Cilium may not enforce host firewall policies when Native Routing, WireGuard and Node Encryption are enabled

Impact Host Policies will incorrectly permit traffic from Pods on other nodes when all of the following configurations are enabled: Native Routing WireGuard Node Encryption beta These options are disabled by default in Cilium. Patches This issue was fixed by 42892. This issue affects: Cilium v1.1...

GHSA-5R23-PRX4-MQG3 Cilium may not enforce host firewall policies when Native Routing, WireGuard and Node Encryption are enabled

Impact Host Policies will incorrectly permit traffic from Pods on other nodes when all of the following configurations are enabled: Native Routing WireGuard Node Encryption beta These options are disabled by default in Cilium. Patches This issue was fixed by 42892. This issue affects: Cilium v1.1...

GO-2026-4479 Usage of random nonce generation with AES GCM ciphers risks leaking the authentication key in github.com/pion/dtls

Usage of random nonce generation with AES GCM ciphers risks leaking the authentication key in github.com/pion/dtls...

CVE-2026-25998 strongMan vulnerable to private credential recovery due to key and counter reuse

strongMan is a management interface for strongSwan, an OpenSource IPsec-based VPN. When storing credentials in the database private keys, EAP secrets, strongMan encrypts the corresponding database fields. So far it used AES in CTR mode with a global database key. Together with an initialization...

CVE-2026-25998 strongMan vulnerable to private credential recovery due to key and counter reuse

strongMan is a management interface for strongSwan, an OpenSource IPsec-based VPN. When storing credentials in the database private keys, EAP secrets, strongMan encrypts the corresponding database fields. So far it used AES in CTR mode with a global database key. Together with an initialization...

CVE-2026-25998

strongMan (the management interface for strongSwan) is vulnerable in versions prior to 0.2.0 due to improper encryption of stored credentials in the database. The software used AES-CTR with a global database key and a single IV for all fields, enabling an attacker with database access to recover ...

go-ethereum 安全漏洞

go-ethereum is an open-source Ethereum protocol library developed by ethereum. Versions of go-ethereum prior to 1.16.9 contained security vulnerabilities. These vulnerabilities stemmed from defects in the ECIES encryption implementation, allowing attackers to extract bits from the keys of p2p nod...

Medium: runfinch-finch

Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...

PT-2026-20966

Name of the Vulnerable Software and Affected Versions Cilium versions 1.18.0 through 1.18.5 Description Cilium, a networking, observability, and security solution utilizing an eBPF-based dataplane, is affected by an issue where traffic from Pods on other nodes may be incorrectly permitted. This...

uTLS has a fingerprint vulnerability from GREASE ECH mismatch for Chrome parrots

There is a fingerprint mismatch with Chrome when using GREASE ECH, having to do with ciphersuite selection. When Chrome selects the preferred ciphersuite in the outer ClientHello and the ciphersuite for ECH, it does so consistently based on hardware support. That means, for example, if it prefers...

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a vulnerability that could provide weaker than expected security (CVE-2025-13333)

Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a vulnerability that could provide weaker than expected security when enabling AES-256 password encryption. Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by a vulnerability that could provide weaker than expected security (CVE-2025-13333)

Summary IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by a vulnerability that could provide weaker than expected security when enabling AES-256 password encryption. Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by a vulnerability that could provide weaker than expected security (CVE-2025-13333)

Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by a vulnerability that could provide weaker than expected security when enabling AES-256 password encryption. Vulnerability Details Refer to the security bulletins listed in the...

Medium: runc

Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...

GO-2026-4478 Mattermost Server SAML implementation does not require encryption or signature verification as default in github.com/mattermost/mattermost-server

Mattermost Server SAML implementation does not require encryption or signature verification as default in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this ...

CVE-2026-2618 Beetel 777VR1 SSH Service risky encryption

A vulnerability was determined in Beetel 777VR1 up to 01.00.09. This impacts an unknown function of the component SSH Service. This manipulation causes risky cryptographic algorithm. The attack is possible to be carried out remotely. The attack is considered to have high complexity. The...

openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap

A flaw was found in the OpenSSL CMS implementation RFC 3211 KEK Unwrap. This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption PWRI...

Apple Tests End-to-End Encrypted RCS Messaging in iOS 26.4 Developer Beta

Apple on Monday released a new developer beta of iOS and iPadOS with support for end-to-end encryption E2EE in Rich Communications Services RCS messages. The feature is currently available for testing in iOS and iPadOS 26.4 Beta, and is expected to be shipped to customers in a future update for...

[SECURITY] Fedora 42 Update: gnupg2-2.4.9-2.fc42

GnuPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440 and the S/MIME standard as described...

IBM Security QRadar EDR 加密问题漏洞

IBM Security QRadar EDR is a terminal detection and response software developed by the American multinational company IBM. There are vulnerabilities related to encryption in versions 3.12 to 3.12.23 of IBM Security QRadar EDR. These vulnerabilities stem from the use of encryption algorithms that...