CVE-2023-43341

Cross-site scripting XSS vulnerability in evolution evo v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected uid parameter...

CVE-2018-1000889

Logisim Evolution version 2.14.3 and earlier contains an XML External Entity XXE vulnerability in Circuit file loading functionality loadXmlFrom in src/com/cburch/logisim/file/XmlReader.java that can result in information leak, possible RCE depending on system configuration. This attack appears t...

CVE-2021-31220

SES Evolution before 2.1.0 allows modifying security policies by leveraging access of a user having read-only access to security policies...

CVE-2021-31224

SES Evolution before 2.1.0 allows duplicating an existing security policy by leveraging access of a user having read-only access to security policies...

CVE-2021-31221

SES Evolution before 2.1.0 allows deleting some parts of a security policy by leveraging access to a computer having the administration console installed...

CVE-2021-31225

SES Evolution before 2.1.0 allows deleting some resources not currently in use by any security policy by leveraging access to a computer having the administration console installed...

CVE-2020-12133

The Apros Evolution, ConsciusMap, and Furukawa provisioning systems through 2.8.1 allow remote code execution because of javax.faces.ViewState Java deserialization...

CVE-2023-43551

Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command...

PT-2026-21547

Name of the Vulnerable Software and Affected Versions evolution-data-server versions 22.04 through 25.10 Description The software contains a flaw related to insecure local cache file removal. This could allow for unauthorized access or modification of cached data. Recommendations Update to a newe...

The Quantum State Continuity Problem and Temporal Enforcement against Fork Attacks

We introduce the Quantum State Continuity Problem QSCP, a security objective orthogonal to identity authentication that captures whether a systems current execution is a legitimate continuation of a unique past execution. We show that classical and stateless quantum authentication mechanisms fail...

3 SOC Challenges You Need to Solve Before 2026

2026 will mark a pivotal shift in cybersecurity. Threat actors are moving from experimenting with AI to making it their primary weapon, using it to scale attacks, automate reconnaissance, and craft hyper-realistic social engineering campaigns. The Storm on the Horizon Global world instability,...

Evolution of Cybersecurity Subdisciplines: A Science of Science Study

The science of science is an emerging field that studies the practice of science itself. We present the first study of the cybersecurity discipline from a science of science perspective. We examine the evolution of two comparable interdisciplinary communities in cybersecurity: the Symposium on...

[SECURITY] [DLA 4375-1] webkit2gtk security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4375-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort November 20, 2025 https://wiki.debian.org/LTS -...

Debian dla-4375 : gir1.2-javascriptcoregtk-4.0 - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4375 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4375-1 [email protected]...

Inside LockBit: Technical, Behavioral, and Financial Anatomy of a Ransomware Empire

LockBit has evolved from an obscure Ransomware-as-a-Service newcomer in 2019 to the most prolific ransomware franchise of 2024. Leveraging a recently leaked MySQL dump of the gang's management panel, this study offers an end-to-end reconstruction of LockBit's technical, behavioral, and financial...

[SECURITY] [DSA 6042-1] webkit2gtk security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6042-1 [email protected] https://www.debian.org/security/ Alberto Garcia October 28, 2025 https://www.debian.org/security/faq -...

Debian dsa-6042 : gir1.2-javascriptcoregtk-4.0 - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6042 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6042-1 [email protected]...

Zero-click Dolby audio bug lets attackers run code on Android and Windows devices

Researchers from Google’s Project Zero discovered a medium-severity remote code execution RCE vulnerability that affects multiple platforms, including Android Samsung and Pixel devices and Windows. Remote code execution means an attacker could run programs on your device without your permission...

CVE-2025-54957

CVE-2025-54957 affects Dolby UDC (Unified Decoder) versions 4.5–4.13 and is triggered while processing a DD+/EMDF payload in the decoder. The root cause is an integer overflow in evo_malloc computing total_size, leading to a too-small allocation, combined with a write loop that can exceed the all...

PT-2025-42572

Name of the Vulnerable Software and Affected Versions Dolby UDC versions 4.5 through 4.13 Description An out-of-bounds write exists in the Dolby Unified Decoder UDC when processing malformed Dolby Digital Plus DD+ bitstreams. The issue occurs in the evo priv.c file during the processing of...