CVE-2025-12888 Constant Time Issue with Xtensa-based ESP32 and X22519

Vulnerability in X25519 constant-time cryptographic implementations due to timing side channels introduced by compiler optimizations and CPU architecture limitations, specifically with the Xtensa-based ESP32 chips. If targeting Xtensa it is recommended to use the low memory implementations of...

CVE-2025-12888

Vulnerability in X25519 constant-time cryptographic implementations due to timing side channels introduced by compiler optimizations and CPU architecture limitations, specifically with the Xtensa-based ESP32 chips. If targeting Xtensa it is recommended to use the low memory implementations of...

CVE-2025-12888

Vulnerability in X25519 constant-time cryptographic implementations due to timing side channels introduced by compiler optimizations and CPU architecture limitations, specifically with the Xtensa-based ESP32 chips. If targeting Xtensa it is recommended to use the low memory implementations of...

PT-2025-47821

Name of the Vulnerable Software and Affected Versions X25519 affected versions not specified Description A flaw exists in X25519 constant-time cryptographic implementations due to timing side channels. These side channels are introduced by compiler optimizations and CPU architecture limitations,...

Google Chrome Improperly Implemented Vulnerability

Google Chrome is a free web browser developed by Google Inc. Google Chrome suffers from a mal-implementation vulnerability that stems from a V8 mal-implementation, which can be exploited by an attacker to leverage heap corruption via specially crafted HTML pages...

Google Chrome DevTools Improperly Implemented Vulnerability

Google Chrome is a free web browser developed by Google Inc. Google Chrome suffers from a DevTools mal-implementation vulnerability that can be exploited by an attacker to cause a sandbox escape...

EUVD-2025-197774

A flaw has been found in Dromara dataCompare up to 1.0.1. The affected element is the function DbConfig of the file src/main/java/com/vince/xq/project/system/dbconfig/service/DbconfigServiceImpl.java of the component JDBC URL Handler. Executing manipulation can lead to injection. The attack can b...

[SECURITY] Fedora 42 Update: ruff-0.14.3-1.fc42

An extremely fast Python linter and code formatter, written in Rust. Ruff aims to be orders of magnitude faster than alternative tools while integrating more functionality behind a single, common interface. Ruff can be used to replace Flake8 plus dozens of plugins, Black, isort, pydocstyle,...

HSEC-2023-0001 Hash flooding vulnerability in aeson

Hash flooding vulnerability in aeson aeson was vulnerable to hash flooding a.k.a. hash DoS. The issue is a consequence of the HashMap implementation from unordered-containers. It results in a denial of service through CPU consumption. This technique has been used in real-world attacks against a...

CVE-2024-11920

Inappropriate implementation in Dawn in Google Chrome on Mac prior to 130.0.6723.92 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Chromium security severity: High...

CVE-2024-11919

Inappropriate implementation in Intents in Google Chrome on Android prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

CVE-2024-11919

Inappropriate implementation in Intents in Google Chrome on Android prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

CVE-2024-11919

CVE-2024-11919 concerns Google Chrome for Android, where an inappropriate implementation in Intents could let a remote attacker perform UI spoofing via a crafted HTML page. The issue affects Chrome on Android prior to version 129.0.6668.58 . The connected Red Hat/Ubuntu/Debian and other CVE feeds...

CVE-2024-13983

CVE-2024-13983 concerns Google Chrome’s Lens feature on iOS before 136.0.7103.59, where an imperfect validation of QR codes allows a remote attacker to perform a UI masquerade via a crafted QR. The underlying issue is in Lens’ handling of QR input, enabling an interface spoofing attack. Affected ...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, Inc USA. A security vulnerability exists in Google Chrome prior to version 129.0.6668.58, which stems from an improper implementation of Intents and could lead to UI spoofing...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, Inc USA. A security vulnerability exists in Google Chrome prior to version 130.0.6723.92, which stems from an improper implementation of Dawn and could lead to out-of-bounds memory access...

Chromium: CVE-2025-13042 Inappropriate implementation in V8

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

KLA90263 DoS vulnerability in Microsoft Browser

Inappropriate implementation vulnerability was found in Microsoft Browser. Malicious users can exploit this vulnerability to cause denial of service. Original advisories CVE-2025-13042 Related products Microsoft-Edge CVE list CVE-2025-13042 critical Solution Install necessary updates from the...

openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap

A flaw was found in the OpenSSL CMS implementation RFC 3211 KEK Unwrap. This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption PWRI...

CVE-2025-64517

sudo-rs is a memory safe implementation of sudo and su written in Rust. With Defaults targetpw or Defaults rootpw enabled, the password of the target account or root account instead of the invoking user is used for authentication. sudo-rs starting in version 0.2.5 and prior to version 0.2.10...