427 matches found
CVE-2026-32600
XML-Security library (xml-security) is affected in versions prior to 2.3.1 and 1.13.9 where AES-GCM encrypted XML nodes do not validate the authentication tag length. This can allow an attacker to brute-force the authentication tag, recover the GHASH key, decrypt encrypted nodes, and forge cipher...
GHSA-P2M9-WCP5-6QW3 multipart vulnerable to ReDoS in `parse_options_header()`
Summary The parseoptionsheader function in multipart.py uses a regular expression with an ambiguous alternation, which can cause exponential backtracking ReDoS when parsing maliciously crafted HTTP or multipart segment headers. This can be abused for denial of service DoS attacks against web...
CVE-2025-70821
renren-secuity before v5.5.0 is vulnerable to SQL Injection in the BaseServiceImpl.java component...
ASB-A-453649815
In parsePermissionGroup of ParsedPermissionUtils.java, there is a possible way to bypass a consent dialog to obtain permissions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
CLSA-2026-1772213586 zlib: Fix of CVE-2016-9843
CVE-2016-9843: avoid pre-decrement of pointer in big-endian CRC calculation...
CVE-2026-27017
A flaw was found in uTLS. When using GREASE Encrypted ClientHello ECH, uTLS versions 1.6.0 through 1.8.0 may exhibit a fingerprint mismatch with Chrome. This occurs due to an inconsistent selection of cipher suites between the outer ClientHello and the ECH, potentially allowing a remote observer ...
CVE-2026-27017
uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. Versions 1.6.0 through 1.8.0 contain a fingerprint mismatch with Chrome when using GREASE ECH, related to cipher suite selection. When Chrome selects the preferred...
RHSA-2026:2952 Red Hat Security Advisory: freerdp security update
Bulletin has no description...
RHSA-2026:2771 Red Hat Security Advisory: edk2 security update
Bulletin has no description...
CVE-2026-20627
An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in watchOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An app may be able to access sensitive user data...
GHSA-X468-PHR8-H3P3 `uniswap-utils` was removed from crates.io for malicious code
It depended on the evm-units crate, which appeared to be attempting to steal cryptocurrency...
GO-2026-4349 Improper validattion of configured threshold for delegations in github.com/theupdateframework/go-tuf
Improper validattion of configured threshold for delegations in github.com/theupdateframework/go-tuf...
MINI-RV9C-V782-3MF2
Bulletin has no description...
http-protection security vulnerabilities
http-protection is a network attack protection library developed by Rogério Zambon. Version 0.2.0 of http-protection contains security vulnerabilities; these vulnerabilities stem from IP spoofing, which may allow attackers to bypass the protected middleware and gain unauthorized access...
RHSA-2026:1487 Red Hat Security Advisory: thunderbird security update
Bulletin has no description...
CGA-QF76-V8XH-RHMP
Bulletin has no description...
CGA-9CHP-QW69-74C8
Bulletin has no description...
ECHO-1139-B964-9387
Bulletin has no description...
RHSA-2026:1229 Red Hat Security Advisory: gnupg2 security update
Bulletin has no description...
thunderbird security update
140.7.0-1.0.1 - Fix prefs for new nss Orabug: 37079813 - Add Oracle prefs 140.7.0 - Add OpenELA debranding 140.7.0-1 - Update to 140.7.0 ESR...