154 matches found
CVE-2026-9078
Firefox for iOS displayed specially crafted right-to-left RTL and internationalized domain names IDNs incorrectly in link preview UI surfaces. A crafted RTL hostname could visually reorder portions of the displayed domain, causing attacker-controlled sites to appear as trusted origins. This...
CVE-2026-9078 Firefox iOS RTL Domain Rendering Issue in Link Preview
Firefox for iOS displayed specially crafted right-to-left RTL and internationalized domain names IDNs incorrectly in link preview UI surfaces. A crafted RTL hostname could visually reorder portions of the displayed domain, causing attacker-controlled sites to appear as trusted origins. This...
CVE-2026-9078
Firefox for iOS suffers a rendering issue in link-preview UI where specially crafted RTL and internationalized domain names could cause the displayed domain to visually reorder, making attacker-controlled sites appear as trusted origins. The vulnerability affects the RTL/IDN rendering surface wit...
PT-2026-43074
Name of the Vulnerable Software and Affected Versions Firefox for iOS versions prior to 151.1 Description Firefox for iOS incorrectly displayed specially crafted right-to-left RTL and internationalized domain names IDNs within link preview UI surfaces. A crafted RTL hostname could visually reorde...
CLSA-2026-1779434490 kernel: Fix of 100 CVEs
tracing: Verify event formats that have "%p.." CVE-2025-37938 - HID: pidff: Fix null pointer dereference in pidfffindfields CVE-2025-37862 - scsi: st: Fix array overflow in stsetup CVE-2025-37857 - drm/amdkfd: debugfs hanghws skip GPU with MES CVE-2025-37853 - mm/vmscan: don't try to reclaim...
Astra Linux - уязвимость в firefox
The use of RTL Arabic characters in the address bar may have allowed for URL spoofing. This vulnerability affects Firefox 115...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: irqchip/realtek-rtl: The refcount leak in mapinterrupts has been fixed. The offindnodebyphandle function returns a node pointer with a incremented refcount. We should use ofnodeput on it when there is no longer a need for it. Thi...
VeriCWEty: Embedding Enabled Line-Level CWE Detection in Verilog
Large Language Models LLMs have shown significant improvement in RTL code generation. Despite the advances, the generated code is often riddled with common vulnerabilities and weaknesses CWEs that can slip by untrained eyes. Attackers can often exploit these weaknesses to fulfill their nefarious...
Assertain: Automated Security Assertion Generation Using Large Language Models
The increasing complexity of modern system-on-chip designs amplifies hardware security risks and makes manual security property specification a major bottleneck in formal property verification. This paper presents Assertain, an automated framework that integrates RTL design analysis, Common...
HardSecBench: Benchmarking the Security Awareness of LLMs for Hardware Code Generation
Large language models LLMs are being increasingly integrated into practical hardware and firmware development pipelines for code generation. Existing studies have primarily focused on evaluating the functional correctness of LLM-generated code, yet paid limited attention to its security issues...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004045)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004045 advisory. Two memory leaks in the rtlusbprobe function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of...
CVE-2025-12052
The drivers in the tool packages use RTLQUERYREGISTRYDIRECT flag to read a registry value to which an untrusted user-mode application may be able to cause a buffer overflow...
CVE-2025-12052
CVE-2025-12052 is described across multiple sources as a local-buffer-overflow vulnerability stemming from drivers in tool packages reading registry values using RTL_QUERY_REGISTRY_DIRECT. Affected component is the driver (egwindrv.sys) or related kernel/tool drivers, with the untrusted applicati...
CVE-2025-12050
The drivers in the tool packages use RTLQUERYREGISTRYDIRECT flag to read a registry value to which an untrusted user-mode application may be able to cause a buffer overflow...
KB5073696: Windows Server 2012 R2 Security Update (January 2026)
The remote Windows host is missing security update 5073696. It is, therefore, affected by multiple vulnerabilities - An issue was discovered in Broadcom LSI PCI-SV92EX Soft Modem Kernel Driver through 2.2.100.1 aka AGRSM64.sys. There is Local Privilege Escalation to SYSTEM via a Stack Overflow in...
KB5073698: Windows Server 2012 Security Update (January 2026)
The remote Windows host is missing security update 5073698. It is, therefore, affected by multiple vulnerabilities - An issue was discovered in Broadcom LSI PCI-SV92EX Soft Modem Kernel Driver through 2.2.100.1 aka AGRSM64.sys. There is Local Privilege Escalation to SYSTEM via a Stack Overflow in...
Power Side-Channel Analysis of the CVA6 RISC-V Core at the RTL Level Using VeriSide
Security in modern RISC-V processors demands more than functional correctness: It requires resilience to side-channel attacks. This paper evaluates the vulnerability of the side channel of the CVA6 RISC-V core by analyzing software-based AES encryption uses an RTL-level power profiling framework...
SUSE CVE-2025-34450
merbanan/rtl433 versions up to and including 25.02 and prior to commit 25e47f8 contain a stack-based buffer overflow vulnerability in the function parserfraw located in src/rfraw.c. When processing crafted or excessively large raw RF input data, the application may write beyond the bounds of a...
Linux Distros Unpatched Vulnerability : CVE-2025-14744
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unicode RTLO characters could allow malicious websites to spoof filenames in the downloads UI for Firefox for iOS, potentially tricking users into saving files ...
CVE-2025-14744
Unicode RTLO characters could allow malicious websites to spoof filenames in the downloads UI for Firefox for iOS, potentially tricking users into saving files of an unexpected file type. This vulnerability was fixed in Firefox for iOS 144.0...