Flight 安全漏洞

Flight is a PHP microframework developed by Mike Cao. Versions of Flight prior to 3.18.1 contained a security vulnerability. This vulnerability stemmed from the default error handling mechanism Engine::error, which wrote the entire exception message into the HTTP 500 response. Without debugging...

EUVD-2019-15064

Malware in sbrugna...

EUVD-2020-0426

Malware in sbrugna...

CVE-2025-59452

The YoSmart YoLink API through 2025-10-02 uses an endpoint URL that is derived from a device's MAC address along with an MD5 hash of non-secret information, such as a key that begins with cf50...

PT-2025-40949

Name of the Vulnerable Software and Affected Versions YoSmart YoLink versions through 2025-10-02 Description The YoSmart YoLink API constructs an endpoint URL using a device's MAC address and an MD5 hash of non-secret information, including a key starting with cf50. The API endpoint is derived fr...

EUVD-2022-38761

Malicious code in bioql PyPI...

EUVD-2025-12691

Malicious code in bioql PyPI...

CVE-2025-27532

A vulnerability in the “Backup & Restore” functionality of the web application of ctrlX OS allows a remote authenticated lowprivileged attacker to access secret information via multiple crafted HTTP requests...

CVE-2025-27532

A vulnerability in the “Backup & Restore” functionality of the web application of ctrlX OS allows a remote authenticated lowprivileged attacker to access secret information via multiple crafted HTTP requests...

CVE-2025-27532

A vulnerability in the “Backup & Restore” functionality of the web application of ctrlX OS allows a remote authenticated lowprivileged attacker to access secret information via multiple crafted HTTP requests...

CVE-2025-27532

CVE-2025-27532 affects ctrlX OS, via the web application's Backup & Restore function. A remote authenticated (low-privileged) attacker can access secret information through multiple crafted HTTP requests. CVSS v3.1 vectors: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N (base 6.5). Technical root cause, aff...

CVE-2025-27532

A vulnerability in the “Backup & Restore” functionality of the web application of ctrlX OS allows a remote authenticated lowprivileged attacker to access secret information via multiple crafted HTTP requests...

GTSD: Generative Text Steganography Based on Diffusion Model

With the rapid development of deep learning, existing generative text steganography methods based on autoregressive models have achieved success. However, these autoregressive steganography approaches have certain limitations. Firstly, existing methods require encoding candidate words according t...

PT-2025-18266 · Ctrlx Os · Ctrlx Os

Name of the Vulnerable Software and Affected Versions: ctrlX OS affected versions not specified Description: A vulnerability in the “Backup & Restore” functionality of the web application allows a remote authenticated low-privileged attacker to access secret information via multiple crafted HTTP...

Timing Side-channel Attacks

postquantumfeldmanvss is vulnerable to Timing side-channel attacks. The vulnerability is due to Python's non-constant-time execution model, which causes execution time variations in the findsecurepivot and securematrixsolve functions, allowing attackers to infer secret information through precise...

CVE-2025-29780

Post-Quantum Secure Feldman's Verifiable Secret Sharing provides a Python implementation of Feldman's Verifiable Secret Sharing VSS scheme. In versions 0.8.0b2 and prior, the feldmanvss library contains timing side-channel vulnerabilities in its matrix operations, specifically within the...

GHSA-Q65W-FG65-79F4 Post-Quantum Secure Feldman's Verifiable Secret Sharing has Timing Side-Channels in Matrix Operations

Description: The feldmanvss library contains timing side-channel vulnerabilities in its matrix operations, specifically within the findsecurepivot function and potentially other parts of securematrixsolve. These vulnerabilities are due to Python's execution model, which does not guarantee...

CVE-2025-29780 Post-Quantum Secure Feldman's Verifiable Secret Sharing has Timing Side-Channels in Matrix Operations

Post-Quantum Secure Feldman's Verifiable Secret Sharing provides a Python implementation of Feldman's Verifiable Secret Sharing VSS scheme. In versions 0.8.0b2 and prior, the feldmanvss library contains timing side-channel vulnerabilities in its matrix operations, specifically within the...

PT-2024-15991

Name of the Vulnerable Software and Affected Versions PAM affected versions not specified Description A vulnerability was found in PAM, where secret information is stored in memory. An attacker can trigger the victim program to execute by sending characters to its standard input stdin, allowing...

RUSTSEC-2023-0079 KyberSlash: division timings depending on secrets

Various Kyber software libraries in various environments leak secret information into timing, specifically because these libraries include a line of code that divides a secret numerator by a public denominator, the number of CPU cycles for division in various environments varies depending on the...