XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection via the EncryptedXml class. An attacker can cause excessive resource consumption by providing specially crafted XML input. Details XXE Injection is a type of attack against an application that parses XM...

Microsoft Security Advisory CVE-2026-26171 – .NET Denial of Service Vulnerability

Executive Summary: Microsoft is releasing this security advisory to provide information about a vulnerability in System.Security.Cryptography.Xml. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in...

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop in the EncryptedXml class. An attacker can cause an infinite loop and exhaust system resources by submitting specially crafted XML data. Note: The patch in version 10.0.6 introduced a regression and users are strongly...

CVE-2026-32203

A flaw was found in .NET. A remote attacker could exploit a stack overflow vulnerability during encrypted key nested decryption, leading to a Denial of Service DoS. This could make the affected system unavailable to legitimate users. Mitigation Mitigation for this issue is either not available or...

CVE-2026-26171

A flaw was found in .NET. A remote attacker could exploit a vulnerability related to unsafe transforms in EncryptedXml. This could lead to a Denial of Service DoS, making the service unavailable, and a bypass of security features. Mitigation Mitigation for this issue is either not available or th...

CVE-2026-26153 Windows Encrypted File System (EFS) Elevation of Privilege Vulnerability

...

CVE-2026-26153

CVE-2026-26153 describes an out-of-bounds read in the Windows Encrypting File System (EFS) that could allow an authorized, locally authenticated attacker to obtain elevated privileges. The vulnerability is associated with EFS in Windows and is listed across multiple sources (NVD, CVE databases, M...

CVE-2026-26153 Windows Encrypted File System (EFS) Elevation of Privilege Vulnerability

...

AMD: CVE-2023-20585 IOMMU Write Buffer Vulnerability

The vulnerability assigned to this CVE could lead to corruption of guest encrypted memory. The mitigation for this vulnerability requires a Windows update. This CVE is being documented in the Security Update Guide to announce that the latest builds of Windows enable the mitigation and provide...

Windows Encrypted File System (EFS) Elevation of Privilege Vulnerability

Out-of-bounds read in Windows Encrypting File System EFS allows an authorized attacker to elevate privileges locally...

PoC

Fabricked: Breaking AMD SEV-SNP via Infinity Fabric !CVE-20...

KLA90980 Multiple vulnerabilities in Microsoft Products (ESU)

Multiple vulnerabilities were found in Microsoft Products Extended Security Update. Malicious users can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, gain privileges, spoof user interface, execute arbitrary code, cause denial of service, read local...

SUSE CVE-2026-34986

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption JWE object will panic if t...

ChargePoint Home Flex 安全漏洞

The ChargePoint Home Flex is a series of electric vehicle charging devices developed by the US company ChargePoint. The ChargePoint Home Flex has a security vulnerability, which stems from the use of secret encrypted seed values in the source code, potentially leading to information leakage...

SUSE CVE-2026-5889

Cryptographic Flaw in PDFium in Google Chrome prior to 147.0.7727.55 allowed an attacker to read potentially sensitive information from encrypted PDFs via a brute-force attack. Chromium security severity: Medium...

CVE-2026-5503

In TLSXEchChangeSNI, the ctx-extensions branch set extensions unconditionally even when TLSXFind returned NULL. This caused TLSXUseSNI to attach the attacker-controlled publicName to the shared WOLFSSLCTX when no inner SNI was configured. TLSXEchRestoreSNI then failed to clean it up because its...

ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories

Thursday. Another week, another batch of things that probably should've been caught sooner but weren't. This one's got some range — old vulnerabilities getting new life, a few "why was that even possible" moments, attackers leaning on platforms and tools you'd normally trust without thinking twic...

EUVD-2026-20705

Cryptographic Flaw in PDFium in Google Chrome prior to 147.0.7727.55 allowed an attacker to read potentially sensitive information from encrypted PDFs via a brute-force attack. Chromium security severity: Medium...

How A Simple Misconfiguration Can Fuel Offline Attacker Tools

How A Simple Misconfiguration Can Fuel Offline Attacker Tools By Grant McDonald · April 9, 2026 It’s no secret that misconfigurations are a gateway for attackers. But that doesn’t mean misconfigurations won’t happen or that attackers won’t attempt to exploit them. In the latest research from our...

DEBIAN-CVE-2026-5889

Cryptographic Flaw in PDFium in Google Chrome prior to 147.0.7727.55 allowed an attacker to read potentially sensitive information from encrypted PDFs via a brute-force attack. Chromium security severity: Medium...