[SECURITY] [DSA 6131-1] nginx security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6131-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 12, 2026 https://www.debian.org/security/faq -...

CVE-2026-25922

The vulnerability CVE-2026-25922 affects authentik (open-source identity provider) prior to versions 2025.8.6, 2025.10.4, and 2025.12.4. When a SAML Source has Verify Assertion Signature enabled and not Verify Response Signature, or when Encryption Certificate is not configured under Advanced Pro...

CVE-2026-25922

authentik is an open-source identity provider. Prior to 2025.8.6, 2025.10.4, and 2025.12.4, when using a SAML Source that has the option Verify Assertion Signature under Verification Certificate enabled and not Verify Response Signature, or does not have the Encryption Certificate setting under...

CVE-2026-25922 authentik has a Signature Verification Bypass via SAML Assertion Wrapping

authentik is an open-source identity provider. Prior to 2025.8.6, 2025.10.4, and 2025.12.4, when using a SAML Source that has the option Verify Assertion Signature under Verification Certificate enabled and not Verify Response Signature, or does not have the Encryption Certificate setting under...

CVE-2026-25922 authentik has a Signature Verification Bypass via SAML Assertion Wrapping

authentik is an open-source identity provider. Prior to 2025.8.6, 2025.10.4, and 2025.12.4, when using a SAML Source that has the option Verify Assertion Signature under Verification Certificate enabled and not Verify Response Signature, or does not have the Encryption Certificate setting under...

kernel: cifs: fix oops during encryption

An out-of-bounds memory access vulnerability exists in the linux kernel, such that A stack-allocated buffer backed by vmalloc was passed into crypto code scatterwalkmapandcopy → memcpy where a cross-page write occurred. This ended up hitting a read-only mapping, causing a page-level fault and...

DRAMatic Speedup: Accelerating HE Operations on a Processing-In-Memory System

Homomorphic encryption HE is a promising technology for confidential cloud computing, as it allows computations on encrypted data. However, HE is computationally expensive and often memory-bound on conventional computer architectures. Processing-in-Memory PIM is an alternative hardware architectu...

newbee-mall 加密问题漏洞

newbee-mall is an e-commerce system developed by newbee with open source. newbee-mall has encryption-related vulnerabilities; these vulnerabilities stem from the use of the unsalted MD5 hash algorithm for storing and verifying user passwords. This allows attackers to quickly recover plaintext...

PT-2026-7894

Name of the Vulnerable Software and Affected Versions authentik versions prior to 2025.8.6 authentik versions prior to 2025.10.4 authentik versions prior to 2025.12.4 Description authentik is an open-source identity provider. When using a SAML Source with the 'Verify Assertion Signature' option...

Secrecy and Verifiability: An Introduction to Electronic Voting

Democracies are built upon secure and reliable voting systems. Electronic voting systems seek to replace ballot papers and boxes with computer hardware and software. Proposed electronic election schemes have been subjected to scrutiny, with researchers spotting inherent faults and weaknesses...

CVE-2026-26014 Pion DTLS uses random nonce generation with AES GCM ciphers risks leaking the authentication key

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Pion DTLS versions v1.0.0 through v3.1.0 use random nonce generation with AES GCM ciphers, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a...

CVE-2026-26014

Pion DTLS (Go) vulnerability CVE-2026-26014 affects versions v1.0.0–v3.1.0 due to improper nonce generation with AES-GCM ciphers, enabling nonce reuse in a session. This can let remote attackers obtain the authentication key and spoof data. Remedy: upgrade to v3.1.0 or later. The provided documen...

Security Bulletin: IBM Security QRadar EDR Software has multiple vulnerabilities

Summary IBM Security QRadar EDR Software is affected by multiple vulnerabilities that could allow an attacker to perform cross-site scripting XSS attacks or exploit weak cryptographic algorithms to decrypt sensitive information. These vulnerabilities have been addressed in version 3.12.24...

Inadequate Encryption Strength

Overview github.com/pion/dtls is a DTLS 1.2 Server/Client implementation for Go. Affected versions of this package are vulnerable to Inadequate Encryption Strength due to the use of the random nonce generation with AES GCM ciphers. An attacker can obtain the authentication key and spoof data by...

Inadequate Encryption Strength

Overview Affected versions of this package are vulnerable to Inadequate Encryption Strength due to the use of the random nonce generation with AES GCM ciphers. An attacker can obtain the authentication key and spoof data by exploiting nonce reuse within a session. Remediation There is no fixed...

GHSA-9F3F-WV7R-QC8R Pion DTLS's usage of random nonce generation with AES GCM ciphers risks leaking the authentication key

Impact Pion DTLS versions v1.0.0 through v3.0.10 use random nonce generation with AES GCM ciphers, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a session and a "forbidden attack". Patches Upgrade to v3.1.1 or late...

Inadequate Encryption Strength

Overview Affected versions of this package are vulnerable to Inadequate Encryption Strength due to the use of the random nonce generation with AES GCM ciphers. An attacker can obtain the authentication key and spoof data by exploiting nonce reuse within a session. Remediation Upgrade...

Pion DTLS's usage of random nonce generation with AES GCM ciphers risks leaking the authentication key

Impact Pion DTLS versions v1.0.0 through v3.0.10 use random nonce generation with AES GCM ciphers, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a session and a "forbidden attack". Patches Upgrade to v3.1.1 or late...

CVE-2024-52334

A vulnerability has been identified in syngo.plaza VB30E All versions VB30EHF07. The affected application does not encrypt the passwords properly. This could allow an attacker to recover the original passwords and might gain unauthorized access...

VulnCheck KEV: CVE-2026-1357

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Upload in versions up to and including 0.9.123. This is due to improper error handling in the RSA decryption process combined with a lack of path sanitization when...