@mattdesl/quick-stub (>=1.0.0 <=3.0.1), brick (=0.0.0) +15 more potentially affected by unknown CVE via variable-name (>=0.0.1 <=0.0.2)

variable-name NPM version =0.0.1, =1.0.0, =0.0.0, =0.0.0, =0.0.0, =0.1.0, =0.0.0, =1.0.0, =0.0.0, =1.2.0, =7.0.0, =1.0.0, =0.0.0, =1.1.1, =1.0.0, =1.9.0 and more Source cves: unknown CVE Source advisory: OSV:MAL-2025-38145...

MAL-2025-38145 Malicious code in variable-name (npm)

The package variable-name was found to contain malicious code...

CVE-2025-7972

A security issue exists within the FactoryTalk Linx Network Browser. By modifying the process.env.NODEENV to ‘development’, the attacker can disable FTSP token validation. This bypass allows access to create, update, and delete FTLinx drivers...

SUSE-SU-2025:20596-1 Security update for libssh

This update for libssh fixes the following issues: - CVE-2025-5372: sshkdf returns a success code on certain failures bsc1245314 - CVE-2025-5987: Invalid return code for chacha20 poly1305 with OpenSSL backend bsc1245317 - CVE-2025-4877: Write beyond bounds in binary to base64 conversion functions...

SUSE-SU-2025:20557-1 Security update for libssh

This update for libssh fixes the following issues: - CVE-2025-5372: sshkdf returns a success code on certain failures bsc1245314 - CVE-2025-5987: Invalid return code for chacha20 poly1305 with OpenSSL backend bsc1245317 - CVE-2025-4877: Write beyond bounds in binary to base64 conversion functions...

Multichannel Hybrid Quantum Cryptography for Submarine Optical Communications

We present a multichannel hybrid quantum cryptography approach intended for submarine quantum optical communications between Alice and Bob separated a distance beyond the current QKD possibilities, each located on a coastline. It is based on the difficult of a simultaneous access to $M$ optical...

CVE-2025-50635

A null pointer dereference vulnerability was discovered in Netis WF2780 v2.2.35445. The vulnerability exists in the FUN0048a728 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the CONTENTLENGTH variable, causing the program to crash and potentially leadin...

SUSE SLES12 Security Update : libssh (SUSE-SU-2025:02755-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02755-1 advisory. - CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions bsc1245309. - CVE-2025-4878: Fixed use of uninitialized...

CVE-2025-22834 ThirdPartyVideo SetVariable Vulnerability

AMI APTIOV contains a vulnerability in BIOS where a user may cause “Improper Initialization” by local accessing. Successful exploitation of this vulnerability may leave the resource in an unexpected state and potentially impact confidentiality, integrity, and availability...

CVE-2025-22834 ThirdPartyVideo SetVariable Vulnerability

AMI APTIOV contains a vulnerability in BIOS where a user may cause “Improper Initialization” by local accessing. Successful exploitation of this vulnerability may leave the resource in an unexpected state and potentially impact confidentiality, integrity, and availability...

Linux Distros Unpatched Vulnerability : CVE-2022-49001

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: riscv: fix race when vmap stack overflow Currently, when detecting vmap stack overflow, risc...

Fedora 42 : toolbox (2025-e41c694c83)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-e41c694c83 advisory. Security fixes Bumped the minimum github.com/go-viper/mapstructure/v2 version to 2.3.0 for GHSA-fv92-fjc5-jj9h or GO-2025-3787 Bumped the minimum...

Linux Distros Unpatched Vulnerability : CVE-2024-38623

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Use variable length array instead of fixed size Should fix smatch warning:...

Generalized Kennedy Receivers Enhanced CV-QKD in Turbulent Channels for Endogenous Security of Space-Air-Ground Integrated Network

Endogenous security in next-generation wireless communication systems attracts increasing attentions in recent years. A typical solution to endogenous security problems is the quantum key distribution QKD, where unconditional security can be achieved thanks to the inherent properties of quantum...

Surpassing the PLOB Bound in Continuous-Variable Quantum Secret Sharing Using a State-Discrimination Detector

Continuous-variable quantum secret sharing CVQSS is a promising approach to ensuring multi-party information security. While CVQSS offers practical ease of implementation, its present performance remains limited. In this paper, we propose a novel CVQSS protocol integrated with a...

PT-2025-32956

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 139.0.7258.127 Description: An out-of-bounds write issue exists in ANGLE within Google Chrome. A remote attacker could potentially perform out-of-bounds memory access through a specially crafted HTML page. The...

BIT-LIBPHP-2024-8927 cgi.force_redirect configuration is bypassable due to the environment variable collision

In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, HTTPREDIRECTSTATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP...

BIT-LIBPHP-2022-4900 Potential buffer overflow in php_cli_server_startup_workers

A vulnerability was found in PHP where setting the environment variable PHPCLISERVERWORKERS to a large value leads to a heap buffer overflow...

Security Bulletin: Kafka client library upgraded to kafka-clients-3.9.1

Summary Kafka client library upgraded to kafka-clients-3.9.1. Vulnerability Details CVEID:CVE-2024-31141 DESCRIPTION: Files or Directories Accessible to External Parties, Improper Privilege Management vulnerability in Apache Kafka Clients. Apache Kafka Clients accept configuration data for...

Linux Distros Unpatched Vulnerability : CVE-2021-46951

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: tpm: efi: Use local variable for calculating final log size When tpmreadlogefi is called...