Quest Bot 安全漏洞

Quest Bot is a multi-functional Discord community management robot developed by Duck Organization. Versions of Quest Bot prior to 1.0.5 contained security vulnerabilities. These vulnerabilities stemmed from the AutoMod deletion process not verifying the server to which the rules belong, potential...

EUVD-2026-22844

The Login as User plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.3. This is due to the handlereturntoadmin function trusting a client-controlled cookie oclauporiginaladmin to determine which user to authenticate as, without any server-side...

HCL Sametime 安全漏洞

HCL Sametime is a conference solution developed by the Indian company HCL. HCL Sametime has a security vulnerability, which stems from incomplete server-side verification. This vulnerability could allow attackers to bypass client input checks by sending manipulated HTTP requests directly to the...

CVE-2025-14022

LINE client for iOS prior to 15.4 allows man-in-the-middle attacks due to improper SSL/TLS certificate validation in an integrated financial SDK. The SDK interfered with the application's network processing, causing server certificate verification to be disabled for a significant portion of netwo...

Authentication Bypass by Alternate Name

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Authentication Bypass by Alternate Name via the ResourceSetService and PermissionTicketService modules due to...

CVE-2025-14022

LINE client for iOS prior to 15.4 allows man-in-the-middle attacks due to improper SSL/TLS certificate validation in an integrated financial SDK. The SDK interfered with the application's network processing, causing server certificate verification to be disabled for a significant portion of netwo...

CVE-2025-11932

The server previously verified the TLS 1.3 PSK binder using a non-constant time method which could potentially leak information about the PSK binder...

CVE-2025-11932

CVE-2025-11932 describes a timing side-channel in TLS 1.3 PSK binder verification, where a non-constant-time check could leak information about the PSK binder. The connected Nessus/OSV/DEBIAN listings corroborate a vulnerability in wolfSSL-related TLS/PSK processing and reference a changelog noti...

CVE-2025-11932

The server previously verified the TLS 1.3 PSK binder using a non-constant time method which could potentially leak information about the PSK binder...

CVE-2025-12788

The Hydra Booking — Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable to missing payment verification to unauthenticated payment bypass in all versions up to, and including, 1.1.27. This is due to the plugin accepting client-controlled payment confirmation data in the...

EUVD-2014-7426

Malware in sbrugna...

EUVD-2014-6746

Malware in sbrugna...

EUVD-2014-6642

Malware in sbrugna...

EUVD-2014-5893

Malware in sbrugna...

EUVD-2014-5568

Malware in sbrugna...

EUVD-2014-5686

Malware in sbrugna...

EUVD-2023-0132

Malicious code in bioql PyPI...

SVAFD: a Secure and Verifiable Co-Aggregation Protocol for Federated Distillation

Secure Aggregation SA is an indispensable component of Federated Learning FL that concentrates on privacy preservation while allowing for robust aggregation. However, most SA designs rely heavily on the unrealistic assumption of homogeneous model architectures. Federated Distillation FD, which...

[SECURITY] Fedora 41 Update: bind-9.18.33-1.fc41

BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves host names to IP addresses; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server ...

Mattermost Mobile Apps Security Vulnerability

Mattermost Mobile Apps is a messaging mobile application from Mattermost USA. A security vulnerability exists in Mattermost Mobile Apps version 2.16.0 and prior versions that stems from receiving push notifications without verifying that they are actually coming from the server they claim to be...