DEBIAN-CVE-2026-26104

A flaw was found in the udisks storage management daemon that allows unprivileged users to back up LUKS encryption headers without authorization. The issue occurs because a privileged D-Bus method responsible for exporting encryption metadata does not perform a policy check. As a result, sensitiv...

udisks 安全漏洞

udisks is a daemon developed by stored-project, open-source software used for querying and managing storage devices. udisks has a security vulnerability that stems from privileged D-Bus methods lacking policy checks. This vulnerability could allow non-privileged users to back up LUKS encrypted...

udisks 安全漏洞

udisks is a daemon developed by stored-project, open-source software used for querying and managing storage devices. udisks has a security vulnerability that stems from the lack of authorization checks in the privileged D-Bus API. This vulnerability could allow non-privileged local users to...

GO-2026-4509 Fingerprint vulnerability in uTLS from GREASE ECH mismatch for Chrome parrots in github.com/refraction-networking/utls

Fingerprint vulnerability in uTLS from GREASE ECH mismatch for Chrome parrots in github.com/refraction-networking/utls...

Exploit for CVE-2025-30401

👻 GhostPort: WhatsApp Web Stager PoC 📌 Project Overview GhostP...

tempest-c2

⚡ Tempest C2 Framework Advanced Post-Exploitation & Comma...

RobPI: Robust Private Inference against Malicious Client

The increased deployment of machine learning inference in various applications has sparked privacy concerns. In response, private inference PI protocols have been created to allow parties to perform inference without revealing their sensitive data. Despite recent advances in the efficiency of PI,...

GetSimple CMS 信息泄露漏洞

GetSimple CMS is an open-source content management system developed by GetSimple CMS. GetSimple CMS has a vulnerability related to information leakage. This vulnerability stems from the reliance on .htaccess files to restrict access to sensitive directories. When Apache AllowOverride is disabled,...

CVE-2026-27017

A flaw was found in uTLS. When using GREASE Encrypted ClientHello ECH, uTLS versions 1.6.0 through 1.8.0 may exhibit a fingerprint mismatch with Chrome. This occurs due to an inconsistent selection of cipher suites between the outer ClientHello and the ECH, potentially allowing a remote observer ...

CVE-2026-2703

A weakness has been identified in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::decodebase64 of the file source/detail/cryptography/base64.cpp of the component Encrypted XLSX File Parser. Executing a manipulation can lead to off-by-one. The attack requires local access...

UBUNTU-CVE-2026-27017

uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. Versions 1.6.0 through 1.8.0 contain a fingerprint mismatch with Chrome when using GREASE ECH, related to cipher suite selection. When Chrome selects the preferred...

CVE-2026-27017

CVE-2026-27017 affects the uTLS fork of crypto/tls ( Versions 1.6.0–1.8.0 ) with GREASE ECH, causing a fingerprint mismatch with Chrome due to inconsistent cipher-suite selection between the outer ClientHello and ECH. Specifically, uTLS hardcodes AES for the outer cipher suite while randomly sele...

CVE-2026-27017

uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. Versions 1.6.0 through 1.8.0 contain a fingerprint mismatch with Chrome when using GREASE ECH, related to cipher suite selection. When Chrome selects the preferred...

CVE-2026-27017 uTLS has a Chrome Parrot Fingerprint Vulnerability due to GREASE ECH Cipher Suite Mismatch

uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. Versions 1.6.0 through 1.8.0 contain a fingerprint mismatch with Chrome when using GREASE ECH, related to cipher suite selection. When Chrome selects the preferred...

CVE-2026-2738

CVE-2026-2738 affects OpenVPN ovpn-dco-win 2.8.0. A buffer overflow in the handling of encrypted packets can be triggered by sending oversized packets to the remote peer when the AEAD tag appears at the end of the packet, enabling a local attacker to crash the system. The CVSS 4.0 vector indicate...

How to Organize Safely in the Age of Surveillance

From threat modeling to encrypted collaboration apps, we’ve collected experts’ tips and tools for safely and effectively building a group—even while being targeted and tracked by the powerful...

CVE-2026-2703

A weakness has been identified in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::decodebase64 of the file source/detail/cryptography/base64.cpp of the component Encrypted XLSX File Parser. Executing a manipulation can lead to off-by-one. The attack requires local access...

CVE-2026-2703

A weakness has been identified in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::decodebase64 of the file source/detail/cryptography/base64.cpp of the component Encrypted XLSX File Parser. Executing a manipulation can lead to off-by-one. The attack requires local access...

Off-by-one Error

Overview Affected versions of this package are vulnerable to Off-by-one Error via the decodebase64 function in the Encrypted XLSX File Parser component. An attacker can cause a denial of service by executing a manipulation that triggers an off-by-one error. Remediation A fix was pushed into the...

CVE-2026-2703

CVE-2026-2703 affects the xlnt-community xlnt project up to version 1.6.1. The vulnerability resides in the function xlnt::detail::decode_base64 (source/detail/cryptography/base64.cpp) of the Encrypted XLSX File Parser and is caused by an off-by-one flaw introduced by manipulation. The issue requ...