CVE-2026-0619

Silicon Labs Matter SDK contains a reachable infinite loop caused by an integer wraparound, enabling a network-accessible denial-of-service. The vulnerability affects the Matter implementation and can force a hard reset to recover. The CVSS metrics indicate a medium base severity with impact on a...

CVE-2026-2323

Inappropriate implementation in Downloads in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

CVE-2026-2320

Inappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-2318

Inappropriate implementation in PictureInPicture in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-2315

Inappropriate implementation in WebGPU in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Chromium security severity: High...

[SECURITY] Fedora 42 Update: rust-scx_rustland-0.0.3-7.fc42

A BPF component dispatcher that implements the low level sched-ext functionalities and a user-space counterpart scheduler, written in Rust, that implements the actual scheduling policy. This is used within schedext, which is a Linux kernel feature which enables implementing kernel thread schedule...

Google Chrome < 145.0.7632.45 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 145.0.7632.45. It is, therefore, affected by multiple vulnerabilities as referenced in the 202602stable-channel-update-for-desktop10 advisory. - Use after free in Ozone. CVE-2026-2321 - Use after free in CSS...

[SECURITY] Fedora 43 Update: rust-sequoia-chameleon-gnupg-0.13.1-9.fc43

Sequoia's reimplementation of the GnuPG interface...

[SECURITY] Fedora 43 Update: rust-busd-0.3.1-6.fc43

A D-Bus bus broker implementation...

[SECURITY] Fedora 43 Update: mirrorlist-server-3.0.8-3.fc43

The mirrorlist-server uses the data created by MirrorManager2 https://github.com/fedora-infra/mirrormanager2 to answer client request for the "best" mirror. This implementation of the mirrorlist-server is written in Rust. The original version of the mirrorlist-server was part of the MirrorManager...

Spinel: A Post-Quantum Signature Scheme Based on SLn(Fp) Hashing

The advent of quantum computation compels the cryptographic community to design digital signature schemes whose security extends beyond the classical hardness assumptions. In this work, we introduce Spinel, a post-quantum digital signature scheme that combines the proven security of SPHINCS+ CCS...

The security implementation gap: Why Microsoft is supporting Operation Winter SHIELD

Every conversation I have with information security leaders tends to land in the same place. People understand what matters. They know the frameworks, the controls, and the guidance. They can explain why identity security, patching, and access control are critical. And yet incidents keep happenin...

The security implementation gap: Why Microsoft is supporting Operation Winter SHIELD

Every conversation I have with information security leaders tends to land in the same place. People understand what matters. They know the frameworks, the controls, and the guidance. They can explain why identity security, patching, and access control are critical. And yet incidents keep happenin...

ongres-scram: Timing Attack Vulnerability in SCRAM Authentication

A timing attack vulnerability exists in the SCRAM Java implementation. The issue arises because Arrays.equals was used to compare secret values such as client proofs and server signatures. Since Arrays.equals performs a short-circuit comparison, the execution time varies depending on how many...

CVE-2026-23083 fou: Don't allow 0 for FOU_ATTR_IPPROTO.

In the Linux kernel, the following vulnerability has been resolved: fou: Don't allow 0 for FOUATTRIPPROTO. fouudprecv has the same problem mentioned in the previous patch. If FOUATTRIPPROTO is set to 0, skb is not freed by fouudprecv nor "resubmit"-ted in ipprotocoldeliverrcu. Let's forbid 0 for...

Crypto-RV: High-Efficiency FPGA-Based RISC-V Cryptographic Co-Processor for IoT Security

Cryptographic operations are critical for securing IoT, edge computing, and autonomous systems. However, current RISC-V platforms lack efficient hardware support for comprehensive cryptographic algorithm families and post-quantum cryptography. This paper presents Crypto-RV, a RISC-V co-processor...

Fedora: Security Advisory (FEDORA-2026-68ca733984)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED15 / SLES15 Security Update : python-filelock (SUSE-SU-2026:0335-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:0335-1 advisory. - CVE-2026-22701: Fixed TOCTOU race condition in SoftFileLock implementation of he filelock package bsc1256457 Tenable...

Security Bulletin: IBM Cloud Pak for Data is vulnerable to DoS due to unbounded memory allocation in golang.org/x/crypto SSH implementation (CVE-2025-22869)

Summary Potential vulnerabilities in golang.org/x/crypto module CVE-2025-22869 have been identified that may affect IBM Cloud Pak for Data Vulnerability Details CVEID:CVE-2025-22869 DESCRIPTION: SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from...

Google Chrome Security Bypass Vulnerability (CNVD-2026-11752)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability that stems from an improper implementation in Blink, which can be exploited by attackers to bypass security restrictions...