core-rs-albatross 安全漏洞

core-rs-albatross is a Rust implementation of the Albatross protocol developed by Nimiq. Versions prior to 1.3.0 of core-rs-albatross contained a security vulnerability. This vulnerability stemmed from the use of the greater than symbol instead of the greater than or equal symbol in the send...

PT-2026-32505

nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, an untrusted peer could crash a validator by publishing a signed tendermint proposal message where signer == validators.num validators...

OESA-2026-1844 OpenEXR security update

OpenEXR is a high dynamic-range HDR image file format originally developed by Industrial Light Magic for use in computer imaging applications. Security Fixes: OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture...

EUVD-2026-21622

OpenClaw Canvas Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of OpenClaw. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the the authenticatio...

Chromium: CVE-2026-5918 Inappropriate implementation in Navigation

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

CVE-2026-3690 OpenClaw Canvas Authentication Bypass Vulnerability

OpenClaw Canvas Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of OpenClaw. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the the authenticatio...

CVE-2026-3690

OpenClaw Canvas Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of OpenClaw. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the the authenticatio...

Apache Log4j Core: Silent log event loss in XmlLayout due to unescaped XML 1.0 forbidden characters

Apache Log4j Core's XmlLayout, in versions up to and including 2.25.3, fails to sanitize characters forbidden by the XML 1.0 specification, producing invalid XML output whenever a log message or MDC value contains such characters. The impact depends on the StAX implementation in use: JRE built-in...

CVE-2026-5918

An inappropriate implementation flaw was found in the Navigation component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=490139441...

CVE-2026-5863

An inappropriate implementation flaw was found in the V8 component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=484527367...

[SECURITY] Fedora 43 Update: fido-device-onboard-0.5.5-8.fc43

A rust implementation of the FIDO Device Onboard Specification...

CLEANSTART-2026-SH14815 gRPC-Go is the Go language implementation of gRPC

Multiple security vulnerabilities affect the tkn-fips package. gRPC-Go is the Go language implementation of gRPC. See references for individual vulnerability details...

CLEANSTART-2026-CD13174 gRPC-Go is the Go language implementation of gRPC

Multiple security vulnerabilities affect the prometheus package. gRPC-Go is the Go language implementation of gRPC. See references for individual vulnerability details...

Python 安全漏洞

Python is an open-source, object-oriented programming language developed by the Python Foundation. This language features extensibility, support for modules and packages, and compatibility with multiple platforms. However, Python has security vulnerabilities. One of these vulnerabilities stems fr...

CLEANSTART-2026-MO53190 gRPC-Go is the Go language implementation of gRPC

Multiple security vulnerabilities affect the istio-fips package. gRPC-Go is the Go language implementation of gRPC. See references for individual vulnerability details...

CLEANSTART-2026-UZ17701 gRPC-Go is the Go language implementation of gRPC

Multiple security vulnerabilities affect the terragrunt-fips package. gRPC-Go is the Go language implementation of gRPC. See references for individual vulnerability details...

EUVD-2026-20752

Inappropriate implementation in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

CVE-2026-5894

CVE-2026-5894 is an issue in Google Chrome/Chromium related to an inappropriate implementation in PDF handling that allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. The vulnerability is rated as Chromium/Chrome security severity Low in the CVE entry, with a CVS...

PT-2026-31512

Inappropriate implementation in PDF in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...

KLA90973 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, obtain sensitive information, execute arbitrary code, spoof user interface. Below is a complete list of vulnerabilities: 1. Policy bypa...