PT-2025-49690

In the Linux kernel, the following vulnerability has been resolved: hwrng: geode - Fix PCI device refcount leak for each pci dev is implemented by pci get device. The comment of pci get device says that it will increase the reference count for the returned pci dev and also decrease the reference...

Amazon Linux 2023 : amd-ucode-firmware, iwl100-firmware, iwl105-firmware (ALAS2023-2025-1307)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1307 advisory. Improper isolation of shared resources on a system on a chip by a malicious local attacker with high privileges could potentially lead to a partial loss of integrity. CVE-2025-54514 Improper...

Fiber Utils 安全特征问题漏洞

Fiber Utils is a general-purpose function library in the Fiber open source. A security feature issue vulnerability exists in Fiber Utils 2.0.0-rc.3 and earlier versions, which stems from the return of a predictable UUID on failure of the random number generator, which could lead to compromised...

GHSA-M98W-CQP3-QCQR Fiber Utils UUIDv4 and UUID Silent Fallback to Predictable Values

Summary Critical security vulnerabilities exist in both the UUIDv4 and UUID functions of the github.com/gofiber/utils package. When the system's cryptographic random number generator crypto/rand fails, both functions silently fall back to returning predictable UUID values, the zero UUID...

Fiber Utils UUIDv4 and UUID Silent Fallback to Predictable Values

Summary Critical security vulnerabilities exist in both the UUIDv4 and UUID functions of the github.com/gofiber/utils package. When the system's cryptographic random number generator crypto/rand fails, both functions silently fall back to returning predictable UUID values, the zero UUID...

XenServer Security Update for CVE-2025-62626

Severity: Medium Description of Problem A hardware issue has been identified in AMD Zen 5 CPU devices that may cause those CPUs to return a value of zero more frequently than statistically expected when asked to generate a random value. This may compromise e.g. cryptographic keys that are generat...

ALTCHA 安全漏洞

ALTCHA is a self-hosted CAPTCHA software from ALTCHA Open Source. A security vulnerability exists in ALTCHA that stems from a cryptanalysis flaw that could lead to the recovery of random numbers through mathematical derivation...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a double-released GPIO device that could lead to random failures...

Important: linux-firmware

Issue Overview: Improper isolation of shared resources on a system on a chip by a malicious local attacker with high privileges could potentially lead to a partial loss of integrity. CVE-2025-54514 Improper handling of insufficient entropy in the AMD CPUs could allow a local attacker to influence...

A Comprehensive Study of Supervised Machine Learning Models for Zero-Day Attack Detection: Analyzing Performance on Imbalanced Data

Among the various types of cyberattacks, identifying zero-day attacks is problematic because they are unknown to security systems as their pattern and characteristics do not match known blacklisted attacks. There are many Machine Learning ML models designed to analyze and detect network attacks,...

Smart Surveillance: Identifying IoT Device Behaviours Using ML-Powered Traffic Analysis

The proliferation of Internet of Things IoT devices has grown exponentially in recent years, introducing significant security challenges. Accurate identification of the types of IoT devices and their associated actions through network traffic analysis is essential to mitigate potential threats. B...

CVE-2025-66558 Nextcloud Twofactor WebAuthn app was updated based on public key

Nextcloud Twofactor WebAuthn is the WebAuthn Two-Factor Provider for Nextcloud. Prior to 1.4.2 and 2.4.1, a missing ownership check allowed an attack to take-away a 2FA webauthn device when correctly guessing a 80-128 character long random string of letters, numbers and symbols. The victim would...

CVE-2025-66558

The issue affects Nextcloud Twofactor WebAuthn (WebAuthn Two-Factor Provider). Before versions 1.4.2 and 2.4.1, a missing ownership check allowed an attacker to remove a victim’s WebAuthn 2FA device by correctly guessing an 80–128 character random string. After a successful guess, the victim was ...

Malicious code in rendom (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1effe6d94e0635864c22ea960a22b40294c3f2e510550046139bcd78f62a33fa The package contains a Telegram bot to perform remote control of the computer. The package name additionally suggests typosquatting against standard random...

MAL-2025-192323 Malicious code in rendom (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1effe6d94e0635864c22ea960a22b40294c3f2e510550046139bcd78f62a33fa The package contains a Telegram bot to perform remote control of the computer. The package name additionally suggests typosquatting against standard random...

Security Bulletin: Security vulnerabilities may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced.

Summary Security vulnerabilities may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced. IBM WebSphere Liberty has been updated within IBM CICS TX Advanced to address these vulnerabilities. Vulnerability Details CVEID:CVE-2020-36732 DESCRIPTION: The crypto-js package before...

CVE-2025-11379

The WebP Express plugin for WordPress is vulnerable to information exposure via config files in all versions up to, and including, 0.25.9. This is due to the plugin not properly randomizing the name of the config file to prevent direct access on NGINX. This makes it possible for unauthenticated...

EUVD-2025-201326

Malicious code in seeds-random npm...

Malicious code in seeds-random (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 795bbcfb5b0465693171101c152402cfb2b6c877bc4359dbb68b2844b905bcd9 The package seeds-random was found to contain malicious code. Source: ghsa-malware 47de9449cd7355e6e5c74ef85fbc39aceee380dfb0dbbb1f557dda15431d1ff6 A...

MAL-2025-192315 Malicious code in seeds-random (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 795bbcfb5b0465693171101c152402cfb2b6c877bc4359dbb68b2844b905bcd9 The package seeds-random was found to contain malicious code. Source: ghsa-malware 47de9449cd7355e6e5c74ef85fbc39aceee380dfb0dbbb1f557dda15431d1ff6 A...