Godot MCP 操作系统命令注入漏洞

Godot MCP is an MCP server developed by Solomon Elias, designed for interfacing with the Godot game engine. Versions of Godot MCP prior to 0.1.1 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the executeOperation function, which directly...

An Efficient Secret Communication Scheme for the Bosonic Wiretap Channel

We propose a new secret communication scheme over the bosonic wiretap channel. It uses readily available hardware such as lasers and direct photodetectors. The scheme is based on randomness extractors, pulse-position modulation, and Reed-Solomon codes and is therefore computationally efficient. I...

Malicious code in solomon-api-stories (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ad178716d1164749c08aa91ccbc456191e1cbafea1b3903f8619c3beb7a6deda The package solomon-api-stories was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-199258

Malicious code in solomon-api-stories npm...

EUVD-2025-199257

Malicious code in solomon-v3-stories npm...

MAL-2025-191428 Malicious code in solomon-v3-stories (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7a3c2b76ec7ca12640f848ff834bd3a10c3c2f6247a9b372905bf57e2d9f2194 The package solomon-v3-stories was found to contain malicious code. Source: ghsa-malware...

Malicious code in solomon-v3-stories (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7a3c2b76ec7ca12640f848ff834bd3a10c3c2f6247a9b372905bf57e2d9f2194 The package solomon-v3-stories was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-199256

Malicious code in solomon-v3-ui-wrapper npm...

MAL-2025-191429 Malicious code in solomon-v3-ui-wrapper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cbc1913e7f746026b2bdfcb099e4e6cc55dd56a41c2a5cf50bfc9e9ce075b75e The package solomon-v3-ui-wrapper was found to contain malicious code. Source: ghsa-malware...

Malicious code in solomon-v3-ui-wrapper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cbc1913e7f746026b2bdfcb099e4e6cc55dd56a41c2a5cf50bfc9e9ce075b75e The package solomon-v3-ui-wrapper was found to contain malicious code. Source: ghsa-malware...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

Fair Data Exchange with Constant-Time Proofs

The Fair Data Exchange FDE protocol introduced at CCS 2024 offers atomic pay-per-file transfers with constant-size proofs, but its prover and verifier runtimes still scale linearly with the file length n. We collapse these costs to essentially constant by viewing the file as a rate-1 Reed-Solomon...

The Tangent Space Attack

We propose a new method for retrieving the algebraic structure of a generic alternant code given an arbitrary generator matrix, provided certain conditions are met. We then discuss how this challenges the security of the McEliece cryptosystem instantiated with this family of codes. The central...

Brett Solomon on Digital Rights

Brett Solomon is retiring from AccessNow after fifteen years as its Executive Director. Hes written a blog post about what hes learned and what comes next...

Microsoft Warns of Surge in Cyber Attacks Targeting Internet-Exposed OT Devices

Microsoft has emphasized the need for securing internet-exposed operational technology OT devices following a spate of cyber attacks targeting such environments since late 2023. "These repeated attacks against OT devices emphasize the crucial need to improve the security posture of OT devices and...

solomon.k12.az.us Cross Site Scripting vulnerability OBB-3875014

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2023-28995

Cross-Site Request Forgery CSRF vulnerability in Keith Solomon Configurable Tag Cloud CTC plugin = 5.2 versions...

CVE-2023-28995

Cross-Site Request Forgery CSRF vulnerability in Keith Solomon Configurable Tag Cloud CTC plugin = 5.2 versions...