symfony/ux-live-component LiveComponentHydrator HMAC checksum lacks component and slot binding

Description In symfony/ux-live-component, a component's server-side state is exposed to the browser as a set of props LiveProp-annotated properties. Props marked writable: true can be freely changed by the client. Read-only props are round-tripped to the browser and back, and their integrity is...

CVE-2026-45028 Astro: Server island encrypted parameters vulnerable to cross-component replay

Astro is a web framework. Astro versions prior to 6.1.10 used AES-GCM encryption to protect the confidentiality and integrity of server island props and slots parameters, but did not bind the ciphertext to its intended component or parameter type. An attacker could replay one component's encrypte...

Astro: Server island encrypted parameters vulnerable to cross-component replay

Impact Astro versions prior to 6.1.10 used AES-GCM encryption to protect the confidentiality and integrity of server island props and slots parameters, but did not bind the ciphertext to its intended component or parameter type. An attacker could replay one component's encrypted props p value as...

EUVD-2022-55492

Malicious code in bioql PyPI...

CVE-2024-39491 ALSA: hda: cs35l56: Fix lifetime of cs_dsp instance

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: cs35l56: Fix lifetime of csdsp instance The csdsp instance is initialized in the driver probe so it should be freed in the driver remove. Also fix a missing call to csdspremove in the error path of cs35l56hdacommonprob...

MAL-2022-1814 Malicious code in calling-component-bindings (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d34742e24d97901f4bbbaee9d2c3f3166f3b4f29cd95880e1a0594078f45301a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...