3428 matches found
Critical Zcash Vulnerability Found and Fixed
If you're a user--owner?--of this cryptocurrency, this is important: On May 29, the security researcher Taylor Hornby found a critical vulnerability in Zcash Orchard privacy pool using Claude Opus 4.8. The Zcash team hired Hornby specifically to look for this kind of issue. He found one fast enou...
JLSEC-2026-601
Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to cause the server to undersize an allocation and write out-of-bounds. This may execute arbitrary code as the operating system user running the database. In applications that pass gigabyte-scale user...
Google Chrome 输入验证错误漏洞
Google Chrome is a web browser developed by Google Inc. of the United States. Google Chrome has a vulnerability related to input validation, which stems from insufficient validation of untrusted inputs by the New Tab Page...
Google Chrome 输入验证错误漏洞
Google Chrome is a web browser developed by Google Inc. of the United States. Google Chrome has a vulnerability related to input validation, which stems from insufficient validation of untrusted inputs...
Google Chrome 输入验证错误漏洞
Google Chrome is a web browser developed by Google Inc. of the United States. Google Chrome has a vulnerability related to input validation, which stems from insufficient validation of unreliable inputs by the UI...
Google Chrome 输入验证错误漏洞
Google Chrome is a web browser developed by the American company Google. Google Chrome has a vulnerability related to input validation, which stems from Skia’s insufficient validation of untrusted inputs...
Google Chrome 输入验证错误漏洞
Google Chrome is a web browser developed by Google Inc. in the United States. Google Chrome has a vulnerability related to input validation, which stems from insufficient validation of unreliable inputs in the Views component...
Google Chrome 输入验证错误漏洞
Google Chrome is a web browser developed by the American company Google. Google Chrome has a vulnerability related to input validation, which stems from Dawn’s insufficient validation of unreliable inputs...
Google Chrome 输入验证错误漏洞
Google Chrome is a web browser developed by Google Inc. of the United States. Google Chrome has a vulnerability related to input validation, which stems from insufficient validation of untrusted inputs...
Google Chrome 输入验证错误漏洞
Google Chrome is a web browser developed by Google Inc. in the United States. Google Chrome has a vulnerability related to input validation, which stems from Passwords’ insufficient validation for untrusted inputs...
Google Chrome 输入验证错误漏洞
Google Chrome is a web browser developed by Google Inc. of the United States. Google Chrome has a vulnerability related to input validation, which stems from insufficient validation of untrusted inputs...
Google Chrome 输入验证错误漏洞
Google Chrome is a web browser developed by Google Inc. of the United States. Google Chrome has a vulnerability related to input validation, which stems from insufficient validation of untrusted inputs...
Google Chrome 输入验证错误漏洞
Google Chrome is a web browser developed by Google Inc. of the United States. Google Chrome has a vulnerability related to input validation, which stems from insufficient validation of untrusted inputs...
Google Chrome 输入验证错误漏洞
Google Chrome is a web browser developed by the American company Google. Google Chrome has a vulnerability related to input validation, which stems from Dawn’s insufficient validation of unreliable inputs...
CVE-2026-49492
Markdown Preview Enhanced before 0.8.28 opens external files and links from the preview through a shell and does not validate untrusted inputs taken from the markdown document - the diagram filename attribute, imported file paths, and the latexengine code-chunk attribute. On Windows, a crafted...
Hiding in Plain Floats: Steganographic Carriers for Indirect Prompt and Content Injection
Text-centered prompt-injection defenses assume that the malicious signal is visible in one of the inspected text views. We study a reproducible LLM01-style indirect prompt/content-injection failure mode where that assumption breaks: a payload caught in plain English slips past the same detector...
CVE-2026-45409
Internationalized Domain Names in Applications IDNA for Python provides support for Internationalized Domain Names in Applications IDNA and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as "\u0660" N or "\u30fb" N + "\u6f22" utilize the validcontexto function pri...
CVE-2026-45409 Internationalized Domain Names in Applications (IDNA): Specially crafted inputs to idna.encode() can bypass CVE-2024-3651 fix
Internationalized Domain Names in Applications IDNA for Python provides support for Internationalized Domain Names in Applications IDNA and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as "\u0660" N or "\u30fb" N + "\u6f22" utilize the validcontexto function pri...
CVE-2026-42499
Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322...
CVE-2026-41178
OpenTelemetry-Go is the Go implementation of OpenTelemetry. Versions 1.41.0 and 1.43.0 removed raw-length rejection and it causes Parse to process arbitrarily large/invalid baggage headers and log errors, enabling DoS via oversized inputs. Versions 1.42.0 and 1.44.0 fix the issue...