EulerOS 2.0 SP13 : libsodium (EulerOS-SA-2026-1248)

According to the versions of the libsodium package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to cryptocoreed25519isvalidpoint,...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005763)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005763 advisory. In the Linux kernel, the following vulnerability has been resolved: posix-clock: Fix missing timespec64 check in pcclocksettime As Andrew pointed out, it will make...

CVE-2026-3337

Observable timing discrepancy in AES-CCM decryption in AWS-LC allows an unauthenticated user to potentially determine authentication tag validity via timing analysis. The impacted implementations are through the EVP CIPHER API: EVPaes128ccm, EVPaes192ccm, and EVPaes256ccm. Customers of AWS servic...

AWS libcrypto 安全漏洞

AWS libcrypto is a general-purpose encryption library open sourced by Amazon Web Services. Versions of AWS libcrypto prior to 1.69.0 contained security vulnerabilities. These vulnerabilities stemmed from observable time differences during AES-CCM decryption, which could potentially allow...

SUSE CVE-2026-24122

Cosign provides code signing and transparency for containers and binaries. In versions 3.0.4 and below, an issuing certificate with a validity that expires before the leaf certificate will be considered valid during verification even if the provided timestamp would mean the issuing certificate...

DEBIAN-CVE-2026-24122

Cosign provides code signing and transparency for containers and binaries. In versions 3.0.4 and below, an issuing certificate with a validity that expires before the leaf certificate will be considered valid during verification even if the provided timestamp would mean the issuing certificate...

Cosign considered signatures valid with expired intermediate certificates when transparency log verification is skipped

Summary When verifying artifact signatures using a certificate, Cosign first verifies the certificate chain using the leaf certificate's "not before" timestamp and later checks expiry of the leaf certificate using either a signed timestamp provided by the Rekor transparency log or from a timestam...

I Can't Believe It's Not a Valid Exploit

Recently Large Language Models LLMs have been used in security vulnerability detection tasks including generating proof-of-concept PoC exploits. A PoC exploit is a program used to demonstrate how a vulnerability can be exploited. Several approaches suggest that supporting LLMs with additional...

CVE-2026-23035 net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Pass netdev to mlx5edestroynetdev instead of priv mlx5epriv is an unstable structure that can be memset0 if profile attaching fails. Pass netdev to mlx5edestroynetdev to guarantee it will work on a valid netdev. On...

CVE-2026-24785

Clatter is a nostd compatible, pure Rust implementation of the Noise protocol framework with post-quantum support. Versiosn prior to2.2.0 have a protocol compliance vulnerability. The library allowed post-quantum handshake patterns that violated the PSK validity rule Noise Protocol Framework...

GHSA-253Q-9Q78-63X4 Clatter has a PSK Validity Rule Violation issue

Impact Protocol compliance vulnerability. The library allowed post-quantum handshake patterns that violated the PSK validity rule Noise Protocol Framework Section 9.3. This could allow PSK-derived keys to be used for encryption without proper randomization by self-chosen ephemeral randomness,...

Clatter has a PSK Validity Rule Violation issue

Impact Protocol compliance vulnerability. The library allowed post-quantum handshake patterns that violated the PSK validity rule Noise Protocol Framework Section 9.3. This could allow PSK-derived keys to be used for encryption without proper randomization by self-chosen ephemeral randomness,...

CVE-2026-24785 Clatter has a PSK Validity Rule Violation issue

Clatter is a nostd compatible, pure Rust implementation of the Noise protocol framework with post-quantum support. Versiosn prior to2.2.0 have a protocol compliance vulnerability. The library allowed post-quantum handshake patterns that violated the PSK validity rule Noise Protocol Framework...

CVE-2026-1190

A flaw was found in Keycloak's SAML brokering functionality. When Keycloak is configured as a client in a Security Assertion Markup Language SAML setup, it fails to validate the NotOnOrAfter timestamp within the SubjectConfirmationData. This allows an attacker to delay the expiration of SAML...

Linux Distros Unpatched Vulnerability : CVE-2026-23000

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/mlx5e: Fix crash on profile change rollback failure mlx5enetdevchangeprofile can fail to attach a new profile and can fail to rollback to old profile, in su...

WordPress plugin SearchAzon has a cross-site request forgeing vulnerability.

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2026-23996

CVE-2026-23996 concerns the FastAPI Api Key library. Version 1.1.0 is reported to expose a timing side-channel in verify_key(), where a random delay is applied only on verification failures. This enables an attacker to statistically distinguish valid from invalid API keys by measuring response la...

FastAPI API Key security vulnerability

The FastAPI API Key is a secure key store developed by Athroniaeth’s individual developers. There is a security vulnerability in the FastAPI API Key version 1.1.0; this vulnerability stems from a timing side channel in the verifykey method, which may allow attackers to infer the validity of the A...

MiracleLinux 8 : container-tools:rhel8 (AXSA:2024-8686:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8686:01 advisory. golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394 golang: net/http: memory exhaustion in...

OESA-2026-1102 libsodium security update

Sodium is a modern, easy-to-use software library for encryption, decryption, signatures, password hashing and more. It is a portable, cross-compilable, installable6, packageable fork of NaCl, with a compatible API, and an extended API to improve usability even further. Security Fixes: libsodium...