CVE-2026-3644

The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output validation applie...

CVE-2026-32314 Yamux remote Panic via malformed Data frame with SYN set and len = 262145

Yamux is a stream multiplexer over reliable, ordered connections such as TCP/IP. Prior to 0.13.10, the Rust implementation of Yamux can panic when processing a crafted inbound Data frame that sets SYN and uses a body length greater than DEFAULTCREDIT e.g. 262145. On the first packet of a new...

CVE-2026-32314 Yamux remote Panic via malformed Data frame with SYN set and len = 262145

Yamux is a stream multiplexer over reliable, ordered connections such as TCP/IP. Prior to 0.13.10, the Rust implementation of Yamux can panic when processing a crafted inbound Data frame that sets SYN and uses a body length greater than DEFAULTCREDIT e.g. 262145. On the first packet of a new...

CVE-2026-32314

Yamux is a stream multiplexer over reliable, ordered connections such as TCP/IP. Prior to 0.13.10, the Rust implementation of Yamux can panic when processing a crafted inbound Data frame that sets SYN and uses a body length greater than DEFAULTCREDIT e.g. 262145. On the first packet of a new...

Yamux vulnerable to remote Panic via malformed WindowUpdate credit

Sumary The Rust implementation of Yamux accepts WindowUpdate credit values from the remote peer and applies them to per-stream send-window state. A specially crafted WindowUpdate can cause arithmetic overflow in send-window accounting, which triggers a panic in the connection state machine. This ...

CVE-2026-3910

An inappropriate implementation flaw was found in the V8 component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=491410818...

KLA90940 DoS vulnerability in Google Chrome

Inappropriate implementation vulnerability was found in Google Chrome. Malicious users can exploit this vulnerability to execute arbitrary code, cause denial of service. Original advisories Stable Channel Update for Desktop Exploitation Public exploits exist for this vulnerability. Related produc...

chromium -- security fixes

Chrome Releases reports: This update includes 2 security fixes: 491421267 High CVE-2026-3909: Out of bounds write in Skia. Reported by Google on 2026-03-10 491410818 High CVE-2026-3910: Inappropriate implementation in V8. Reported by Google on 2026-03-10...

Stable Channel Update for Desktop

The Stable channel has been updated to 146.0.7680.75/76 for Windows/Mac and 146.0.7680.75 for Linux, which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log Security Fixes and Rewards Updated 2026-03-13: The previous version of these notes...

CVE-2026-31812

Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. Prior to 0.11.14, a remote, unauthenticated attacker can trigger a denial of service in applications using vulnerable quinn versions by sending a crafted QUIC Initial packet containing malformed...

CVE-2026-31830 sigstore-ruby verifier returns success for DSSE bundles with mismatched in-toto subject digest

sigstore-ruby is a pure Ruby implementation of the sigstore verify command from the sigstore/cosign project. Prior to 0.2.3, Sigstore::Verifierverify does not propagate the VerificationFailure returned by verifyintoto when the artifact digest does not match the digest in the in-toto attestation...

CLEANSTART-2026-AB04032 OpenTelemetry-Go is the Go implementation of OpenTelemetry

Multiple security vulnerabilities affect the fluent-operator-fips package. OpenTelemetry-Go is the Go implementation of OpenTelemetry. See references for individual vulnerability details...

Quinn 安全漏洞

Quinn is a pure Rust implementation of the IETF QUIC transport protocol, developed by quinn-rs. Versions of Quinn prior to 0.11.14 contained a security vulnerability. This vulnerability stemmed from decoding varints during the parsing of specially crafted QUIC initial packets, which could lead to...

Google Chrome WebAudio Memory Out-of-Bounds Access Vulnerability

Google Chrome is a free web browser developed by Google Inc. Google Chrome WebAudio suffers from a memory out-of-bounds access vulnerability that stems from an improper implementation and can be exploited by remote attackers to execute arbitrary code...

Fedora 44 : cef (2026-376794abc1)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-376794abc1 advisory. Update to cef-145.0.25 + chromium 145.0.7632.75 CVE-2026-1861: Heap buffer overflow in libvpx CVE-2026-1862: Type Confusion in V8 CVE-2026-2313: Use...

CVE-2026-3541

An inappropriate implementation flaw was found in the CSS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=484811719...

Securing Cryptography in the Age of Quantum Computing and AI: Threats, Implementations, and Strategic Response

This review examines how quantum computing and artificial intelligence challenge current cryptographic systems. We analyze the literature to assess the resilience of algorithms against quantum attacks Shor's and Grover's algorithms and AI-enhanced cryptanalysis. RSA and elliptic curve cryptograph...

EUVD-2025-208311

org.eclipse.jetty:jetty-http has different parsing of invalid URIs...

CVE-2025-11143

The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs differently fr...

DEBIAN-CVE-2025-11143

The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs differently fr...