CVE-2026-45446

A flaw was found in OpenSSL. The implementations of AES-SIV Advanced Encryption Standard - SIV and AES-GCM-SIV Advanced Encryption Standard - Galois/Counter Mode - SIV incorrectly process authentication tags for empty messages. This vulnerability allows a remote attacker to forge empty messages...

Malicious code in mistral-workflows-plugins-webhook (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e87825efe9006ca3d435869b276f0d8526a1255ec71ac6e7aa0ea1bb068b6673 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

kernel: Linux kernel: Denial of Service in authencesn due to too-short AAD

A flaw was found in the Linux kernel's authencesn authenticated encryption with associated data implementation. A remote attacker can exploit this vulnerability by providing a specially crafted Associated Additional Data with a length shorter than the expected minimum. This can lead to a NULL...

haiku-rag (>=0.19.2 <=0.33.0), iatoolkit (>=1.40.0 <=1.42.0) +19 more potentially affected by CVE-2026-31247 via docling (>=2.10.0 <=2.73.1)

docling PYPI version =2.10.0, =0.19.2, =1.40.0, =0.1.0, =0.2.1, =0.6.1, =1.0.1, =0.4.0, =1.0.0, =0.1.29, =0.3.1, =0.10.0, =0.11.2 and more Source cves: CVE-2026-31247 Source advisory: SNYK:PYTHON-DOCLING-16757962...

GHSA-H5FH-7HWR-97MW Kimai has an arbitrary file read in its invoice PDF renderer (admin)

Summary Users with the role System-Admin ROLESYSTEADMIN and the permission uploadinvoicetemplate can upload PDF invoice templates, which can call pdfContext.setOption'associatedfiles', ... inside the sandboxed Twig render. This is forwarded to mPDF's SetAssociatedFiles, whose writer calls...

Advisory ROSA-SA-2026-3263

Software: kernel-ml 5.15.180 OS: rosa-server79 unaffected versions = kernel-ml-5.15.180-1.0.1.res7 affected versions kernel-ml-5.15.180-1.0.1.res7 CVE-ID: CVE-2026-31431 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Vulnerability in the Linux kernel crypto subsystem crypto: algifaead. Attempts to perfor...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: crypto: algifaead – Reverted to operating out-of-place. This primarily reverts to commit 72548b093ee3, except for the copying of the associated data. There is no benefit in performing in-place operations in algifaead, as the sour...

OESA-2026-2174 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: algifaead - Revert to operating out-of-place\n\nThis mostly reverts commit 72548b093ee3 except for the copying of the associated data.\n\nThere is no...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-016371)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016371 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: algifaead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 exce...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-016370)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016370 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: algifaead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 exce...

VulnCheck KEV: CVE-2026-31431

In the Linux kernel, the following vulnerability has been resolved: crypto: algifaead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algifaead since the source and destination...

JLSEC-2026-240 Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty...

Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Impact summary: Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misl...

SUSE CVE-2026-31431

In the Linux kernel, the following vulnerability has been resolved: crypto: algifaead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algifaead since the source and destination...

EUVD-2026-24639

In the Linux kernel, the following vulnerability has been resolved: crypto: algifaead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algifaead since the source and destination...

CVE-2026-31431

In the Linux kernel, the following vulnerability has been resolved: crypto: algifaead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algifaead since the source and destination...

CVE-2026-31431 crypto: algif_aead - Revert to operating out-of-place

In the Linux kernel, the following vulnerability has been resolved: crypto: algifaead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algifaead since the source and destination...

CVE-2026-31431 crypto: algif_aead - Revert to operating out-of-place

In the Linux kernel, the following vulnerability has been resolved: crypto: algifaead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algifaead since the source and destination...

CVE-2026-31431

In the Linux kernel, the following vulnerability has been resolved: crypto: algifaead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algifaead since the source and destination...

CVE-2026-31431

CVE-2026-31431 is a local privilege escalation in the Linux kernel’s algif_aead/AF_ALG path. The root cause is an in-place operation bug in the AEAD handling, which can be exercised via AF_ALG sockets with the authencesn algorithm and splice() to corrupt the kernel page cache of readable files wi...

CVE-2026-31431

In the Linux kernel, the following vulnerability has been resolved: crypto: algifaead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algifaead since the source and destination...