CVE-2026-43156

In the Linux kernel, the following vulnerability has been resolved: net: usb: pegasus: enable basic endpoint checking pegasusprobe fills URBs with hardcoded endpoint pipes without verifying the endpoint descriptors: - usbrcvbulkpipedev, 1 for RX data - usbsndbulkpipedev, 2 for TX data -...

(Dis)Proving Spectre Security with Speculation-Passing Style

Constant-time CT verification tools are commonly used for detecting potential side-channel vulnerabilities in cryptographic libraries. Recently, a new class of tools, called speculative constant-time SCT tools, has also been used for detecting potential Spectre vulnerabilities. In many cases, the...

Cryptographic Data Exchange for Nuclear Warheads

Nuclear arms control treaties have historically focused on strategic nuclear delivery systems, leaving nuclear warheads outside formal verification frameworks. This paper presents a cryptographic protocol for secure and verifiable warhead tracking, addressing challenges in nuclear warhead...

PT-2024-33265 · Unknown · Agent Dart

Name of the Vulnerable Software and Affected Versions: Agent Dart versions prior to 1.0.0-dev.29 Description: The issue is related to improper certificate verification in the lib/agent/certificate.dart file. Specifically, during delegation verification in the checkDelegation function, the caniste...

D-Link DAP-2622 Stack Buffer Overflow Remote Code Execution Vulnerability (CNVD-2025-29679)

D-Link DAP-2622 is a wireless access point AP from AUO D-Link that supports POE power supply and is mainly used for wireless network coverage in enterprise or commercial scenarios. The D-Link DAP-2622 suffers from a stack buffer overflow remote code execution vulnerability, which stems from a...

D-Link DAP-2622 安全漏洞

D-Link DAP-2622 is a wireless access point AP from AUO D-Link that supports POE power supply and is mainly used for wireless network coverage in enterprise or commercial scenarios. The D-Link DAP-2622 suffers from a stack buffer overflow remote code execution vulnerability, which stems from a...

Medium: cri-tools

Issue Overview: 2023-10-11: The severity level was changed from Important to Medium. Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to = 8192...

jungleway.cz Cross Site Scripting vulnerability OBB-3451450

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

GHSA-W7JR-WQW6-54XC Non-constant time comparison of inbound TCP agent connection secret

Jenkins 2.218 and earlier, LTS 2.204.1 and earlier does not use a constant-time comparison validating the connection secret when an inbound TCP agent connection is initiated. This could potentially allow attackers to use statistical methods to obtain the connection secret. Jenkins 2.219, LTS...

FLASH 0DAY Shellcode position with the Builder-vulnerability warning-the black bar safety net

Author: open Source: open’s Blog The first say. Even? have a look at the other version. I only I caught after the proposed version, for example. The other version I know nothing about. See comment a dear friend made a question of time. Yes. This version has real time verification problem. However...