CVE-2025-65951

Inside Track / Entropy Derby is a research-grade horse-racing betting engine. Prior to commit 2d38d2f, the VDF-based timelock encryption system fails to enforce sequential delay against the betting operator. Bettors pre-compute the entire Wesolowski VDF and include vdfOutputHex in their encrypted...

Exploit for Missing Authentication for Critical Function in Veeam Veeam_Backup_\&_Replication

CVE-2023-27532 - Veeam Backup & Replication Vulnerability...

AMD CPUs have an unspecified vulnerability

AMD CPUs are a family of CPUs from AMD. An unspecified vulnerability exists in AMD CPUs, which can be exploited by an attacker to run SEV-SNP clients with stale TLB entries, resulting in a loss of data integrity...

Linux Distros Unpatched Vulnerability : CVE-2025-0033

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper access control within AMD SEV-SNP could allow an admin privileged attacker to write to the RMP during SNP initialization, potentially resulting in a lo...

EUVD-2025-198507

A bug within some AMD CPUs could allow a local admin-privileged attacker to run a SEV-SNP guest using stale TLB entries, potentially resulting in loss of data integrity...

UBUNTU-CVE-2025-29934

A bug within some AMD CPUs could allow a local admin-privileged attacker to run a SEV-SNP guest using stale TLB entries, potentially resulting in loss of data integrity...

CVE-2025-29934

Summary: CVE-2025-29934 is associated with AMD CPUs and SEV-SNP, where an attacker with local admin privileges could abuse stale TLB entries to run a SEV-SNP guest, potentially causing data integrity loss. The vulnerability is described across multiple sources (NVD, EUVD, CNVD, OSV, Debian, Ubunt...

UBUNTU-CVE-2025-13470

In RNP version 0.18.0 a refactoring regression causes the symmetric session key used for Public-Key Encrypted Session Key PKESK packets to be left uninitialized except for zeroing, resulting in it always being an all-zero byte array. Any data encrypted using public-key encryption in this release...

CVE-2025-34337

eGovFramework/egovframe-common-components versions up to and including 4.3.1 includes Web Editor image upload and related file delivery functionality that uses symmetric encryption to protect URL parameters, but exposes an encryption oracle that allows attackers to generate valid ciphertext for...

CVE-2025-13315

Twonky Server 8.5.2 on Linux and Windows is vulnerable to an access control flaw. An unauthenticated attacker can bypass web service API authentication controls to leak a log file and read the administrator's username and encrypted password...

Security Bulletin: Astronomer with IBM is vulnerable to invalid signature verification due to the OpenPGP.js package (CVE-2025-47934)

Summary OpenPGP.js is used by Astronomer with IBM as part of OpenPGP processing functionality. Vulnerability Details CVEID:CVE-2025-47934 DESCRIPTION: OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. Startinf in version 5.0.1 and prior to versions 5.11.3 and 6.1.1, a maliciously...

TencentOS Server 4: grub2 (TSSA-2024:0889)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0889 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

CVE-2025-13315

Twonky Server 8.5.2 on Linux and Windows is vulnerable to an access control flaw. An unauthenticated attacker can bypass web service API authentication controls to leak a log file and read the administrator's username and encrypted password...

CVE-2025-13315 Unauthenticated log access in Twonky Server

Twonky Server 8.5.2 on Linux and Windows is vulnerable to an access control flaw. An unauthenticated attacker can bypass web service API authentication controls to leak a log file and read the administrator's username and encrypted password...

CVE-2025-13315 Unauthenticated log access in Twonky Server

Twonky Server 8.5.2 on Linux and Windows is vulnerable to an access control flaw. An unauthenticated attacker can bypass web service API authentication controls to leak a log file and read the administrator's username and encrypted password...

CVE-2025-13315, CVE-2025-13316: Critical Twonky Server Authentication Bypass (NOT FIXED)

Overview Twonky Server version 8.5.2 is susceptible to two vulnerabilities that facilitate administrator authentication bypass on Linux and Windows. An unauthenticated attacker can improperly access a privileged web API endpoint to leak application logs, which contain encrypted administrator...

CVE-2025-60022

Improper certificate validation vulnerability exists in 'デジラアプリ' App for iOS prior to ver.80.10.00. If this vulnerability is exploited, a man-in-the-middle attack may allow an attacker to eavesdrop on and/or tamper with an encrypted communication...

CVE-2025-60022

Improper certificate validation vulnerability exists in 'デジラアプリ' App for iOS prior to ver.80.10.00. If this vulnerability is exploited, a man-in-the-middle attack may allow an attacker to eavesdrop on and/or tamper with an encrypted communication...

HSEC-2023-0012 git-annex checksum exposure to encrypted special remotes

git-annex checksum exposure to encrypted special remotes A bug exposed the checksum of annexed files to encrypted special remotes, which are not supposed to have access to the checksum of the un-encrypted file. This only occurred when resuming uploads to the encrypted special remote, so it is...

HSEC-2023-0013 git-annex plaintext storage of embedded credentials on encrypted remotes

git-annex plaintext storage of embedded credentials on encrypted remotes git-annex had a bug in the S3 and Glacier remotes where if embedcreds=yes was set, and the remote used encryption=pubkey or encryption=hybrid, the embedded AWS credentials were stored in the Git repository in effectively...