2118 matches found
WAVLINK Quantum D4G (WL-WN531G3) - Information Disclosure
WAVLINK Quantum D4G WL-WN531G3 running firmware versions M31G3.V5030.201204 and M31G3.V5030.200325 has an access control issue which allows unauthenticated attackers to download configuration data and log files. id: CVE-2022-44356 info: name: WAVLINK Quantum D4G WL-WN531G3 - Information Disclosur...
Security Bulletin: IBM Quantum Safe Explorer is affected by multiple vulnerabilites
Summary The vulnerabilities were found in dependent open source libraries used within IBM Quantum Safe Explorer code base. These issues have been addressed by updating the versions of affected libraries. Vulnerability Details CVEID:CVE-2026-42033 DESCRIPTION: Axios is a promise based HTTP client...
CVE-2026-43867
The CVE concerns Apache Camel’s PQC component where AwsSecretsManagerKeyLifecycleManager.deserializeMetadata() Base64-decodes and deserializes persisted KeyMetadata via a raw java.io.ObjectInputStream.readObject() without an ObjectInputFilter or class allow-list. A user who can write to the confi...
CVE-2026-43867
Deserialization of Untrusted Data vulnerability in Apache Camel PQC Component. The camel-pqc component persists post-quantum key metadata KeyMetadata through pluggable KeyLifecycleManager implementations. AwsSecretsManagerKeyLifecycleManager.deserializeMetadata reads that metadata back from the...
PT-2026-55886
☕ Apache Camel critical alert: CVE-2026-43867 hits the camel-pqc component. Post-quantum key metadata deserialized via ObjectInputStream with zero ObjectInputFilter — unauthenticated RCE risk at CVSS 9.8. Check your Camel builds now. AppSec Apache https://t.co/iaMBNrOfI0 https://t.co/mkIJ19Sd5Y...
MINI-QVM8-9QC4-PHQ3
Bulletin has no description...
Accelerating the quantum-safe timeline
The quantum-safe timeline has changed For years, planning for post-quantum cryptography PQC was framed as a future problem: important, inevitable, but distant. That perspective is evolving as technology advances and organizations prepare for the scale and complexity of the transition ahead. At...
PostgresSQL JDBC -- Silent channel-binding authentication downgrade via unsupported certificate algorithms
PostgreSQL project reports: channelBinding=require connections can be silently downgraded from SCRAM-SHA-256-PLUS with channel binding to plain SCRAM-SHA-256 without it, losing the man-in-the-middle protection the setting is meant to guarantee. An attacker who can intercept the TLS connection...
GO-2026-5591 FileBrowser Quantum: Path traversal in public share PATCH allows file ops outside shared directory in github.com/gtsteffaniak/filebrowser/backend
FileBrowser Quantum: Path traversal in public share PATCH allows file ops outside shared directory in github.com/gtsteffaniak/filebrowser/backend...
CVE-2026-7531 Use-after-free in PQC hybrid key-share handling
Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 released in 5.9.1: a malicious TLS 1.3 server sending a truncated PQC hybrid KeyShare can still trigger the error cleanup path to operate on freed memory...
EUVD-2026-39554
Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 released in 5.9.1: a malicious TLS 1.3 server sending a truncated PQC hybrid KeyShare can still trigger the error cleanup path to operate on freed memory...
CVE-2026-7531
Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 released in 5.9.1: a malicious TLS 1.3 server sending a truncated PQC hybrid KeyShare can still trigger the error cleanup path to operate on freed memory...
CVE-2026-7531
CVE-2026-7531 describes a use-after-free in the handling of PQC hybrid key-shares for TLS 1.3. The issue occurs when a malicious server sends a truncated PQC hybrid KeyShare, which can trigger the error cleanup path to operate on freed memory. Documents consistently label this as an incomplete fi...
CVE-2026-7531
Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 released in 5.9.1: a malicious TLS 1.3 server sending a truncated PQC hybrid KeyShare can still trigger the error cleanup path to operate on freed memory...
CVE-2026-7531
Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 released in 5.9.1: a malicious TLS 1.3 server sending a truncated PQC hybrid KeyShare can still trigger the error cleanup path to operate on freed memory...
GO-2026-5089 FileBrowser Quantum: unauthenticated user share share info in github.com/gtsteffaniak/filebrowser
FileBrowser Quantum: unauthenticated user share share info in github.com/gtsteffaniak/filebrowser...
PT-2026-52577
Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 released in 5.9.1: a malicious TLS 1.3 server sending a truncated PQC hybrid KeyShare can still trigger the error cleanup path to operate on freed memory...
openssl: OpenSSL TLS 1.3 server may choose unexpected key agreement group
A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the "DEFAULT" keyword. A less preferred key exchange may be used...
CVE-2026-48777
FileBrowser Quantum is a free, self-hosted, web-based file manager. Versions prior to 1.3.2-stable, 1.4.0-beta and 1.4.1-beta are vulnerable to Path Traversal through the publicPatchHandler in backend/http/public.go which joins user-controlled fromPath and toPath body fields with the trusted...
CVE-2026-48777 FileBrowser Quantum: Path Traversal in public share PATCH allows file ops outside shared directory
FileBrowser Quantum is a free, self-hosted, web-based file manager. Versions prior to 1.3.2-stable, 1.4.0-beta and 1.4.1-beta are vulnerable to Path Traversal through the publicPatchHandler in backend/http/public.go which joins user-controlled fromPath and toPath body fields with the trusted...