580 matches found
Inefficient CPU Computation
Overview Nerdbank.MessagePack is an A modern, fast and NativeAOT-compatible MessagePack serialization library Affected versions of this package are vulnerable to Inefficient CPU Computation in the WithExpandoObjectConverter. An attacker can cause excessive CPU consumption by deserializing special...
CVE-2026-49322
Weak authentication in the Wireless Control Module WCM of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker with read access to the in-vehicle network to recover the user-set unlock PIN by passively observing a single PIN authentication exchange. The...
Astra Linux - уязвимость в mbedtls
The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS from 2.19.1 does not reduce the blinded scalar before computing the inverse. This allows a local attacker to recover the private key through side-channel attacks...
On the (Non-)Resilience of Encrypted Controllers to Covert Attacks
The security of networked control systems NCS is receiving increasing attention from both cyber-security and system-theoretic perspectives. The former focuses on classical IT security goals such as confidentiality, integrity, and availability of process data, while the latter investigates tailore...
CVE-2026-43967 Quadratic fragment-name uniqueness check causes denial of service in absinthe
Inefficient Algorithmic Complexity vulnerability in absinthe-graphql absinthe allows unauthenticated denial of service via quadratic fragment-name uniqueness validation. 'Elixir.Absinthe.Phase.Document.Validation.UniqueFragmentNames':run/2 iterates over all fragments and for each one calls...
CVE-2026-43186
In the Linux kernel, the following vulnerability has been resolved: ipv6: ioam: fix heap buffer overflow in ioam6filltracedata On the receive path, ioam6filltracedata uses trace-nodelen to decide how much data to write for each node. It trusts this field as-is from the incoming packet, with no...
vLLM Vulnerable to Remote DoS via Special-Token Placeholders
Summary This report explains a Token Injection vulnerability in vLLM’s multimodal processing. Unauthenticated, text-only prompts that spell special tokens are interpreted as control. Image and video placeholder sequences supplied without matching data cause vLLM to index into empty grids during...
PT-2026-37318
Name of the Vulnerable Software and Affected Versions vLLM versions 0.6.1 through 0.19.x Description A Token Injection issue exists in the multimodal processing of vLLM. Unauthenticated, text-only prompts containing special tokens are interpreted as control commands. When image and video...
Astra Linux - уязвимость в firefox
Bypass of the same-origin policy in the CSS Parsing and Computation component. This vulnerability was fixed in Firefox 148.0.2...
ROS-20260430-73-0010
Vulnerability in golang related to incorrect computation. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
JLSEC-2026-248 Issue summary: A timing side-channel which could potentially allow recovering the private key...
Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computations could allow recovering the private key by an attacker. However, measuring the timing would...
CVE-2026-31570
CVE-2026-31570 relates to the Linux kernel CAN gateway module. The vulnerability is an OOB heap access in cgw_csum_crc8_rel(), caused by looping and writing using raw s8 indices (from_idx/to_idx/result_idx) instead of the precomputed bounds-safe values (from/to/res). calc_idx() yields bounds-safe...
firefox: thunderbird: Use-after-free in the CSS Parsing and Computation component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the CSS Parsing and Computation component...
firefox: thunderbird: Use-after-free in the CSS Parsing and Computation component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the CSS Parsing and Computation component...
firefox: thunderbird: Use-after-free in the CSS Parsing and Computation component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the CSS Parsing and Computation component...
firefox: thunderbird: Use-after-free in the CSS Parsing and Computation component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the CSS Parsing and Computation component...
firefox: thunderbird: Use-after-free in the CSS Parsing and Computation component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the CSS Parsing and Computation component...
firefox: thunderbird: Use-after-free in the CSS Parsing and Computation component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the CSS Parsing and Computation component...
firefox: thunderbird: Use-after-free in the CSS Parsing and Computation component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the CSS Parsing and Computation component...
CLSA-2026-1776171616 ImageMagick: Fix of CVE-2025-57803
CVE-2025-57803: fix integer overflow in BMP reader stride computation...