. This is a high-impact, low-complexity...

Craft CMS Allows Remote Code Execution

Impact This is an additional fix for https://github.com/craftcms/cms/security/advisories/GHSA-4w8r-3xrw-v25g This is a high-impact, low-complexity attack vector. To mitigate the issue, users running Craft installations before the fixed versions are encouraged to update to at least that version...

CLSA-2025-1745530034 Fix CVE(s): CVE-2024-7592

SECURITY UPDATE: Quadratic complexity, resulting in excess CPU while parsing - debian/patches/CVE-2024-7592.patch: fix quadratic complexity in parsing "-quoted cookie values with backslashes - CVE-2024-7592...

CVE-2025-3850

A vulnerability, which was classified as problematic, has been found in YXJ2018 SpringBoot-Vue-OnlineExam 1.0. This issue affects some unknown processing of the component API. The manipulation leads to improper authentication. The attack may be initiated remotely. The complexity of an attack is...

CVE-2025-3850 YXJ2018 SpringBoot-Vue-OnlineExam API improper authentication

A vulnerability, which was classified as problematic, has been found in YXJ2018 SpringBoot-Vue-OnlineExam 1.0. This issue affects some unknown processing of the component API. The manipulation leads to improper authentication. The attack may be initiated remotely. The complexity of an attack is...

CVE-2025-3850 YXJ2018 SpringBoot-Vue-OnlineExam API improper authentication

A vulnerability, which was classified as problematic, has been found in YXJ2018 SpringBoot-Vue-OnlineExam 1.0. This issue affects some unknown processing of the component API. The manipulation leads to improper authentication. The attack may be initiated remotely. The complexity of an attack is...

CVE-2025-3850

CVE-2025-3850 affects YXJ2018 SpringBoot-Vue-OnlineExam 1.0. The issue is described as improper authentication within the component API processing, enabling remote exploitation with high attack complexity and reported public disclosure. Multiple connected sources reiterate the vulnerability again...

MST3 Encryption Improvement with Three-Parameter Group of Hermitian Function Field

This scholarly work presents an advanced cryptographic framework utilizing automorphism groups as the foundational structure for encryption scheme implementation. The proposed methodology employs a three-parameter group construction, distinguished by its application of logarithmic signatures...

CLSA-2025-1744874696 Fix CVE(s): CVE-2024-7592

SECURITY UPDATE: Quadratic complexity, resulting in excess CPU while parsing - debian/patches/CVE-2024-7592.patch: fix quadratic complexity in parsing "-quoted cookie values with backslashes - CVE-2024-7592...

CVE-2025-22126 md: fix mddev uaf while iterating all_mddevs list

In the Linux kernel, the following vulnerability has been resolved: md: fix mddev uaf while iterating allmddevs list While iterating allmddevs list from mdnotifyreboot and mdexit, listforeachentrysafe is used, and this can race with deletint the next mddev, causing UAF: t1: spinlock...

CVE-2025-3555

A vulnerability classified as problematic has been found in ScriptAndTools eCommerce-website-in-PHP 3.0. Affected is an unknown function of the file /login.php. The manipulation leads to improper restriction of excessive authentication attempts. It is possible to launch the attack remotely. The...

CVE-2025-3556

A vulnerability classified as problematic was found in ScriptAndTools eCommerce-website-in-PHP 3.0. Affected by this vulnerability is an unknown functionality of the file /admin/login.php. The manipulation leads to improper restriction of excessive authentication attempts. The attack can be...

The Evolution of Zero Trust Architecture (ZTA) from Concept to Implementation

Zero Trust Architecture ZTA is one of the paradigm changes in cybersecurity, from the traditional perimeter-based model to perimeterless. This article studies the core concepts of ZTA, its beginning, a few use cases and future trends. Emphasising the always verify and least privilege access, some...

Security Bulletin: A vulnerability in Ruby on Rails affects IBM License Metric Tool v9.

Summary There are vulnerabilities in the Ruby On Rails component used by IBM License Metric Tool. Vulnerability Details CVEID:CVE-2024-47887 DESCRIPTION: railsis vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in HTTP Token authentication in Action...

CLSA-2025-1744623473 python3.11: Fix of CVE-2024-7592

CVE-2024-7592: fix quadratic complexity in parsing "-quoted cookie values with backslashes...

CVE-2025-3556 ScriptAndTools eCommerce-website-in-PHP login.php excessive authentication

A vulnerability classified as problematic was found in ScriptAndTools eCommerce-website-in-PHP 3.0. Affected by this vulnerability is an unknown functionality of the file /admin/login.php. The manipulation leads to improper restriction of excessive authentication attempts. The attack can be...

CVE-2025-3555

A vulnerability classified as problematic has been found in ScriptAndTools eCommerce-website-in-PHP 3.0. Affected is an unknown function of the file /login.php. The manipulation leads to improper restriction of excessive authentication attempts. It is possible to launch the attack remotely. The...

CVE-2025-3555 ScriptAndTools eCommerce-website-in-PHP login.php excessive authentication

A vulnerability classified as problematic has been found in ScriptAndTools eCommerce-website-in-PHP 3.0. Affected is an unknown function of the file /login.php. The manipulation leads to improper restriction of excessive authentication attempts. It is possible to launch the attack remotely. The...

FlexiContracts: a Novel and Efficient Scheme for Upgrading Smart Contracts in Ethereum Blockchain

Blockchain technology has revolutionized contractual processes, enhancing efficiency and trust through smart contracts. Ethereum, as a pioneer in this domain, offers a platform for decentralized applications but is challenged by the immutability of smart contracts, which makes upgrades cumbersome...

Multi-Party Private Set Operations from Predicative Zero-Sharing

Typical protocols in the multi-party private set operations MPSO setting enable m 2 parties to perform certain secure computation on the intersection or union of their private sets, realizing a very limited range of MPSO functionalities. Most works in this field focus on just one or two specific...