A Novel Post-Quantum Secure Digital Signature Scheme Based on Neural Network

Digital signatures are fundamental cryptographic primitives that ensure the authenticity and integrity of digital documents. In the post-quantum era, classical public key-based signature schemes become vulnerable to brute-force and key-recovery attacks due to the computational power of quantum...

CVE-2025-7396

In wolfSSL release 5.8.2 blinding support is turned on by default for Curve25519 in applicable builds. The blinding configure option is only for the base C implementation of Curve25519. It is not needed, or available with; ARM assembly builds, Intel assembly builds, and the small Curve25519...

Finite-Correlation-Secure Quantum Key Distribution

Correlation between different pulses is a nettlesome problem in quantum key distribution QKD. All existing solutions for this problem need to characterize the strength of the correlation, which may reduce the security of QKD to an accurate characterization. In this article, we propose a new...

CVE-2023-30993

IBM Cloud Pak for Security CP4S 1.9.0.0 through 1.9.2.0 could allow an attacker with a valid API key for one tenant to access data from another tenant's account. IBM X-Force ID: 254136...

CVE-2020-11500

Zoom Client for Meetings through 4.6.9 uses the ECB mode of AES for video and audio encryption. Within a meeting, all participants use a single 128-bit key...

CVE-2020-11719

An issue was discovered in Programi Bilanc build 007 release 014 31.01.2020 and possibly below. It relies on broken encryption with a weak and guessable static encryption key...

Jenkins Cadence vManager Plugin Stores Verisium Manager vAPI keys Unencrypted

Jenkins Cadence vManager Plugin 4.0.0-282.v5096ac2db275 and earlier stores Verisium Manager vAPI keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These API keys can be viewed by users with Item/Extended Read permission or access to the Jenkins...

PT-2025-12313 · Unknown · Berriai/Litellm

Name of the Vulnerable Software and Affected Versions: berriai/litellm version 1.52.1 Description: An issue in the proxy server.py file causes the leakage of Langfuse API keys when an error occurs while parsing team settings. This exposes sensitive information, including langfuse secret and...

CVE-2025-30197

Jenkins Zoho QEngine Plugin 1.0.29.vfacc23396502 and earlier does not mask the QEngine API Key form field, increasing the potential for attackers to observe and capture it...

CVE-2024-13454

CVE-2024-13454 affects Easy-RSA versions 3.0.5 through 3.1.7. The root cause is a weak encryption algorithm when the private CA key is created using OpenSSL 3, enabling a local attacker to more easily bruteforce the private CA key. Impact is limited to confidentiality/integrity of the CA key as i...

Mailbox Insecurity

It turns out that all cluster mailboxes in the Denver area have the same master key. So if someone robs a postal carrier, they can open any mailbox. I get that a single master key makes the whole system easier, but it's very fragile security...

MAL-2024-11052 Malicious code in mssr (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 320cac8994c25e1a950677ac5dfd7d3635f0c8b9f255058719ff9b8602063050 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

wifi: brcmfmac: cfg80211: Handle SSID based pmksa deletion

...

Gitlab -- vulnerabilities

Gitlab reports: Run pipelines on arbitrary branches An attacker can impersonate arbitrary user SSRF in Analytics Dashboard Viewing diffs of MR with conflicts can be slow HTMLi in OAuth page Deploy Keys can push changes to an archived repository Guests can disclose project templates GitLab instanc...

PT-2024-27916 · Alt Linux · Alt Linux

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The issue concerns the generation of unique keys for QR login and auto-login. Currently, the same key can be used interchangeably between the two, which is insecure. A unique key...

CVE-2024-23445 Elasticsearch Remote Cluster Search Cross Cluster API Key insufficient restrictions

It was identified that if a cross-cluster API key https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-create-cross-cluster-api-key.htmlsecurity-api-create-cross-cluster-api-key-request-body restricts search for a given index using the query or the fieldsecurity parameter, an...

CVE-2024-23451

Incorrect Authorization issue exists in the API key based security model for Remote Cluster Security, which is currently in Beta, in Elasticsearch 8.10.0 and before 8.13.0. This allows a malicious user with a valid API key for a remote cluster configured to use the new Remote Cluster Security to...

CVE-2024-23451

Summary: CVE-2024-23451 affects Elasticsearch 8.10.0 and earlier, with versions before 8.13.0 vulnerable to an incorrect API key–based authorization in Remote Cluster Security. A remote attacker with a valid API key (and using the custom transport protocol) can read arbitrary documents from a rem...

RustDesk Security Breach

RustDesk is a remote access and remote control software, mainly written in Rust, to remotely maintain computers and other devices. A security vulnerability exists in RustDesk version 1.2.3, which stems from the lack of public documentation on private key security measures...

CVE-2023-6240 Kernel: marvin vulnerability side-channel leakage in the rsa decryption operation

A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to decrypt ciphertexts or forge signatures, limiting the services that use that private key...