soroban-fixed-point-math has Incorrect Rounding and Overflow Handling in Signed Fixed-Point Math with Negatives

Impact Incorrect rounding direction for signed mul and div operations The mulDivx, y, z function incorrectly handled cases where both the intermediate product $x y$ and the divisor $z$ were negative. The logic assumed that if the intermediate product was negative, the final result must also be...

sqlmap-CTT-v3.0-SQL-Injection-Engine-Full-33-layer-fractal-temporal-resonance-implementation-in-C

sqlmap-CTT-v3.0-SQL-Injection-Engine-Full-33-layer-fractal-tem...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from an information disclosure vulnerability, which is caused due to improper implementation in the backend fetch AP. An attacker can exploit the vulnerability to disclose cross-origin data...

A heap out-of-bounds read flaw was found in builtin.c in the gawk package

A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information...

CVE-2026-22696 dcap-qvl has Missing Verification for QE Identity

dcap-qvl implements the quote verification logic for DCAP Data Center Attestation Primitives. A vulnerability present in versions prior to 0.3.9 involves a critical gap in the cryptographic verification process within the dcap-qvl. The library fetches QE Identity collateral including qeidentity,...

EUVD-2026-4661

dcap-qvl implements the quote verification logic for DCAP Data Center Attestation Primitives. A vulnerability present in versions prior to 0.3.9 involves a critical gap in the cryptographic verification process within the dcap-qvl. The library fetches QE Identity collateral including qeidentity,...

PT-2026-4820

dcap-qvl implements the quote verification logic for DCAP Data Center Attestation Primitives. A vulnerability present in versions prior to 0.3.9 involves a critical gap in the cryptographic verification process within the dcap-qvl. The library fetches QE Identity collateral including qe identity,...

CVE-2026-23992 go-tuf improperly validates the configured threshold for delegations

go-tuf is a Go implementation of The Update Framework TUF. Starting in version 2.0.0 and prior to version 2.3.1, a compromised or misconfigured TUF repository can have the configured value of signature thresholds set to 0, which effectively disables signature verification. This can lead to...

CVE-2025-61684

Quicly, an IETF QUIC protocol implementation, is susceptible to a denial-of-service attack prior to commit d9d3df6a8530a102b57d840e39b0311ce5c9e14e. A remote attacker can exploit these bugs to trigger an assertion failure that crashes process using Quicly. Commit...

CVE-2026-0901

CVE-2026-0901 affects Blink in Google Chrome on Android prior to 144.0.7559.59, enabling UI spoofing via a crafted HTML page. Connected sources indicate Chromium/Chromium-derived builds (e.g., 144.0.7559.59) have fixes, and Debian/Fedora advisories corroborate that versions around 144.0.7559.59 a...

[SECURITY] Fedora 43 Update: rust-lru-0.16.3-1.fc43

A LRU cache implementation...

MiracleLinux 8 : dovecot-2.3.8-2.el8.2 (AXSA:2020-546:03)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-546:03 advisory. dovecot: Resource exhaustion via deeply nested MIME parts CVE-2020-12100 dovecot: Out of bound reads in dovecot NTLM implementation CVE-2020-12673...

Arbitrary Code Injection

Overview @lobehub/lobehub is a LobeHub - an open-source,comprehensive AI Agent framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Supports one-click free deployment of your private ChatGPT/LLM web application. Affected versions of this package are...

Chromium: CVE-2026-0902 Inappropriate implementation in V8

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

CVE-2025-14510

Incorrect Implementation of Authentication Algorithm vulnerability in ABB ABB Ability OPTIMAX.This issue affects ABB Ability OPTIMAX: 6.1, 6.2, from 6.3.0 before 6.3.1-251120, from 6.4.0 before 6.4.1-251120...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001159)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001159 advisory. The HMAC implementation crypto/hmac.c in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a loc...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003406)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003406 advisory. The HMAC implementation crypto/hmac.c in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a loc...

Linux Distros Unpatched Vulnerability : CVE-2026-0900

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML...

BlackSheep 注入漏洞

BlackSheep is an open source web application framework from Neoteroi. BlackSheep version 2.4.6 before the injection vulnerability , the vulnerability stems from the HTTP client-side implementation of the lack of header validation , which could lead to an attacker to modify the HTTP request or...

GO-2026-4275 Mattermost with Jira plugin enabled has Incorrect Implementation of Authentication Algorithm in github.com/mattermost/mattermost-plugin-jira

Mattermost with Jira plugin enabled has Incorrect Implementation of Authentication Algorithm in github.com/mattermost/mattermost-plugin-jira. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is...