192159 matches found
CVE-2026-6358
Use after free in XR in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: Critical...
Timing Attack
Overview @sync-in/server is a The secure, open-source platform for file storage, sharing, collaboration, and syncing Affected versions of this package are vulnerable to Timing Attack via the login process. An attacker can obtain valid usernames by measuring differences in response times from the...
GHSA-43FJ-QP3H-HRH5 Sync-in Server has Username Enumeration via Timing Attack
Summary The /api/auth/login endpoint contains a logic flaw that allows unauthenticated remote attackers to enumerate valid usernames by measuring the application's response time. Details The logic flaw can be located at the below point in source:...
Sync-in Server has Username Enumeration via Timing Attack
Summary The /api/auth/login endpoint contains a logic flaw that allows unauthenticated remote attackers to enumerate valid usernames by measuring the application's response time. Details The logic flaw can be located at the below point in source:...
CVE-2026-32631
Git for Windows is the Windows port of Git. Versions prior to 2.53.0.windows.3 do not have protections that prevent attackers from obtaining a user's NTLM hash. The NTLM hash can be obtained by tricking users into cloning a malicious repository, or checking out a malicious branch, that accesses a...
CVE-2026-32631
Git for Windows is the Windows port of Git. Versions prior to 2.53.0.windows.3 do not have protections that prevent attackers from obtaining a user's NTLM hash. The NTLM hash can be obtained by tricking users into cloning a malicious repository, or checking out a malicious branch, that accesses a...
CVE-2026-20060
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerabili...
CVE-2026-20132
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker with administrative write privileges to conduct a stored cross-site scripting XSS attack or a reflected XSS attack against a user of the web-based...
CVE-2026-30617
LangChain-ChatChat 0.3.1 contains a remote code execution vulnerability in its MCP STDIO server configuration and execution handling. A remote attacker can access the publicly exposed MCP management interface and configure an MCP STDIO server with attacker-controlled commands and arguments. When...
golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...
SUSE-SU-2026:1364-1 Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues: Update to version 2.52.0. Security issues fixed: - CVE-2023-43010: processing maliciously crafted web content may lead to memory corruption bsc1259950. - CVE-2025-31223: processing maliciously crafted web content may lead to memory corruptio...
Timing Attack
Overview Affected versions of this package are vulnerable to Timing Attack through the sample and samplematrix functions in FrodoEngine.java. An attacker can recover information about the sampled noise values by observing how long Frodo key generation or encapsulation takes when it processes...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the AEADEncDataPacket parser in AEADEncDataPacket.java. An attacker can crash packet parsing by supplying an AEAD-encrypted OpenPGP packet with an out-of-range chunk size valu...
Timing Attack
Overview org.bouncycastle:bcprov-jdk15to18 is a Java implementation of cryptographic algorithms. Affected versions of this package are vulnerable to Timing Attack through the sample and samplematrix functions in FrodoEngine.java. An attacker can recover information about the sampled noise values ...
Timing Attack
Overview Affected versions of this package are vulnerable to Timing Attack through the sample and samplematrix functions in FrodoEngine.java. An attacker can recover information about the sampled noise values by observing how long Frodo key generation or encapsulation takes when it processes...
Timing Attack
Overview org.bouncycastle:bcprov-jdk14 is a Java implementation of cryptographic algorithms. Affected versions of this package are vulnerable to Timing Attack through the sample and samplematrix functions in FrodoEngine.java. An attacker can recover information about the sampled noise values by...
Timing Attack
Overview Affected versions of this package are vulnerable to Timing Attack through the sample and samplematrix functions in FrodoEngine.java. An attacker can recover information about the sampled noise values by observing how long Frodo key generation or encapsulation takes when it processes...
Timing Attack
Overview Affected versions of this package are vulnerable to Timing Attack through the sample and samplematrix functions in FrodoEngine.java. An attacker can recover information about the sampled noise values by observing how long Frodo key generation or encapsulation takes when it processes...
CVE-2026-28741
Mattermost CVE-2026-28741 concerns CSRF token validation bypass on an authentication endpoint, enabling an attacker to update a user’s authentication method via a CSRF attack when a user visits a malicious page. Affected versions are Mattermost 10.11.x ≤ 10.11.12, 11.5.x ≤ 11.5.0, 11.4.x ≤ 11.4.2...
CVE-2026-27769 Connected Workspaces: Malicious remote server can manipulate arbitrary user's status
Mattermost versions 10.11.x = 10.11.12 fail to validate whether users were correctly owned by the correct Connected Workspace which allows a malicious remote server connected using the Conntexted Workspaces feature to change the displayed status of local users via the Connected Workspaces API...