CVE-2026-48134

When the DLP is active, the UserCheck Web Portal contains an input-handling issue in the UserChoice flow. Under specific conditions, an attacker who can access the UserCheck Ask page could attempt to manipulate the Security Gateway's stored DLP/UserCheck incident information. This could lead to...

Unity Linux 20.1070a Security Update: gnome-shell (UTSA-2026-005908)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005908 advisory. In GNOME Shell through 45.7, a portal helper can be launched automatically without user confirmation based on network responses provided by an adversary e.g., an...

urllib3: urllib3 Streaming API improperly handles highly compressed data

A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...

EUVD-2025-205808

An issue was discovered in Zeroheight SaaS prior to 2025-06-13. A legacy user creation API pathway allowed accounts to be created without completing the intended email verification step. While unverified accounts could not access product functionality, the behavior bypassed intended verification...

CVE-2025-65925

CVE-2025-65925 affects Zeroheight SaaS prior to 2025-06-13, where a legacy user-creation API path allowed accounts to be created without completing email verification. Unverified accounts could not access product functionality, but the bypassed verification controls enabled unintended account cre...

Siemens SIMATIC Devices and SCALANCE Improper Certificate Validation (CVE-2024-41996)

Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers from the client side to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource...

EUVD-2017-10299

Malware in sbrugna...

EUVD-2024-47534

Malicious code in bioql PyPI...

golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing

A flaw was found in the golang-jwt implementation of JSON Web Tokens JWT. In affected versions, a malicious request with specially crafted Authorization header data may trigger an excessive consumption of resources on the host system. This issue can cause significant performance degradation or an...

CVE-2024-2965 Denial-of-Service in LangChain SitemapLoader in langchain-ai/langchain

A Denial-of-Service DoS vulnerability exists in the SitemapLoader class of the langchain-ai/langchain repository, affecting all versions. The parsesitemap method, responsible for parsing sitemaps and extracting URLs, lacks a mechanism to prevent infinite recursion when a sitemap URL refers to the...

SUSE CVE-2024-36472

In GNOME Shell through 45.7, a portal helper can be launched automatically without user confirmation based on network responses provided by an adversary e.g., an adversary who controls the local Wi-Fi network, and subsequently loads untrusted JavaScript code, which may lead to resource consumptio...

dotnet: malicious content causes high CPU and memory usage

A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of a malicious client that can send MyCookie=chunks-2147483647 without the actual cookie chunks, causing large allocations, exceptions, and excess CPU utilization on the server when it tries to read or delete that man...

HTTP/2: large amount of data requests leads to denial of service

A flaw was found in HTTP/2. An attacker can request a large amount of data by manipulating window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this queue can consume excess CPU, memory, or both, leading to a...

What's New in Performance

One of the things I like most about living in New England is the changing of seasons. I find myself looking forward, thinking about what's exciting about the next one. Each season offers something unique and special, and if you're ambitious enough to try new things, a variety of new opportunities...

Measure What Matters: Your Competitive Advantage May Lie in Your Understanding (or Lack of Understanding) of What Users Are Really Experiencing

Attracting and retaining customers lies in your ability to offer an exceptional digital experience. Now that digital channels are increasingly preferred over channels of the past, the climate is increasingly competitive -- and businesses are fighting to maintain loyalty and keep users engaged...