CVE-2025-14813

: Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all core modules. This vulnerability is associated with program files G3413CTRBlockCipher. This issue affects BC-JAVA: from 1.59 before 1.80.2, from 1.81 before 1.81.1, from 1.82...

CVE-2025-14813 GOSTCTR implementation unable to process more than 255 blocks correctly

: Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all core modules. This vulnerability is associated with program files G3413CTRBlockCipher. This issue affects BC-JAVA: from 1.59 before 1.80.2, from 1.81 before 1.81.1, from 1.82...

CVE-2025-14813

CVE-2025-14813 affects BC-JAVA (bcprov) releases prior to 1.84, where the GOSTCTR mode cannot process more than 255 blocks. This vulnerability impacts all core modules using GOSTCTR in bcprov, with a critical impact on confidentiality, integrity, and availability (per CVSS 4.0: AV:L, AC:L, PR:N, ...

Exploit for CVE-2026-39987

CVE-2026-39987 — Marimo Python Notebook Pre-Authenticated Remo...

Exploit for Missing Encryption of Sensitive Data in Apache Tomcat

CVE-2026-34486 Apache Tomcat EncryptInterceptor Bypass Vulnera...

curl: lib/http2.c: SSL connections accept non-HTTP push schemes (incomplete fix for 2e8c922a)

Summary: settransferurl in lib/http2.c validates the :scheme pseudo-header of PUSHPROMISE frames only when !viasslconn — a guard added by commit 2e8c922a to block non-TLS connections from accepting TLS-scheme pushes. The symmetric case was not addressed: over TLS, viasslconn is TRUE, the guard at...

Security Bulletin: IBM Cloud Pak for Data System (CPDS 2.0) - NULL Pointer Dereference in OpenSSL cryptography package

Summary IBM Cloud Pak for Data System CPDS 2.0 uses the Python cryptography package version 3.4.7, which depends on OpenSSL. CVE-2024-0727 affects OpenSSL's PKCS12 file processing functionality. A maliciously formatted PKCS12 file can cause a NULL pointer dereference, leading to application crash...

Security Bulletin: IBM Cloud Pak for Data System (CPDS 2.0) - Insufficient Verification in cryptography package

Summary IBM Cloud Pak for Data System CPDS 2.0 uses the Python cryptography package version 3.3.2, which contains a critical vulnerability CVE-2026-26007 affecting elliptic curve cryptography operations. The package fails to verify that public key points belong to the expected prime-order subgrou...

Security Bulletin: Vulnerabilities in Linux Kernel, MongoDB and Tomcat affect IBM Spectrum Protect Plus

Summary IBM Spectrum Protect Plus can be affected by vulnerabilities in MongoDB, Tomcat and Linux. Vulnerabilities include obtaining sensitive information, causing a denial of service condition, the elevation of privileges, remote execution of arbitrary code and bypassing security restrictions, a...

Security Bulletin: Multiple security vulnerabilities have been identified in IBM HTTP Server shipped with IBM DevOps Code ClearCase [CVE-2026-32776, CVE-2026-32777, CVE-2026-32778]

Summary IBM HTTP Server IHS is shipped as a component of IBM DevOps Code ClearCase. Information about a security vulnerability affecting IHS has been published in a security bulletin. CVE-2026-32776, CVE-2026-32777, CVE-2026-32778 Vulnerability Details Refer to the security bulletins listed in th...

Security Bulletin: A security vulnerability have been identified in IBM WebSphere Application Server shipped with IBM DevOps Code ClearCase [CVE-2024-29371]

Summary IBM WebSphere Application Server WAS is shipped as a component of IBM DevOps Code ClearCase. Information about security vulnerabilities affecting WAS have been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

Security Bulletin: SPSS Collaboration and Deployment Services is affected by non-blocking (async) JSON parser in jackson-core (WS-2026-0003)

Summary SPSS Collaboration and Deployment Services is affected by non-blocking async JSON parser in jackson-core WS-2026-0003. This has been addressed in the remediation section. Vulnerability Details ID:WS-2026-0003 DESCRIPTION: The non-blocking async JSON parser in jackson-core bypasses the...

CVE-2026-33806

Impact: Fastify applications using schema.body.content for per-content-type body validation can have validation bypassed entirely by prepending a space to the Content-Type header. The body is still parsed correctly but schema validation is skipped. This is a regression introduced in fastify = 5.3...

ps459

Multi-Firmware PS4 WebKit & Kernel Exploit Chain An exploit c...

CVE-2026-33806 fastify vulnerable to Body Schema Validation Bypass via Leading Space in Content-Type Header

Impact: Fastify applications using schema.body.content for per-content-type body validation can have validation bypassed entirely by prepending a space to the Content-Type header. The body is still parsed correctly but schema validation is skipped. This is a regression introduced in fastify = 5.3...

CVE-2026-33806

Summary: CVE-2026-33806 affects Fastify where, in applications using schema.body.content, a leading space in the Content-Type header can bypass per-content-type body validation while the body is parsed normally. This is a regression introduced in Fastify >= 5.3.2 as a follow-up to CVE-2025-324...

CVE-2026-33806 fastify vulnerable to Body Schema Validation Bypass via Leading Space in Content-Type Header

Impact: Fastify applications using schema.body.content for per-content-type body validation can have validation bypassed entirely by prepending a space to the Content-Type header. The body is still parsed correctly but schema validation is skipped. This is a regression introduced in fastify = 5.3...

CVE-2026-33806

Impact: Fastify applications using schema.body.content for per-content-type body validation can have validation bypassed entirely by prepending a space to the Content-Type header. The body is still parsed correctly but schema validation is skipped. This is a regression introduced in fastify = 5.3...

Bouncy Castle Java 安全漏洞

Bouncy Castle Java is an open-source encryption algorithm developed by Legion of the Bouncy Castle Inc. Versions of Bouncy Castle Java prior to 1.84 contained security vulnerabilities. These vulnerabilities stemmed from unlimited resource allocation, which could lead to exhaustion of pre-authoriz...

Bouncy Castle Java 安全漏洞

Bouncy Castle Java is an open-source encryption algorithm developed by Legion of the Bouncy Castle Inc. There were security vulnerabilities in Bouncy Castle Java versions from 2.17.3 to 1.84. These vulnerabilities stemmed from non-constant time comparisons, which could lead to the exposure of the...