CVE-2026-45159 Nextcloud: Files drop share links for end-to-end encrypted folders allowed to drop files into other folders of the share owner

Nextcloud is an open source content collaboration platform. From versions 1.15.0 to before 1.15.4, 1.16.0 to before 1.16.3, 1.17.0 to before 1.17.1, and 1.18.0 to before 1.18.1, a malicious user with access to an end-to-end encrypted files drop link was able to also drop files into other end-to-e...

CVE-2026-45159

Nextcloud vulnerability CVE-2026-45159 affects end-to-end encrypted file drop links. A malicious user with access to a drop link could drop files into other end-to-end encrypted folders owned by the share owner, but could not read or modify unrelated files. Mitigation is upgrading to patched rele...

End-to-End Encryption App Security Vulnerabilities

End-to-End Encryption App is an open-source end-to-end encryption client implementation by Nextcloud. Vulnerabilities exist in versions of End-to-End Encryption App between 1.15.0 and 1.15.4, 1.16.0 and 1.16.3, 1.17.0 and 1.17.1, and 1.18.0 and 1.18.1. These vulnerabilities stem from improper...

PT-2026-45474

Nextcloud is an open source content collaboration platform. From versions 1.15.0 to before 1.15.4, 1.16.0 to before 1.16.3, 1.17.0 to before 1.17.1, and 1.18.0 to before 1.18.1, a malicious user with access to an end-to-end encrypted files drop link was able to also drop files into other end-to-e...

Formal Verification of Secure Encrypted Virtualization

Trusted execution environments TEEs provide a secure environment for data and code in use, ensuring that they are protected with respect to confidentiality and integrity. Virtual machine VM-based TEEs utilize virtualization technology to create isolated execution spaces that can support a complet...

Signal users targeted in backup-stealing phishing attacks

A new phishing campaign is targeting Signal users by attempting to steal their backup recovery keys to access encrypted message archives. The attack is initiated by a text message pretending to come from Signal Support. “Action Required: Data Recovery Needed Your Signal account data message and...

[SECURITY] Fedora 43 Update: openbao-2.5.4-1.fc43

Openbao secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Openbao handles leasing, key revocation, key rolling, and auditing. Through a unified API, us ers can access an encrypted Key/Value store and network...

[SECURITY] Fedora 44 Update: openbao-2.5.4-1.fc44

Openbao secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Openbao handles leasing, key revocation, key rolling, and auditing. Through a unified API, us ers can access an encrypted Key/Value store and network...

A Protocol-Language Model for Network Intrusion (Without Deep Packet Inspection)

Modern network intrusion detection systems NIDS are caught in a structural contradiction: the protocols carrying the highest threat intelligence are precisely those encrypted under TLS 1.3 and QUIC, where payload inspection yields nothing. We ask a simpler question -- what if the attack signature...

GETA: Generalized Encrypted Traffic Analysis

Traditional traffic analysis is being fundamentally challenged by the rapid adoption of encryption, tunnelling, and privacy-preserving protocols, which increasingly obscure packet payloads and limit the usefulness of Deep Packet Inspection DPI. Although machine learning has advanced encrypted...

Keycloak 数据伪造问题漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak itself. Keycloak has a data falsification vulnerability. This vulnerability arises when submitting JSON Web encrypted request objects, and if the decrypted content is the original JSON, Keycloak may improperl...

UBUNTU-CVE-2026-46066

In the Linux kernel, the following vulnerability has been resolved: ceph: fix numops off-by-one when crypto allocation fails movedirtyfolioinpagearray may fail if the file is encrypted, the dirty folio is not the first in the batch, and it fails to allocate a bounce buffer to hold the ciphertext...

CVE-2026-46066

In the Linux kernel, the following vulnerability has been resolved: ceph: fix numops off-by-one when crypto allocation fails movedirtyfolioinpagearray may fail if the file is encrypted, the dirty folio is not the first in the batch, and it fails to allocate a bounce buffer to hold the ciphertext...

CVE-2026-46066 ceph: fix num_ops off-by-one when crypto allocation fails

In the Linux kernel, the following vulnerability has been resolved: ceph: fix numops off-by-one when crypto allocation fails movedirtyfolioinpagearray may fail if the file is encrypted, the dirty folio is not the first in the batch, and it fails to allocate a bounce buffer to hold the ciphertext...

CVE-2026-46066

In the Linux kernel, CVE-2026-46066 fixes an off-by-one in the Ceph writeback path when a crypto bounce buffer allocation fails. If move_dirty_folio_in_page_array() fails for an encrypted file and the failed folio is not contiguous with the last in the batch, ceph_process_folio_batch() increments...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an error in the numops counter when encrypted allocation fails in Ceph, potentially leading to...

PT-2026-43933

Name of the Vulnerable Software and Affected Versions Linux kernel versions 6.18.16 Linux kernel version 6.19.6 Linux kernel version 7.0-rc1 Description An off-by-one error exists in the Ceph component of the Linux kernel. The issue occurs when move dirty folio in page array fails to allocate a...

MAL-2026-4781 Malicious code in unique-id-64 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ab3b19e4bd1602de93ca092a5909f8b69927c01d5a690d3484116024dfc46e2 Package impersonates the well-known sindresorhus/unique-string utility: package.json copies the author block name 'Sindre Sorhus', email...

github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object

A flaw was found in Go JOSE, a library for handling JSON Web Encryption JWE objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the...

github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object

A flaw was found in Go JOSE, a library for handling JSON Web Encryption JWE objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the...