PYSEC-0000-CVE-2026-48524

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient.getsigningkey forces a fresh HTTP request to the JWKS endpoint for every JWT with an unknown kid value, with no rate limiting. Since kid comes from the unverified token header, an attacker can trigger unlimited...

CVE-2026-46166

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: use safe list iteration in radar detect work The call to ieee80211dfscaccancel can cause the iterated chanctx to be freed and removed from the list. Guard against this to avoid a slab-use-after-free error...

CVE-2026-49000

An insecure password scheme refers to vulnerabilities arising from improper selection of encryption algorithms, inadequate key management, or flawed code implementation, which may lead to data leakage or tampering, such as hard-coded keys or the use of weak encryption algorithms...

[SECURITY] Fedora 44 Update: uv-0.11.15-1.fc44

An extremely fast Python package and project manager, written in Rust. Highlights: =E2=80=A2 A single tool to replace pip, pip-tools, pipx, poetry, pyenv, twi ne, virtualenv, and more. =E2=80=A2 10-100x faster than pip. =E2=80=A2 Provides comprehensive project management, with a universal lockf...

[SECURITY] Fedora 43 Update: rust-astral-tokio-tar-0.6.2-1.fc43

A Rust implementation of an async TAR file reader and writer. This library does not currently handle compression, but it is abstract over all I/O readers and writers. Additionally, great lengths are taken to ensure that the entire contents are never required to be entirely resident in memory all ...

EUVD-2026-32581

go-ipld-prime is an implementation of the InterPlanetary Linked Data IPLD spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on IPLD objects. Prior to 0.23.0, the DAG-CBOR and DAG-JSON decoders recurse on each nested map or list...

CVE-2026-45855

CVE-2026-45855 — Linux kernel (ata: libata-scsi) forward progress fix for Non-NCQ starvation Impact: The issue occurred when a host adapter with multiple submission queues faced constant NCQ traffic, potentially starving non-NCQ commands due to requeueing behavior in ata_scsi_qc_issue(). Root cau...

CVE-2026-49000

An insecure password scheme refers to vulnerabilities arising from improper selection of encryption algorithms, inadequate key management, or flawed code implementation, which may lead to data leakage or tampering, such as hard-coded keys or the use of weak encryption algorithms...

free5GC 安全特征问题漏洞

free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 4.2.2 contained security feature vulnerabilities. These vulnerabilities stemmed from AMF not implementing the concurrent security procedures defined in 3GPP TS 33.501, which could lead to...

PT-2026-44697

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description An inappropriate implementation in the Media component allows a remote attacker to bypass the same origin policy, which is a security mechanism that restricts how a document or script...

PT-2026-44622

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description An inappropriate implementation in ANGLE Almost Native Graphics Layer Engine, an abstraction layer that allows OpenGL ES calls to be translated to other graphics APIs allows a remote...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. In versions of Google Chrome on iOS prior to 148.0.7778.216, there was a security vulnerability. This vulnerability stemmed from improper implementation in iOS, which could allow remote attackers to leak cross-source data through specially...

CVE-2026-45865

mctp i2c: initialise event handler read bytes...

CVE-2026-4372 Arbitrary Remote Code Execution via `_attn_implementation_internal` Config Injection in huggingface/transformers

A critical remote code execution vulnerability exists in all versions of the HuggingFace transformers library prior to version 5.3.0. The vulnerability allows an attacker to craft a malicious config.json file containing the attnimplementationinternal field set to an attacker-controlled HuggingFac...

CVE-2026-4372 Arbitrary Remote Code Execution via `_attn_implementation_internal` Config Injection in huggingface/transformers

A critical remote code execution vulnerability exists in all versions of the HuggingFace transformers library prior to version 5.3.0. The vulnerability allows an attacker to craft a malicious config.json file containing the attnimplementationinternal field set to an attacker-controlled HuggingFac...

AI-Driven Adaptive Adversaries and the Erosion of Cryptographic Trust in Public Key Systems

This paper examines the erosion of Public Key Cryptography PKC security under adaptive adversarial optimisation driven by artificial intelligence. The problem addressed is the growing mismatch between algorithm-centric cryptographic security models and operational attack realities, where...

[SECURITY] [DSA 6294-1] libgcrypt20 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6294-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 22, 2026 https://www.debian.org/security/faq -...

Chromium: CVE-2026-9110 Inappropriate implementation in UI

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a denial of service in cbor2 [CVE-2026-26209]

Summary IBM Watson Speech Services Cartridge is vulnerable to adenial of service in cbor2, caused by uncontrolled recursion when decoding deeply nested CBOR structures CVE-2026-26209. Cbor2 is used in our speech runtimes. This vulnerabilitiy has been addressed. Please read the details for...

Astra Linux - уязвимость в chromium

Inappropriate implementation in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page...