109 matches found
Tp-Link Archer AX53 v1.0 configuration restore crt.sed vulnerability
Talos Vulnerability Report TALOS-2025-2304 Tp-Link Archer AX53 v1.0 configuration restore crt.sed vulnerability May 7, 2026 CVE Number CVE-2026-30816 SUMMARY An external config control vulnerability exists in the Openvpn configuration restore crt.sed functionality of Tp-Link Archer AX53 v1.0 1.3....
CVE-2026-39364 Vite has a `server.fs.deny` bypass with queries
Vite is a frontend tooling framework for JavaScript. From 7.1.0 to before 7.3.2 and 8.0.5, on the Vite dev server, files that should be blocked by server.fs.deny e.g., .env, .crt can be retrieved with HTTP 200 responses when query parameters such as ?raw, ?import&raw, or ?import&url&inline are...
CVE-2026-23039
The CVE-2026-23039 issue affects the Linux kernel DRM Gud (drm/gud) code path. On USB disconnect, drm_atomic_helper_disable_all() clears plane fb and crtc by setting them to NULL before a commit, which can trigger a kernel oops. The fix implements guards to prevent NULL dereferences when accessin...
EUVD-2026-3726
Malicious code in aws-crt-nodejs npm...
Malicious code in aws-crt-nodejs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 82067e17b63298c1e09a6b616010b7a8ebf7f607510795f98428f8e5305994ab The package aws-crt-nodejs was found to contain malicious code. Source: ghsa-malware 40ddba391f5ca6a4fa75fe5e5440dfd1f57833b391d8db3c2e5918aef284a294...
MAL-2026-406 Malicious code in aws-crt-nodejs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 82067e17b63298c1e09a6b616010b7a8ebf7f607510795f98428f8e5305994ab The package aws-crt-nodejs was found to contain malicious code. Source: ghsa-malware 40ddba391f5ca6a4fa75fe5e5440dfd1f57833b391d8db3c2e5918aef284a294...
Post-Quantum Secure Aggregation Via Code-Based Homomorphic Encryption
Secure aggregation enables aggregation of inputs from multiple parties without revealing individual contributions to the server or other clients. Existing post-quantum approaches based on homomorphic encryption offer practical efficiency but predominantly rely on lattice-based hardness assumption...
JLSEC-2025-232 Side channel in RSA key generation and operations (SSBleed, M-Step)
Vulnerability Mbed TLS's modular inversion routine and GCD routine are vulnerable to local timing attacks in a number of settings discussed below. These functions are used in RSA, making the following operations vulnerable in all configurations: - RSA key generation with any API mbedtlsrsagenkey...
TencentOS Server 4: golang (TSSA-2025:0328)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0328 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
EUVD-2016-7772
Malware in sbrugna...
EUVD-2025-3033
Malicious code in bioql PyPI...
EUVD-2025-29607
Malicious code in bioql PyPI...
EUVD-2021-7388
Malicious code in bioql PyPI...
EUVD-2023-42871
Malicious code in bioql PyPI...
Malicious code in @zalastax/nolb-crt (npm)
The package @zalastax/nolb-crt was found to contain malicious code...
MAL-2025-43175 Malicious code in @zalastax/nolb-crt (npm)
The package @zalastax/nolb-crt was found to contain malicious code...
CVE-2023-39125
NTSC-CRT 2.2.1 has an integer overflow and out-of-bounds write in loadBMP in bmprw.c because a file's width, height, and BPP are not validated. NOTE: the vendor's perspective is "this main application was not intended to be a well tested program, it's just something to demonstrate it works and fo...
CVE-2021-1924
Information disclosure through timing and power side-channels during mod exponentiation for RSA-CRT in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice &...
BIT-GOLANG-2025-22865
Using ParsePKCS1PrivateKey to parse a RSA key that is missing the CRT values would panic when verifying that the key is well formed...
DEBIAN-CVE-2025-22865
Using ParsePKCS1PrivateKey to parse a RSA key that is missing the CRT values would panic when verifying that the key is well formed...