KLA90980 Multiple vulnerabilities in Microsoft Products (ESU)

Multiple vulnerabilities were found in Microsoft Products Extended Security Update. Malicious users can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, gain privileges, spoof user interface, execute arbitrary code, cause denial of service, read local...

SUSE CVE-2026-34986

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption JWE object will panic if t...

ChargePoint Home Flex 安全漏洞

The ChargePoint Home Flex is a series of electric vehicle charging devices developed by the US company ChargePoint. The ChargePoint Home Flex has a security vulnerability, which stems from the use of secret encrypted seed values in the source code, potentially leading to information leakage...

SUSE CVE-2026-5889

Cryptographic Flaw in PDFium in Google Chrome prior to 147.0.7727.55 allowed an attacker to read potentially sensitive information from encrypted PDFs via a brute-force attack. Chromium security severity: Medium...

CVE-2026-5503

In TLSXEchChangeSNI, the ctx-extensions branch set extensions unconditionally even when TLSXFind returned NULL. This caused TLSXUseSNI to attach the attacker-controlled publicName to the shared WOLFSSLCTX when no inner SNI was configured. TLSXEchRestoreSNI then failed to clean it up because its...

ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories

Thursday. Another week, another batch of things that probably should've been caught sooner but weren't. This one's got some range — old vulnerabilities getting new life, a few "why was that even possible" moments, attackers leaning on platforms and tools you'd normally trust without thinking twic...

EUVD-2026-20705

Cryptographic Flaw in PDFium in Google Chrome prior to 147.0.7727.55 allowed an attacker to read potentially sensitive information from encrypted PDFs via a brute-force attack. Chromium security severity: Medium...

How A Simple Misconfiguration Can Fuel Offline Attacker Tools

How A Simple Misconfiguration Can Fuel Offline Attacker Tools By Grant McDonald · April 9, 2026 It’s no secret that misconfigurations are a gateway for attackers. But that doesn’t mean misconfigurations won’t happen or that attackers won’t attempt to exploit them. In the latest research from our...

CVE-2026-5889

Cryptographic Flaw in PDFium in Google Chrome prior to 147.0.7727.55 allowed an attacker to read potentially sensitive information from encrypted PDFs via a brute-force attack. Chromium security severity: Medium...

DEBIAN-CVE-2026-5889

Cryptographic Flaw in PDFium in Google Chrome prior to 147.0.7727.55 allowed an attacker to read potentially sensitive information from encrypted PDFs via a brute-force attack. Chromium security severity: Medium...

CVE-2026-5889

Cryptographic Flaw in PDFium in Google Chrome prior to 147.0.7727.55 allowed an attacker to read potentially sensitive information from encrypted PDFs via a brute-force attack. Chromium security severity: Medium...

CVE-2026-5889

CVE-2026-5889 involves a cryptographic flaw in PDFium used by Google Chrome prior to version 147.0.7727.55 that could allow an attacker to read potentially sensitive data from encrypted PDFs via brute-force. The issue is addressed in the Chrome 147 stable update (147.0.7727.55) for Windows, macOS...

CVE-2026-5889

Cryptographic Flaw in PDFium in Google Chrome prior to 147.0.7727.55 allowed an attacker to read potentially sensitive information from encrypted PDFs via a brute-force attack. Chromium security severity: Medium...

CVE-2026-5889

Cryptographic Flaw in PDFium in Google Chrome prior to 147.0.7727.55 allowed an attacker to read potentially sensitive information from encrypted PDFs via a brute-force attack. Chromium security severity: Medium...

CVE-2026-5889

Cryptographic Flaw in PDFium in Google Chrome prior to 147.0.7727.55 allowed an attacker to read potentially sensitive information from encrypted PDFs via a brute-force attack. Chromium security severity: Medium...

CVE-2026-5889

Cryptographic Flaw in PDFium in Google Chrome prior to 147.0.7727.55 allowed an attacker to read potentially sensitive information from encrypted PDFs via a brute-force attack. Chromium security severity: Medium...

CVE-2026-5889

Cryptographic Flaw in PDFium in Google Chrome prior to 147.0.7727.55 allowed an attacker to read potentially sensitive information from encrypted PDFs via a brute-force attack. Chromium security severity: Medium...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006814)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006814 advisory. In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Flush pages under kvm-lock to fix UAF in svmregisterencregion Do the cache flush of...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006690)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006690 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: improve error handling from ext4dirhash The ext4dirhash will almost never fail, especially...

CVE-2025-14858 Semtech LR11xx Encrypted Firmware Disclosure

The Semtech LR11xx LoRa transceivers running early versions of firmware contains an information disclosure vulnerability in its firmware validation functionality. When a host issues a firmware validity check command via the SPI interface, the device decrypts the provided encrypted firmware packag...