[SECURITY] Fedora 42 Update: perl-Cpanel-JSON-XS-4.40-1.fc42

This module converts Perl data structures to JSON and vice versa. Its primary goal is to be correct and its secondary goal is to be fast. To reach the latter goal it was written in C...

[SECURITY] Fedora 43 Update: perl-JSON-XS-4.04-1.fc43

This module converts Perl data structures to JSON and vice versa. Its primary goal is to be correct and its secondary goal is to be fast. To reach the latter goal it was written in C...

Timing Attack Vulnerability in SCRAM Authentication

Impact A timing attack vulnerability exists in the SCRAM Java implementation. The issue arises because Arrays.equals was used to compare secret values such as client proofs and server signatures. Since Arrays.equals performs a short-circuit comparison, the execution time varies depending on how...

Unchecked Input for Loop Condition

Overview com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Unchecked Input for Loop Condition via the XML-RPC due to unchecked input in the loop condition. An attacker can exhaust system resources by sending specially...

Exploit for CVE-2024-28397

CVE-2024-28397 js2py Sandbox Escape Exploit A collection of e...

Denial of Service (DoS)

Overview com.liferay:com.liferay.portal.vulcan.impl is a Liferay Portal Vulcan Implementation Affected versions of this package are vulnerable to Denial of Service DoS in the GraphQL process. An attacker can exhaust system resources by executing queries that return a large number of objects...

CVE-2025-59058 httpsig-rs's HMAC verification is vulnerable to timing attack

httpsig-rs is a Rust implementation of IETF RFC 9421 http message signatures. Prior to version 0.0.19, the HMAC signature comparison is not timing-safe. This makes anyone who uses HS256 signature verification vulnerable to a timing attack that allows the attacker to forge a signature. Version...

[SECURITY] Fedora 41 Update: rust-busd-0.3.1-4.fc41

A D-Bus bus broker implementation...

CVE-2025-10201

Inappropriate implementation in Mojo in Google Chrome on Android, Linux, ChromeOS prior to 140.0.7339.127 allowed a remote attacker to bypass site isolation via a crafted HTML page. Chromium security severity: High...

CVE-2025-10201

Inappropriate implementation in Mojo in Google Chrome on Android, Linux, ChromeOS prior to 140.0.7339.127 allowed a remote attacker to bypass site isolation via a crafted HTML page. Chromium security severity: High...

Timing Attack

Overview com.liferay:com.liferay.portal.vulcan.impl is a Liferay Portal Vulcan Implementation Affected versions of this package are vulnerable to Timing Attack via the WorkflowException error messages. An attacker can infer the existence of ERC by measuring differences in response times...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 2 security fixes: 440454442 Critical CVE-2025-10200: Use after free in Serviceworker. Reported by Looben Yang on 2025-08-22 439305148 High CVE-2025-10201: Inappropriate implementation in Mojo. Reported by Sahan Fernando & Anon on 2025-08-18...

Google Android Protocol Implementation Incorrect Vulnerability

Google Android is a free and open source mobile operating system based on the Linux kernel, developed by Google Inc. and the Open Handset Alliance, and is mainly used for smartphones, tablets and other devices. Google Android suffers from an incorrect protocol implementation vulnerability that ca...

CVE-2025-55238

Dynamics 365 FastTrack Implementation Assets Information Disclosure Vulnerability...

CVE-2025-26452

In loadDrawableForCookie of ResourcesImpl.java, there is a possible way to access task snapshots of other apps due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

Chromium: CVE-2025-9867 Inappropriate implementation in Downloads

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2025-9866 Inappropriate implementation in Extensions

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Behind the Mask: Benchmarking Camouflaged Jailbreaks in Large Language Models

Large Language Models LLMs are increasingly vulnerable to a sophisticated form of adversarial prompting known as camouflaged jailbreaking. This method embeds malicious intent within seemingly benign language to evade existing safety mechanisms. Unlike overt attacks, these subtle prompts exploit...

CVE-2025-58359 frost-core: refresh shares with smaller min_signers will reduce group security

ZF FROST is a Rust implementation of FROST Flexible Round-Optimised Schnorr Threshold signatures. In versions 2.0.0 through 2.1.0, refresh shares with smaller minsigners will reduce security of group. The inability to change minsigners i.e. the threshold with the refresh share functionality...

CVE-2025-55238 Dynamics 365 FastTrack Implementation Assets Information Disclosure Vulnerability

...