Important: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

LangChain-Chatchat 加密问题漏洞

LangChain-Chatchat is a chatbot software developed based on the LangChain framework, open-sourced by Chatchat-Space. Versions of LangChain-Chatchat 0.3.1.3 and earlier had an encryption vulnerability. This vulnerability stems from a function in the Uploaded File Handler component, specifically th...

HELO Cryptography: A Lightweight Cryptographic System for Enhancing IoT Security in P2P Data Transmission

The recent surge in security concerns for IoT devices highlights the increasing threat of cryptographic vulnerabilities. These weaknesses can lead to unauthorized access, data breaches, and manipulation of device functions, compromising the privacy and security of both the devices and their users...

Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: nvme: avoid double free special payload CVE-2024-41073 kernel: net: qlogic/qede: fix potential out-of-bounds read in qedetpacont and qedetpaend CVE-2025-40252 kernel: crypto: asymmetricke...

LangChain-Chatchat 加密问题漏洞

LangChain-Chatchat is a chatbot software developed based on the LangChain framework, open-sourced by Chatchat-Space. Versions of Langchain-Chatchat 0.3.1.3 and earlier had encryption-related vulnerabilities. These vulnerabilities stemmed from an issue in the Vision Chat Paste Image Handler...

jose4j: jose4j: Denial of Service via malicious JSON Web Encryption (JWE) token compression

A flaw was found in jose4j. A remote attacker can exploit this by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression. This...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

CVE-2026-31431 Linux Privileg...

JWCrypto: python-cryptography: python: JWCrypto: Memory exhaustion via crafted compressed JWE tokens

A flaw was found in JWCrypto, a Python library for JSON Web Key JWK, JSON Web Signature JWS, and JSON Web Encryption JWE specifications. An unauthenticated attacker can exploit this vulnerability by sending specially crafted JWE tokens that use ZIP compression. While the input token size is...

JWCrypto: python-cryptography: python: JWCrypto: Memory exhaustion via crafted compressed JWE tokens

A flaw was found in JWCrypto, a Python library for JSON Web Key JWK, JSON Web Signature JWS, and JSON Web Encryption JWE specifications. An unauthenticated attacker can exploit this vulnerability by sending specially crafted JWE tokens that use ZIP compression. While the input token size is...

Exploit for Missing Authentication for Critical Function in Cpanel

Sorry Ransomware Analysis CVE-2026-41940 cPanel Campaign Pu...

EUVD-2026-26862

An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An attacker can listen to broadcast messages to trigger this vulnerability. When interacting with variou...

CVE-2026-7161 GeoVision GV-IP Device Utility Device Authentication insufficient encryption vulnerability

An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An attacker can listen to broadcast messages to trigger this vulnerability. When interacting with variou...

CVE-2026-7161

GeoVision GV-IP Device Utility 9.0.5 is affected by an insufficient encryption vulnerability in Device Authentication. The protocol encrypts username/password for privileged commands using a derivation of Blowfish, but the symmetric key is included in the same UDP broadcast packet, making credent...

CVE-2026-7161

An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An attacker can listen to broadcast messages to trigger this vulnerability. When interacting with variou...

CVE-2026-7161 GeoVision GV-IP Device Utility Device Authentication insufficient encryption vulnerability

An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An attacker can listen to broadcast messages to trigger this vulnerability. When interacting with variou...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

CVE-2026-31431 — Copy Fail Linux Kernel LPE Educational rew...

PT-2026-36739

Name of the Vulnerable Software and Affected Versions GeoVision GV-IP Device Utility version 9.0.5 Description Insufficient encryption in the Device Authentication functionality allows for the leak of credentials. When the utility sends privileged commands to devices over UDP, the username and...

RHCOS 2 : node.js (RHSA-2015:1546)

The remote Red Hat Enterprise Linux CoreOS 2 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2015:1546 advisory. - SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack CVE-2014-3566 Note that Nessus has not tested for this issue but has instead...

Astra Linux - уязвимость в opensc

A vulnerability was discovered in OpenSC, where the removal of PKCS1 encryption padding is not implemented in a way that ensures side-channel resistance. This issue may lead to the potential leakage of private data...

Astra Linux - уязвимость в ceph

A key length flaw was discovered in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed during the encryption algorithm process, resulting in the creation of a non-random key. Such a key is weaker and can be exploited to compromise the confidentiality...