Encrypting Files with Passkeys and age

Typage age-encryption on npm is a TypeScript1 implementation of the age file encryption format. It runs with Node.js, Deno, Bun, and browsers, and implements native age recipients, passphrase encryption, ASCII armoring, and supports custom recipient interfaces, like the Go implementation. However...

FreeBSD : liboqs -- Secret-dependent branching in HQC (aeac223e-60e1-11f0-8baa-8447094a420f)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the aeac223e-60e1-11f0-8baa-8447094a420f advisory. The OpenQuantumSafe project reports: Secret-dependent branching in HQC reference implementation when...

Security update for libgcrypt

This update for libgcrypt fixes the following issues: CVE-2024-2236: Fixed timing based side-channel in RSA implementation bsc1221107 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run t...

CVE-2025-52473 liboqs secret-dependent branching in HQC reference implementation when compiled with Clang 17-20

liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Multiple secret-dependent branches have been identified in the reference implementation of the HQC key encapsulation mechanism when it is compiled with Clang for optimization levels...

GHSA-275G-G844-73JH Matrix Rust SDK vulnerable to SQL Injection through its EventCache implementation

An SQL injection vulnerability in the EventCache::findeventwithrelations method of matrix-sdk 0.11 and 0.12 allows malicious room members to execute arbitrary SQL commands in Matrix clients that directly pass relation types provided by those room members into this method, when used with the defau...

CVE-2025-38250 Bluetooth: hci_core: Fix use-after-free in vhci_flush()

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcicore: Fix use-after-free in vhciflush syzbot reported use-after-free in vhciflush without repro. 0 From the splat, a thread closed a vhci file descriptor while its device was being used by iotcl on another thread...

MINI-R7CP-9FM8-F7G5

Bulletin has no description...

Marvell QConvergeConsole 路径遍历漏洞

Marvell QConvergeConsole is a unified adapter management software across data centers from Marvell USA. A path traversal vulnerability exists in Marvell QConvergeConsole due to an error in the QLogicDownloadImpl class. An attacker could exploit the vulnerability to delete files and disclose...

PT-2025-30877

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the TCP implementation related to the calculation of remaining space in socket buffers skb. Specifically, an incorrect signedness check during the...

CVE-2025-53366 MCP SDK Vulnerable to FastMCP Server Validation Error, Leading to Denial of Service

The MCP Python SDK, called mcp on PyPI, is a Python implementation of the Model Context Protocol MCP. Prior to version 1.9.4, a validation error in the MCP SDK can cause an unhandled exception when processing malformed requests, resulting in service unavailability 500 errors until manually...

CVE-2025-6238

The AI Engine plugin for WordPress is vulnerable to open redirect in version 2.8.4. This is due to an insecure OAuth implementation, as the 'redirecturi' parameter is missing validation during the authorization flow. This makes it possible for unauthenticated attackers to intercept the...

CVE-2025-6238 AI Engine 2.8.4 - Insecure OAuth Implementation

The AI Engine plugin for WordPress is vulnerable to open redirect in version 2.8.4. This is due to an insecure OAuth implementation, as the 'redirecturi' parameter is missing validation during the authorization flow. This makes it possible for unauthenticated attackers to intercept the...

AI Dilemma: Emerging Tech as Cyber Risk Escalates

As AI adoption accelerates, businesses face mounting cyber threats—and urgent choices about secure implementation...

Security Bulletin:Unclear documentation of the error behavior in `ParseWithClaims` affects watsonx.data

Summary golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

CVE-2025-41647

A local, low-privileged attacker can learn the password of the connected controller in PLC Designer V4 due to an incorrect implementation that results in the password being displayed in plain text under special conditions...

hosporder 注入漏洞

hosporder is a hospital appointment registration system by the individual developer Xiaohao.Shi in China. There is an injection vulnerability in hosporder, which originates from a SQL injection due to the incorrect operation of the parameter hospitalName in the file DoctorServiceImpl.java...

Why We Chose Rust For Spin

When Fermyon set out to implement Spin, the decision to use Rust wasn't just logical — it felt inevitable...

CVE-2025-2962

A denial-of-service issue in the dns implemenation could cause an infinite loop...

CVE-2025-5823 Autel MaxiCharger AC Wallbox Commercial Serial Number Exposed Dangerous Method Information Disclosure Vulnerability

Autel MaxiCharger AC Wallbox Commercial Serial Number Exposed Dangerous Method Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autel MaxiCharger AC Wallbox Commercial EV chargers. Authentication is...

[SECURITY] Fedora 41 Update: mirrorlist-server-3.0.7-7.fc41

The mirrorlist-server uses the data created by MirrorManager2 https://github.com/fedora-infra/mirrormanager2 to answer client request for the "best" mirror. This implementation of the mirrorlist-server is written in Rust. The original version of the mirrorlist-server was part of the MirrorManager...