Microsoft Edge 安全漏洞

Microsoft Edge is a web browser from Microsoft Corporation USA that comes with systems after Windows 10. A security vulnerability exists in Microsoft Edge that stems from an improper implementation of encryption...

[SECURITY] Fedora 41 Update: unbound-1.24.1-1.fc41

Unbound is a validating, recursive, and caching DNSSEC resolver. The C implementation of Unbound is developed and maintained by NLnet Labs. It is based on ideas and algorithms taken from a java prototype developed by Verisign labs, Nominet, Kirei and ep.net. Unbound is designed as a set of modula...

Linux Distros Unpatched Vulnerability : CVE-2025-12433

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform out of bounds memory access via a crafted HTML...

Linux Distros Unpatched Vulnerability : CVE-2025-12431

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extension to...

Missing Authorization

Overview com.liferay:com.liferay.portal.vulcan.impl is a Liferay Portal Vulcan Implementation Affected versions of this package are vulnerable to Missing Authorization due to improper access control to OpenAPI. An attacker can retrieve sensitive OpenAPI YAML files by sending a specially crafted...

org.sakaiproject.kernel:sakai-kernel-component (>=1.3.0 <=10.7) potentially affected by CVE-2025-62710 via org.sakaiproject.kernel:sakai-kernel-impl (>=10.3 <=1.3.3)

org.sakaiproject.kernel:sakai-kernel-impl MAVEN version =10.3, =1.3.0, =10.7 Source cves: CVE-2025-62710 Source advisory: SNYK:JAVA-ORGSAKAIPROJECTKERNEL-13669871...

CVE-2025-62710 Sakai kernel-impl: predictable PRNG used to generate server‑side encryption key in EncryptionUtilityServiceImpl

Sakai is a Collaboration and Learning Environment. Prior to versions 23.5 and 25.0, EncryptionUtilityServiceImpl initialized an AES256TextEncryptor password serverSecretKey using RandomStringUtils with the default java.util.Random. java.util.Random is a non‑cryptographic PRNG and can be predicted...

org.sakaiproject.kernel:sakai-kernel-component (>=1.3.0 <=10.7) potentially affected by CVE-2025-62710 via org.sakaiproject.kernel:sakai-kernel-impl (>=10.3 <=1.3.3)

org.sakaiproject.kernel:sakai-kernel-impl MAVEN version =10.3, =1.3.0, =10.7 Source cves: CVE-2025-62710 Source advisory: OSV:GHSA-GR7H-XW4F-WH86...

EUVD-2022-55052

In the Linux kernel, the following vulnerability has been resolved: spi: fsi: Implement a timeout for polling status The data transfer routines must poll the status register to determine when more data can be shifted in or out. If the hardware gets into a bad state, these polling loops may never...

com.liferay.content-targeting:com.liferay.content.targeting.analytics.api (>=2.0.1 <=3.0.0), com.liferay.content-targeting:com.liferay.content.targeting.anonymous.users.api (>=2.0.1 <=2.0.2) +316 more potentially affected by CVE-2025-62249 via com.liferay.portal:com.liferay.portal.impl (>=114.1.0 <=62.0.1)

com.liferay.portal:com.liferay.portal.impl MAVEN version =114.1.0, =2.0.1, =2.0.1, =3.1.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =2.0.20, =1.0.0, =1.0.0, =2.0.13 and more Source cves: CVE-2025-62249 Source a...

Use of a Cryptographic Primitive with a Risky Implementation

Overview Affected versions of this package are vulnerable to Use of a Cryptographic Primitive with a Risky Implementation in the handling of precompiles in the BalanceHandler that can cause prevEventsLen to be overwritten. An attacker can compromise the integrity or confidentiality of the system ...

6 Essential AI Cybersecurity Tools for Your Stack

Is your security team spending more time chasing low-level alerts than hunting for genuine threats? It’s a common problem that leads to burnout and allows critical risks to slip through the cracks. The most significant advantage of AI cybersecurity tools is their ability to restore focus. By...

[SECURITY] Fedora 42 Update: mirrorlist-server-3.0.8-1.fc42

The mirrorlist-server uses the data created by MirrorManager2 https://github.com/fedora-infra/mirrormanager2 to answer client request for the "best" mirror. This implementation of the mirrorlist-server is written in Rust. The original version of the mirrorlist-server was part of the MirrorManager...

[SECURITY] Fedora 43 Update: rust-protobuf-support-3.7.2-1.fc43

Code supporting protobuf implementation. None of code in this crate is public API...

EUVD-2025-34319

Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally...

JLSEC-2025-52 xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as che...

xmltokimpl.c in Expat aka libexpat before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context...

Cert CC: CVE-2025-2884 Out-of-Bounds read vulnerability in TCG TPM2.0 reference implementation

CVE-2025-2884 is regarding a vulnerability in TCG TPM2.0 Reference implementation's CryptHmacSign helper function that is vulnerable to Out-of-Bounds read due to the lack of validation the signature scheme with the signature key's algorithm. CERT/CC created this CVE on their behalf. The documente...

OESA-2025-2396 ongres-scram security update

Scram is part of the family of Simple Authentication and Security Layer authentication mechanisms.It is described as part of RFC 5802 and RFC7677. This pachage is a Java implementation. Security Fixes: SCRAM Salted Challenge Response Authentication Mechanism is part of the family of Simple...

OESA-2025-2395 ongres-scram security update

Scram is part of the family of Simple Authentication and Security Layer authentication mechanisms.It is described as part of RFC 5802 and RFC7677. This pachage is a Java implementation. Security Fixes: SCRAM Salted Challenge Response Authentication Mechanism is part of the family of Simple...

OESA-2025-2393 ongres-scram security update

Scram is part of the family of Simple Authentication and Security Layer authentication mechanisms.It is described as part of RFC 5802 and RFC7677. This pachage is a Java implementation. Security Fixes: SCRAM Salted Challenge Response Authentication Mechanism is part of the family of Simple...