[SECURITY] Fedora 42 Update: libqtxdg-4.1.0-6.fc42

QtXdg, a Qt5 implementation of XDG standards...

GHSA-2X5J-VHC8-9CWM CIRCL-Fourq: Missing and wrong validation can lead to incorrect results

Impact The CIRCL implementation of FourQ fails to validate user-supplied low-order points during Diffie-Hellman key exchange, potentially allowing attackers to force the identity point and compromise session security. Moreover, there is an incorrect point validation in ScalarMult can lead to...

CIRCL-Fourq: Missing and wrong validation can lead to incorrect results

Impact The CIRCL implementation of FourQ fails to validate user-supplied low-order points during Diffie-Hellman key exchange, potentially allowing attackers to force the identity point and compromise session security. Moreover, there is an incorrect point validation in ScalarMult can lead to...

CVE-2025-49133

Libtpms is a library that targets the integration of TPM functionality into hypervisors, primarily into Qemu. Libtpms, which is derived from the TPM 2.0 reference implementation code published by the Trusted Computing Group, is prone to a potential out of bounds OOB read vulnerability. The...

NewStart CGSL MAIN 7.02 : wpa_supplicant Vulnerability (NS-SA-2025-0087)

The remote NewStart CGSL host, running version MAIN 7.02, has wpasupplicant packages installed that are affected by a vulnerability: - The implementation of PEAP in wpasupplicant through 2.10 allows authentication bypass. For a successful attack, wpasupplicant must be configured to not verify the...

Secure Distributed Learning for CAVs: Defending against Gradient Leakage with Leveled Homomorphic Encryption

Federated Learning FL enables collaborative model training across distributed clients without sharing raw data, making it a promising approach for privacy-preserving machine learning in domains like Connected and Autonomous Vehicles CAVs. However, recent studies have shown that exchanged model...

What Really Is a Member? Discrediting Membership Inference Via Poisoning

Membership inference tests aim to determine whether a particular data point was included in a language model's training set. However, recent works have shown that such tests often fail under the strict definition of membership based on exact matching, and have suggested relaxing this definition t...

PT-2025-23819 · Cisco · Cisco Nexus Dashboard Fabric Controller

Name of the Vulnerable Software and Affected Versions: Cisco Nexus Dashboard Fabric Controller NDFC versions prior to 12.2.3 Description: A vulnerability exists in the SSH implementation of Cisco Nexus Dashboard Fabric Controller NDFC due to insufficient SSH host key validation. This allows an...

GO-2025-3722 Fabio allows HTTP clients to manipulate custom headers it adds in github.com/fabiolb/fabio

Fabio allows HTTP clients to manipulate custom headers it adds in github.com/fabiolb/fabio...

Security Bulletin: IBM Maximo Application Suite - Manage Component uses elliptic-6.5.4.tgz (Publicly disclosed vulnerability found by Mend)

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses elliptic-6.5.4.tgz Publicly disclosed vulnerability found by Mend. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-48948 DESCRIPTION: The Elliptic...

CVE-2025-48994 SignXML's signature verification with HMAC is vulnerable to an algorithm confusion attack

SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set signxml.XMLVerifier.verifyrequirex509=False, hmackey=..., versions of SignXML prior to 4.0.4 are vulnerable to a potential...

CVE-2025-48994

SignXML (Python) prior to 4.0.4 is vulnerable to an algorithm confusion attack when verifying signatures with require_x509=False and hmac_key is set, allowing an attacker to forge a signature under a different algorithm if the expected signature algorithms are not restricted (verify(expect_config...

CVE-2025-29785

quic-go is an implementation of the QUIC protocol in Go. The loss recovery logic for path probe packets that was added in the v0.50.0 release can be used to trigger a nil-pointer dereference by a malicious QUIC client. In order to do so, the attacker first sends valid QUIC packets from different...

Chromium: CVE-2025-5067 Inappropriate implementation in Tab Strip

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2025-5065 Inappropriate implementation in FileSystemAccess API

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

MINI-G235-733J-7RW6

Bulletin has no description...

KLA84553 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Implementation vulnerability in FileSystemAccess API can be exploited to cause denial of...

A Tertiary Review on Quantum Cryptography

Quantum computers impose an immense threat to system security. As a countermeasure, new cryptographic classes have been created to prevent these attacks. Technologies such as post-quantum cryptography and quantum cryptography. Quantum cryptography uses the principle of quantum physics to produce...

CVE-2025-5281

Inappropriate implementation in BFCache in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially obtain user information via a crafted HTML page. Chromium security severity: Medium...

PT-2025-22967 · Fortinet · Fortinet Ssl/Tls Implementation

Name of the Vulnerable Software and Affected Versions: Fortinet SSL/TLS Implementation affected versions not specified Description: The issue concerns a vulnerability in the SSL/TLS implementation. No specific details about the nature of the vulnerability, affected devices, or real-world incident...