CVE-2022-50237

A flaw was found in ed25519-dalek. The Keypair implementation allows an attacker to compute a private key by observing signatures generated with corresponding public keys. This public key signing function oracle attack does not require authentication. An unauthenticated attacker can extract the...

Duplicate Advisory: `ed25519-dalek` Double Public Key Signing Function Oracle Attack

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-w5vr-6qhr-36cc. This link is maintained to preserve external references. Original Description The ed25519-dalek crate before 2 for Rust allows a double public key signing function oracle attack. The Keypair...

Collusion Resistant DNS with Private Information Retrieval

There has been a growing interest in Internet user privacy, demonstrated by the popularity of privacy-preserving products such as Telegram and Brave, and the widespread adoption of HTTPS. The Domain Name System DNS is a key component of Internet-based communication and its privacy has been...

snow crate 安全漏洞

snow crate is a Rust implementation of the Noise Protocol Framework by the individual developer Jake McGinty. A security vulnerability exists in snow crate versions prior to 0.9.5, which stems from the use of stateful TransportState that can lead to message delivery rejection...

Beyond Perimeter Defense: Implementing Zero Trust in Federal Agencies

Learn how to address cybersecurity in this new perimeter-less world and get six steps to achieving Least Permissive Trust for federal agencies...

CVE-2025-38467

In the Linux kernel, the following vulnerability has been resolved: drm/exynos: exynos7drmdecon: add vblank check in IRQ handling If there's support for another console device such as a TTY serial, the kernel occasionally panics during boot. The panic message and a relevant snippet of the call...

CVE-2025-38388 firmware: arm_ffa: Replace mutex with rwlock to avoid sleep in atomic context

In the Linux kernel, the following vulnerability has been resolved: firmware: armffa: Replace mutex with rwlock to avoid sleep in atomic context The current use of a mutex to protect the notifier hashtable accesses can lead to issues in the atomic context. It results in the below kernel warnings:...

CVE-2025-38388 firmware: arm_ffa: Replace mutex with rwlock to avoid sleep in atomic context

In the Linux kernel, the following vulnerability has been resolved: firmware: armffa: Replace mutex with rwlock to avoid sleep in atomic context The current use of a mutex to protect the notifier hashtable accesses can lead to issues in the atomic context. It results in the below kernel warnings:...

NewStart CGSL MAIN 7.02 : qt5-qtbase Multiple Vulnerabilities (NS-SA-2025-0204)

The remote NewStart CGSL host, running version MAIN 7.02, has qt5-qtbase packages installed that are affected by multiple vulnerabilities: - An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2...

PT-2025-30797 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.16.0-rc3+ 23 Description: The Linux kernel contains a flaw in the NVME over TCP implementation related to suspicious RCU Read-Copy-Update usage within the nvme mpath add sysfs link function. This issue manifes...

BIT-NODE-2025-27209

The V8 release used in Node.js v24.0.0 has changed how string hashes are computed using rapidhash. This implementation re-introduces the HashDoS vulnerability as an attacker who can control the strings to be hashed can generate many hash collisions - an attacker can generate collisions even witho...

PT-2025-30423 · Unknown · Ai2 Playground Web Service

Name of the Vulnerable Software and Affected Versions: Ai2 playground web service versions prior to 2025-06-04 Description: The Ai2 playground web service is susceptible to an Insecure Direct Object Reference IDOR issue. This allows attackers to access sensitive information by enumerating thread...

SUSE-SU-2025:02447-1 Security update for libgcrypt

This update for libgcrypt fixes the following issues: - CVE-2024-2236: Fixed timing based side-channel in RSA implementation. bsc1221107...

Incorrect Default Permissions

Overview Affected versions of this package are vulnerable to Incorrect Default Permissions via the updateCache function in the buildimplementation.go file. An attacker can gain unauthorized access to modify critical system files by exploiting overly permissive file permissions. Remediation Upgrad...

Quantum Blockchain Survey: Foundations, Trends, and Gaps

Quantum computing poses fundamental risks to classical blockchain systems by undermining widely used cryptographic primitives. In response, two major research directions have emerged: post-quantum blockchains, which integrate quantum-resistant algorithms, and quantum blockchains, which leverage...

CVE-2025-53638 Solady lacks extcodesize validation on implementation in ERC4337Factory

Solady is software that provides Solidity snippets with APIs. Starting in version 0.0.125 and prior to version 0.1.24, when an account is deployed via a proxy, using regular Solidity to call its initialization function may result in a silent failure, if the initialization function does not return...

Manipulation Attacks by Misaligned AI: Risk Analysis and Safety Case Framework

Frontier AI systems are rapidly advancing in their capabilities to persuade, deceive, and influence human behaviour, with current models already demonstrating human-level persuasion and strategic deception in specific contexts. Humans are often the weakest link in cybersecurity systems, and a...

CVE-2025-40918

Authen::SASL::Perl::DIGESTMD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely. The cnonce client nonce is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch time may be guessed, i...

On the Consideration of Vanity Address Generation Via Identity-Based Signatures

An address is indicated as an identifier of the user on the blockchain, and is defined by a hash value of the ECDSA verification key. A vanity address is an address that embeds custom characters such as a name. To generate a vanity address, a classical try-and-error method is employed, and thus t...

Encrypting Files with Passkeys and age

Typage age-encryption on npm is a TypeScript1 implementation of the age file encryption format. It runs with Node.js, Deno, Bun, and browsers, and implements native age recipients, passphrase encryption, ASCII armoring, and supports custom recipient interfaces, like the Go implementation. However...