PT-2025-15909 · Crates.Io · Tokio

The broadcast channel internally calls clone on the stored value when receiving it, and only requires T:Send. This means that using the broadcast channel with values that are Send but not Sync can trigger unsoundness if the clone implementation makes use of the value being !Sync. Thank you to...

CVE-2025-31130

gitoxide is an implementation of git written in Rust. Before 0.42.0, gitoxide uses SHA-1 hash implementations without any collision detection, leaving it vulnerable to hash collision attacks. gitoxide uses the sha1smol or sha1 crate, both of which implement standard SHA-1 without any mitigations...

[SECURITY] Fedora 40 Update: matrix-synapse-1.111.1-4.fc40

Matrix is an ambitious new ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix from the core development team at matrix.org, written in Python/Twisted. It is intended to showcase the concept of Matrix and let folks see the spec in...

CVE-2025-31130 gitoxide does not detect SHA-1 collision attacks

gitoxide is an implementation of git written in Rust. Before 0.42.0, gitoxide uses SHA-1 hash implementations without any collision detection, leaving it vulnerable to hash collision attacks. gitoxide uses the sha1smol or sha1 crate, both of which implement standard SHA-1 without any mitigations...

Chromium: CVE-2025-3072 Inappropriate implementation in Custom Tabs

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2025-3068 Inappropriate implementation in Intents

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

BIT-JOOMLA-2021-23128 [20210302] - Core - Potential Insecure FOFEncryptRandval

An issue was discovered in Joomla! 3.2.0 through 3.9.24. The core shipped but unused randval implementation within FOF FOFEncryptRandval used an potential insecure implemetation. That has now been replaced with a call to 'randombytes' and its backport that is shipped within randomcompat...

CVE-2025-29991

Yubico YubiKey 5.4.1 through 5.7.3 before 5.7.4 has an incorrect FIDO CTAP PIN/UV Auth Protocol Two implementation. It uses the signature length from CTAP PIN/UV Auth Protocol One, even when CTAP PIN/UV Auth Protocol Two was chosen, resulting in a partial signature verification...

GO-2025-3588 Go-Guerrilla SMTP Daemon allows the PROXY command to be sent multiple times in github.com/phires/go-guerrilla

Go-Guerrilla SMTP Daemon allows the PROXY command to be sent multiple times in github.com/phires/go-guerrilla...

CVE-2025-21902 acpi: typec: ucsi: Introduce a ->poll_cci method

In the Linux kernel, the following vulnerability has been resolved: acpi: typec: ucsi: Introduce a -pollcci method For the ACPI backend of UCSI the UCSI "registers" are just a memory copy of the register values in an opregion. The ACPI implementation in the BIOS ensures that the opregion contents...

KLA82270 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, bypass security restrictions. Below is a complete list of vulnerabilities: 1. Inappropriate implementation vulnerability in Custom Tabs can b...

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 135 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 135.0.7049.52 Linux 135.0.7049.41/42 Windows and Mac contains a number of fixes and improvements -- a list of changes is...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability that originates from an improper implementation in Downloads. An attacker can exploit the vulnerability to bypass security restrictions...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability that originates from an improper implementation in Custom Tabs. An attacker can exploit the vulnerability to bypass security restrictions...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, Inc USA. A security vulnerability exists in Google Chrome that stems from an improper implementation in Custom Tabs...

Google Chrome 安全漏洞

Google Chrome is a WEB browser developed by Google Inc. Google Chrome suffers from an incorrect implementation vulnerability, no details of the vulnerability are provided at this time...

GHSA-67R5-RQWV-9P9Q array-init-cursor is unsound when used with types that implement `Drop`

The Drop implementation will get run twice when using the cursor. This issue does not affect you, if you are using only using the crate with types that are Copy such as u8. This issue also does not affect you, if you are only depending on it through the crate planus...

array-init-cursor is unsound when used with types that implement `Drop`

The Drop implementation will get run twice when using the cursor. This issue does not affect you, if you are using only using the crate with types that are Copy such as u8. This issue also does not affect you, if you are only depending on it through the crate planus...

X2CRM 8.5 Cross Site Scripting

X2CRM version 8.5 suffers from a persistent cross site scripting vulnerability. Exploit Title: X2CRM v8.5 – Stored Cross-Site Scripting XSS Authenticated Date: 12 September 2024 Exploit Author: Okan Kurtulus Vendor Homepage: https://x2engine.com/ Software Link: https://github.com/X2Engine/X2CRM...

[SECURITY] Fedora 40 Update: libxml2-2.12.10-1.fc40

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...