CVE-2025-11143

The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs differently fr...

CVE-2025-11143

The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs differently fr...

CVE-2025-11143

Summary of CVE-2025-11143 : The Jetty HTTP URI parser has differences in handling invalid/unusual URIs, causing potential security by‑pass or leakage of implementation details when multiple components parse URIs differently. Public sources describe practical implications as differential parsing a...

CVE-2025-11143

The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs differently fr...

CVE-2026-2836

A cache poisoning vulnerability has been found in the Pingora HTTP proxy framework’s default cache key construction. The issue occurs because the default HTTP cache key implementation generates cache keys using only the URI path, excluding critical factors such as the host header authority...

CVE-2025-11143

The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs differently fr...

PT-2026-23612

Name of the Vulnerable Software and Affected Versions stellar-xdr versions prior to 25.0.1 Description The StringM::from str function does not properly validate the length of input strings. When calling StringM::::from strs with a string s exceeding the maximum allowed length N, the function...

PT-2026-23602

Name of the Vulnerable Software and Affected Versions Gokapi versions prior to 2.2.3 Description Gokapi is a self-hosted file sharing server that supports automatic expiration and encryption. The upload status Server-Sent Events SSE implementation on the /uploadStatus API endpoint publishes globa...

locutus call_user_func_array vulnerable to Remote Code Execution (RCE) due to Code Injection

Details A Remote Code Execution RCE flaw was discovered in the locutus project v2.0.39, specifically within the calluserfuncarray function implementation. The vulnerability allows an attacker to inject arbitrary JavaScript code into the application's runtime environment. This issue stems from an...

CVE-2026-3541

Inappropriate implementation in CSS in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: High...

CVE-2026-3543

Inappropriate implementation in V8 in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Chromium security severity: High...

CVE-2026-3543

Inappropriate implementation in V8 in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Chromium security severity: High...

CVE-2026-3543

Inappropriate implementation in V8 in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Chromium security severity: High...

CVE-2026-3541

Inappropriate implementation in CSS in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: High...

CVE-2026-3542

Inappropriate implementation in WebAssembly in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Chromium security severity: High...

CVE-2025-70821

renren-secuity before v5.5.0 is vulnerable to SQL Injection in the BaseServiceImpl.java component...

Seeing AI Clearly: Building Visibility Across Modern AI Applications

AI applications span models, agents, and cloud environments in ways traditional security tools weren’t designed to understand. Here’s why visibility breaks — and how a new, implementation-agnostic approach helps teams safely adopt AI...

CVE-2026-28402

nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.2.2, a malicious or compromised validator that is elected as proposer can publish a macro block proposal where header.bodyroot does not match the...

Comparison of Credential Management Systems Based on the Standards of IEEE, ETSI, and YD/T 3957-2021

As V2X Vehicle-to-Everything technology becomes increasingly prevalent, the security of V2X networks has garnered growing attention worldwide. In North America, the IEEE 1609 series standards are primarily used, while Europe adopts the ETSI series standards, and China has also established its...

GHSA-J8CJ-HW74-64JV Hive has Double-free and Use After Free Vulnerabilities

Drop implementation for Hive did perform free, but so did Hive::close, which, at the end of the scope performed Drop, therefore triggering double-free. Additionally, function Hive::fromhandle was not marked as unsafe, making it, in combination with ashandle easy to clone and trigger double-free i...