PT-2025-25781

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel's MCTP implementation has been resolved. The issue occurs in the mctp dump addrinfo function when ifa index is accessed without proper initialization,...

CVE-2025-30147

Besu Native contains scripts and tooling that is used to build and package the native libraries used by the Ethereum client Hyperledger Besu. Besu 24.7.1 through 25.2.2, corresponding to besu-native versions 0.9.0 through 1.2.1, have a potential consensus bug for the precompiles ALTBN128ADD 0x06,...

CVE-2025-30147

Hyperledger Besu relies on besu-native to implement ALTBN128_ADD, ALTBN128_MUL, and ALTBN128_PAIRING precompiles. From Besu 24.7.1 through 25.2.2 (besu-native 0.9.0–1.2.1), a consensus bug could arise because the gnark-crypto bn254 implementation used for these precompiles did not perform proper ...

CVE-2025-30147 ALTBN128_ADD, ALTBN128_MUL, ALTBN128_PAIRING precompile functions do not check if points are on curve

Besu Native contains scripts and tooling that is used to build and package the native libraries used by the Ethereum client Hyperledger Besu. Besu 24.7.1 through 25.2.2, corresponding to besu-native versions 0.9.0 through 1.2.1, have a potential consensus bug for the precompiles ALTBN128ADD 0x06,...

CVE-2025-30147 ALTBN128_ADD, ALTBN128_MUL, ALTBN128_PAIRING precompile functions do not check if points are on curve

Besu Native contains scripts and tooling that is used to build and package the native libraries used by the Ethereum client Hyperledger Besu. Besu 24.7.1 through 25.2.2, corresponding to besu-native versions 0.9.0 through 1.2.1, have a potential consensus bug for the precompiles ALTBN128ADD 0x06,...

CVE-2025-30147 ALTBN128_ADD, ALTBN128_MUL, ALTBN128_PAIRING precompile functions do not check if points are on curve

Besu Native contains scripts and tooling that is used to build and package the native libraries used by the Ethereum client Hyperledger Besu. Besu 24.7.1 through 25.2.2, corresponding to besu-native versions 0.9.0 through 1.2.1, have a potential consensus bug for the precompiles ALTBN128ADD 0x06,...

Hyperledger Besu 安全漏洞

Hyperledger Besu is a Hyperledger open source application. It is used to run, maintain, debug and monitor nodes in the Ethernet network. A security vulnerability exists in Hyperledger Besu versions 24.7.1 through 25.2.2, which stems from a precompiled implementation issue that could lead to a...

PT-2025-20226 · Unknown · Smaily For Wp

Name of the Vulnerable Software and Affected Versions: Smaily for WP versions 3.1.6 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows an attacker to perform unauthorized actions on a user's account. Recommendations: For versions 3.1.6 and earlier,...

Preparing for the Post Quantum Era: Quantum Ready Architecture for Security and Risk Management (QUASAR) -- a Strategic Framework for Cybersecurity

As quantum computing progresses, traditional cryptographic systems face the threat of obsolescence due to the capabilities of quantum algorithms. This paper introduces the Quantum-Ready Architecture for Security and Risk Management QUASAR, a novel framework designed to help organizations prepare...

Node.js: HashDoS in V8

The V8 release used in Node.js v24.0.0 changed how string hashes were computed using rapidhash. This implementation reintroduced the HashDoS vulnerability, where an attacker who could control the strings to be hashed could generate many hash collisions without knowing the hash-seed...

CVE-2025-46730 Mobile Security Framework (MobSF) Allows Web Server Resource Exhaustion via ZIP of Death Attack

MobSF is a mobile application security testing tool used. Typically, MobSF is deployed on centralized internal or cloud-based servers that also host other security tools and web applications. Access to the MobSF web interface is often granted to internal security teams, audit teams, and external...

Fedora: Security Advisory (FEDORA-2025-b1804b97fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 40 : chromium (2025-b1804b97fc)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-b1804b97fc advisory. Update to 136.0.7103.59 CVE-2025-4096: Heap buffer overflow in HTML CVE-2025-4050: Out of bounds memory access in DevTools CVE-2025-4051: Insufficie...

CVE-2025-4143

The OAuth implementation in workers-oauth-provider that is part of MCP framework https://github.com/cloudflare/workers-mcp , did not correctly validate that redirecturi was on the allowed list of redirect URIs for the given client registration. Fixed in:...

CVE-2025-4144

PKCE was implemented in the OAuth implementation in workers-oauth-provider that is part of MCP framework https://github.com/cloudflare/workers-mcp . However, it was found that an attacker could cause the check to be skipped. Fixed in: https://github.com/cloudflare/workers-oauth-provider/pull/27...

[SECURITY] Fedora 41 Update: ntpd-rs-1.5.0-1.fc41

Full-featured implementation of NTP with NTS support...

[SECURITY] Fedora 40 Update: ntpd-rs-1.5.0-1.fc40

Full-featured implementation of NTP with NTS support...

Energy-Efficient NTT Sampler for Kyber Benchmarked on FPGA

Kyber is a lattice-based key encapsulation mechanism selected for standardization by the NIST Post-Quantum Cryptography PQC project. A critical component of Kyber's key generation process is the sampling of matrix elements from a uniform distribution over the ring Rq . This step is one of the mos...

Pushing passkeys forward: Microsoft’s latest updates for simpler, safer sign-ins

Happy World Passkey Day! As the world shifts from passwords to passkeys, we’re excited to join the FIDO Alliance in leaving “World Password Day” behind to celebrate the very first “World Passkey Day.” To commemorate this renaming, Microsoft and dozens of other organizations have taken the Passkey...

GHSA-VH4H-FVQF-Q9WV Duplicate Advisory: @cloudflare/workers-oauth-provider PKCE bypass via downgrade attack

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-qgp8-v765-qxx9. This link is maintained to preserve external references. Original Description PKCE was implemented in the OAuth implementation in workers-oauth-provider that is part of MCP framework...