Apache Log4j Core: Silent log event loss in XmlLayout due to unescaped XML 1.0 forbidden characters

Apache Log4j Core's XmlLayout, in versions up to and including 2.25.3, fails to sanitize characters forbidden by the XML 1.0 specification, producing invalid XML output whenever a log message or MDC value contains such characters. The impact depends on the StAX implementation in use: JRE built-in...

CVE-2026-5918

An inappropriate implementation flaw was found in the Navigation component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=490139441...

CVE-2026-5863

An inappropriate implementation flaw was found in the V8 component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=484527367...

[SECURITY] Fedora 43 Update: fido-device-onboard-0.5.5-8.fc43

A rust implementation of the FIDO Device Onboard Specification...

CLEANSTART-2026-SH14815 gRPC-Go is the Go language implementation of gRPC

Multiple security vulnerabilities affect the tkn-fips package. gRPC-Go is the Go language implementation of gRPC. See references for individual vulnerability details...

CLEANSTART-2026-CD13174 gRPC-Go is the Go language implementation of gRPC

Multiple security vulnerabilities affect the prometheus package. gRPC-Go is the Go language implementation of gRPC. See references for individual vulnerability details...

Python 安全漏洞

Python is an open-source, object-oriented programming language developed by the Python Foundation. This language features extensibility, support for modules and packages, and compatibility with multiple platforms. However, Python has security vulnerabilities. One of these vulnerabilities stems fr...

CLEANSTART-2026-MO53190 gRPC-Go is the Go language implementation of gRPC

Multiple security vulnerabilities affect the istio-fips package. gRPC-Go is the Go language implementation of gRPC. See references for individual vulnerability details...

CLEANSTART-2026-UZ17701 gRPC-Go is the Go language implementation of gRPC

Multiple security vulnerabilities affect the terragrunt-fips package. gRPC-Go is the Go language implementation of gRPC. See references for individual vulnerability details...

EUVD-2026-20752

Inappropriate implementation in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

CVE-2026-5894

CVE-2026-5894 is an issue in Google Chrome/Chromium related to an inappropriate implementation in PDF handling that allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. The vulnerability is rated as Chromium/Chrome security severity Low in the CVE entry, with a CVS...

PT-2026-31512

Inappropriate implementation in PDF in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...

KLA90973 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, obtain sensitive information, execute arbitrary code, spoof user interface. Below is a complete list of vulnerabilities: 1. Policy bypa...

CVE-2026-34380 OpenEXR has a signed integer overflow (undefined behavior) in undo_pxr24_impl may allow bounds-check bypass in PXR24 decompression

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, a signed integer overflow exists in undopxr24impl in src/lib/OpenEXRCore/internalpxr24.c at line 377. The...

CVE-2026-33184

nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, the discovery handler accepts a peer-controlled limit during handshake and stores it unchanged. The immediate HandshakeAck path then honors lim...

PT-2026-30659

Name of the Vulnerable Software and Affected Versions OpenEXR versions 3.2.0 through 3.2.6, 3.3.9, and 3.4.9 Description A signed integer overflow exists in the undo pxr24 impl function within the OpenEXR library. The expression uint64 tw 3 calculates w 3 as a signed 32-bit integer before...

GHSA-J3W3-P6MR-3HRH DynFuture Drop Can Construct a Dangling Reference

DynFuture is unsound because its Drop implementation transmutes a trait-object reference into unrelated reference types, which constructs an invalid reference from trait object metadata. This issue was reproduced against dyn-future 3.0.4 under Miri. The crate is unmaintained...

CVE-2026-33184

The CVE affects the nimiq/core-rs-albatross Rust implementation of the Nimiq PoS Albatross protocol. Before 1.3.0, the discovery handshake allowed a peer-controlled limit to be stored, causing the HandshakeAck path to honor limit=0 and return zero contacts. After establishment, the periodic updat...

KLA90965 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: 1. Use after free vulnerability in Dawn can be exploited to cause denial of service or execu...

EUVD-2026-17799

Inappropriate implementation in ANGLE in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...