CVE-2026-31812

Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. Prior to 0.11.14, a remote, unauthenticated attacker can trigger a denial of service in applications using vulnerable quinn versions by sending a crafted QUIC Initial packet containing malformed...

CVE-2026-31830 sigstore-ruby verifier returns success for DSSE bundles with mismatched in-toto subject digest

sigstore-ruby is a pure Ruby implementation of the sigstore verify command from the sigstore/cosign project. Prior to 0.2.3, Sigstore::Verifierverify does not propagate the VerificationFailure returned by verifyintoto when the artifact digest does not match the digest in the in-toto attestation...

CLEANSTART-2026-AB04032 OpenTelemetry-Go is the Go implementation of OpenTelemetry

Multiple security vulnerabilities affect the fluent-operator-fips package. OpenTelemetry-Go is the Go implementation of OpenTelemetry. See references for individual vulnerability details...

Quinn 安全漏洞

Quinn is a pure Rust implementation of the IETF QUIC transport protocol, developed by quinn-rs. Versions of Quinn prior to 0.11.14 contained a security vulnerability. This vulnerability stemmed from decoding varints during the parsing of specially crafted QUIC initial packets, which could lead to...

Google Chrome WebAudio Memory Out-of-Bounds Access Vulnerability

Google Chrome is a free web browser developed by Google Inc. Google Chrome WebAudio suffers from a memory out-of-bounds access vulnerability that stems from an improper implementation and can be exploited by remote attackers to execute arbitrary code...

Fedora 44 : cef (2026-376794abc1)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-376794abc1 advisory. Update to cef-145.0.25 + chromium 145.0.7632.75 CVE-2026-1861: Heap buffer overflow in libvpx CVE-2026-1862: Type Confusion in V8 CVE-2026-2313: Use...

CVE-2026-3541

An inappropriate implementation flaw was found in the CSS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=484811719...

Securing Cryptography in the Age of Quantum Computing and AI: Threats, Implementations, and Strategic Response

This review examines how quantum computing and artificial intelligence challenge current cryptographic systems. We analyze the literature to assess the resilience of algorithms against quantum attacks Shor's and Grover's algorithms and AI-enhanced cryptanalysis. RSA and elliptic curve cryptograph...

EUVD-2025-208311

org.eclipse.jetty:jetty-http has different parsing of invalid URIs...

CVE-2025-11143

The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs differently fr...

DEBIAN-CVE-2025-11143

The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs differently fr...

CVE-2025-11143

The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs differently fr...

CVE-2025-11143

The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs differently fr...

CVE-2025-11143

Summary of CVE-2025-11143 : The Jetty HTTP URI parser has differences in handling invalid/unusual URIs, causing potential security by‑pass or leakage of implementation details when multiple components parse URIs differently. Public sources describe practical implications as differential parsing a...

CVE-2025-11143

The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs differently fr...

CVE-2026-2836

A cache poisoning vulnerability has been found in the Pingora HTTP proxy framework’s default cache key construction. The issue occurs because the default HTTP cache key implementation generates cache keys using only the URI path, excluding critical factors such as the host header authority...

CVE-2025-11143

The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs differently fr...

PT-2026-23612

Name of the Vulnerable Software and Affected Versions stellar-xdr versions prior to 25.0.1 Description The StringM::from str function does not properly validate the length of input strings. When calling StringM::::from strs with a string s exceeding the maximum allowed length N, the function...

PT-2026-23602

Name of the Vulnerable Software and Affected Versions Gokapi versions prior to 2.2.3 Description Gokapi is a self-hosted file sharing server that supports automatic expiration and encryption. The upload status Server-Sent Events SSE implementation on the /uploadStatus API endpoint publishes globa...

locutus call_user_func_array vulnerable to Remote Code Execution (RCE) due to Code Injection

Details A Remote Code Execution RCE flaw was discovered in the locutus project v2.0.39, specifically within the calluserfuncarray function implementation. The vulnerability allows an attacker to inject arbitrary JavaScript code into the application's runtime environment. This issue stems from an...