EUVD-2026-34055

The EmergencyWP – Dead Man's switch & legacy deliverance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This is due to missing or incorrect nonce validation on the formsettingsui settings save handler, procedural include scope functio...

CVE-2026-42303

CVE-2026-42303 affects Fides (privacy engineering platform). From version 2.75.0 up to, but not including, 2.83.2, deployments that enable both subject identity verification and duplicate privacy request detection are vulnerable to an administrator approving a privacy request whose identity was n...

Fundamental Limitations of Post-Quantum Cryptographic Architectures

Modern lattice-based cryptography, particularly the learning with errors paradigm, relies on injecting artificial noise to secure data against quantum adversaries. This study systematically examines the theoretical and physical boundaries of this noise-reliant model across four interconnected...

Directory Traversal

Overview github.com/minio/minio/cmd is an open source object storage server compatible with Amazon S3 APIs. Affected versions of this package are vulnerable to Directory Traversal via the ReadMultiple process. An attacker can access files outside the intended directory by sending a specially...

EUVD-2024-47006

The Easy Image Collage plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ajaximagecollage function in all versions up to, and including, 1.13.5. This makes it possible for authenticated attackers, with Contributor-level access and above, to...

MAL-2026-2400 Malicious code in kube-node-health (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 391555cff14c82156843bee267daf896c3e3e989b9c899ef34b12ac7e23b1c7e During import, the code download and starts remote executable that later connects to a C2 server, likely establishing a reverse tunnel. After executing the...

Recovery-Induced Erasure Attack on QKD Systems

Detector dead time is typically treated as a fixed parameter in quantum key distribution QKD security analyses. In practice, however, the effective recovery time of single-photon avalanche photodiodes SPADs depends on the incident count rate. In this work, we demonstrate that this...

CVE-2023-53968 Screen SFT DAB 600/C Firmware 1.9.3 Authentication Bypass Erase Account

Screen SFT DAB 600/C Firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers can reuse the same IP address and issue unauthorized requests to the userManager API to remove user accounts...

EUVD-2025-201584

In the Linux kernel, the following vulnerability has been resolved: fs/proc: fix uaf in procreaddirde Pde is erased from subdir rbtree through rberase, but not set the node to EMPTY, which may result in uaf access. We should use RBCLEARNODE set the erased node to EMPTY, then pdesubdirnext will...

Malicious code in react-packery-component (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9c9dbf0ac814d8ad3cdd41ff8e2cebc7bf1bef909281eb89d019a8efd626d047 The package react-packery-component was found to contain malicious code. Source: ghsa-malware...

Lexmark Printers Improper Input Validation (CVE-2019-6489)

Certain Lexmark CX, MX, X, XC, XM, XS, and 6500e devices before 2019-02-11 allow remote attackers to erase stored shortcuts. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

CVE-2025-11256

CVE-2025-11256 refers to the WordPress plugin Kognetiks Chatbot (versions ≤ 2.3.5). The vulnerability arises from a missing capability check in multiple functions, enabling unauthenticated attackers to perform data modification, upload limited safe files, and erase conversations. Wordfence notes ...

New Shuyal Stealer Targets 17 Web Browsers for Login Data and Discord Tokens

Researchers warn of Shuyal Stealer, malware that gathers browser logins, system details, and Discord tokens, then erases evidence via Telegram...

EUVD-2018-3299

Malware in sbrugna...

EUVD-2019-3356

Malware in sbrugna...

EUVD-2024-17251

Malicious code in bioql PyPI...

CVE-2025-57440

CVE-2025-57440 affects Blackmagic ATEM Mini Pro 2.7. The vulnerability is an undocumented Telnet service exposed on TCP port 9993, referred to as the “ATEM Ethernet Protocol 1.0,” which accepts unauthenticated plaintext commands for controlling streaming, recording, storage formatting, and system...

Exposing PathWiper: DCOM Abuse and Network Erasure

Exposing PathWiper: A Deep Dive into DCOM Abuse and Network Erasure With Trellix NDR By Maulik Maheta and Lishoy Mathew · August 12, 2025 Executive summary Ukraine’s national energy and telecommunications infrastructure was the primary targets of the PathWiper attack in 2025. The attack was...

Coward: toward Practical Proactive Federated Backdoor Defense Via Collision-Based Watermark

Backdoor detection is currently the mainstream defense against backdoor attacks in federated learning FL, where malicious clients upload poisoned updates that compromise the global model and undermine the reliability of FL deployments. Existing backdoor detection techniques fall into two...

Cyclic Equalizability of Words and Its Application to Card-Based Cryptography

Card-based cryptography is a research area to implement cryptographic procedures using a deck of physical cards. In recent years, it has been found to be related to finite group theory and algebraic combinatorics, and is becoming more and more closely connected to the field of mathematics. In thi...