CVE-2026-3541

Inappropriate implementation in CSS in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: High...

CVE-2026-3543

Inappropriate implementation in V8 in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Chromium security severity: High...

CVE-2026-3543

Inappropriate implementation in V8 in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Chromium security severity: High...

CVE-2026-3543

Inappropriate implementation in V8 in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Chromium security severity: High...

CVE-2026-3541

Inappropriate implementation in CSS in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: High...

CVE-2026-3542

Inappropriate implementation in WebAssembly in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Chromium security severity: High...

CVE-2025-70821

renren-secuity before v5.5.0 is vulnerable to SQL Injection in the BaseServiceImpl.java component...

Seeing AI Clearly: Building Visibility Across Modern AI Applications

AI applications span models, agents, and cloud environments in ways traditional security tools weren’t designed to understand. Here’s why visibility breaks — and how a new, implementation-agnostic approach helps teams safely adopt AI...

CVE-2026-28402

nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.2.2, a malicious or compromised validator that is elected as proposer can publish a macro block proposal where header.bodyroot does not match the...

Comparison of Credential Management Systems Based on the Standards of IEEE, ETSI, and YD/T 3957-2021

As V2X Vehicle-to-Everything technology becomes increasingly prevalent, the security of V2X networks has garnered growing attention worldwide. In North America, the IEEE 1609 series standards are primarily used, while Europe adopts the ETSI series standards, and China has also established its...

GHSA-J8CJ-HW74-64JV Hive has Double-free and Use After Free Vulnerabilities

Drop implementation for Hive did perform free, but so did Hive::close, which, at the end of the scope performed Drop, therefore triggering double-free. Additionally, function Hive::fromhandle was not marked as unsafe, making it, in combination with ashandle easy to clone and trigger double-free i...

EUVD-2026-9000

telnetd in GNU inetutils through 2.7 allows privilege escalation that can be exploited by abusing systemd service credentials support added to the login1 implementation of util-linux in release 2.40. This is related to client control over the CREDENTIALSDIRECTORY environment variable, and require...

CVE-2026-28372

telnetd in GNU inetutils through 2.7 allows privilege escalation that can be exploited by abusing systemd service credentials support added to the login1 implementation of util-linux in release 2.40. This is related to client control over the CREDENTIALSDIRECTORY environment variable, and require...

CVE-2026-28372

telnetd in GNU inetutils through 2.7 allows privilege escalation that can be exploited by abusing systemd service credentials support added to the login1 implementation of util-linux in release 2.40. This is related to client control over the CREDENTIALSDIRECTORY environment variable, and require...

A Deep Dive into the GetProcessHandleFromHwnd API

Posted by James Forshaw In my previous blog post I mentioned the GetProcessHandleFromHwnd API. This was an API I didn’t know existed until I found a publicly disclosed UAC bypass using the Quick Assist UI Access application. This API looked interesting so I thought I should take a closer look. I...

CVE-2026-27950

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, the fix for the heap-use-after-free described in CVE-2026-24680 is incomplete. While the vulnerable execution flow referenced in the advisory exists in the SDL2 implementation, the fix appears to have been...

ENS DNSSEC Oracle Vulnerable to RSA Signature Forgery via Missing PKCS#1 v1.5 Padding Validation

Impact The RSASHA256Algorithm and RSASHA1Algorithm contracts fail to validate PKCS1 v1.5 padding structure when verifying RSA signatures. The contracts only check if the last 32 or 20 bytes of the decrypted signature match the expected hash. This enables Bleichenbacher's 2006 signature forgery...

ChaCha20‑Poly1305 AEAD Production Decryptor

This C implementation provides a secure ChaCha20‑Poly1305 decryption function fully compliant with RFC 8439...

PT-2026-21935

Name of the Vulnerable Software and Affected Versions Ethereum Name Service ENS versions 1.6.2 and prior Description The RSASHA256Algorithm and RSASHA1Algorithm contracts do not properly validate PKCS1 v1.5 padding when verifying RSA signatures. The contracts only verify the final 32 or 20 bytes ...

CIRCL 安全漏洞

CIRCL is an open-source collection of cryptographic primitives written in Go by Cloudflare. CIRCL has a security vulnerability, which stems from the CombinedMult function generating incorrect values for specific inputs, potentially leading to computational errors...