This page collects WhisperX intelligence signals tagged #library. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical path traversal vulnerability in the widely used `basic-ftp` Node.js library has been disclosed, allowing a malicious FTP server to write files anywhere on a victim's system. The flaw, tracked as CVE-2026-27699, resides in the library's `downloadToDir()` method. By exploiting this, an attacker could achieve a...
A critical security vulnerability in the widely-used Go-JOSE library triggers a panic during JWE decryption, forcing a mandatory patch to version 4.1.4. The flaw, tracked as CVE-2026-34986 and GHSA-78h2-9frx-2jm8, is a denial-of-service risk that can crash applications when processing malformed encrypted data. This is ...
A critical vulnerability in the widely-used Go-JOSE library triggers a runtime panic when processing malformed JSON Web Encryption (JWE) objects. The flaw, tracked as CVE-2026-34986, resides in the key unwrapping logic and can crash any service that attempts to decrypt a JWE with a specific, anomalous structure. This c...
A critical security vulnerability in the widely-used `go-jose/go-jose/v4` library has been patched, addressing a flaw that could cause applications to crash when processing malformed encrypted data. The vulnerability, tracked as CVE-2026-34986, resides in the library's handling of JSON Web Encryption (JWE) objects. Spe...
A critical security update for the widely-used Go-JOSE library patches a vulnerability that can cause a denial-of-service panic during JWE decryption. The flaw, tracked as CVE-2026-34986, is triggered when decrypting a JSON Web Encryption (JWE) object that uses a key wrapping algorithm (ending in `KW`) but contains an ...
A critical security vulnerability in the widely-used Go cryptography library `github.com/go-jose/go-jose/v4` has been patched. The flaw, tracked as CVE-2026-34986, can cause a runtime panic when decrypting certain malformed JSON Web Encryption (JWE) objects. This vulnerability is triggered in a specific but reachable c...
A critical security vulnerability in the widely-used Go-JOSE library forces an immediate patch to version 4.1.4. The flaw, tracked as CVE-2026-34986, causes a runtime panic when the library attempts to decrypt a JSON Web Encryption (JWE) object that uses a key wrapping algorithm (identified by an `alg` field ending in ...
A critical security vulnerability in the widely-used `go-jose/go-jose/v4` library has been patched, addressing a flaw that could cause applications to crash when processing malformed encrypted data. The vulnerability, tracked as CVE-2026-34986, is triggered during the decryption of a JSON Web Encryption (JWE) object. S...
A critical security vulnerability in the widely-used Go cryptography library `go-jose/go-jose/v3` has been patched, addressing a flaw that could cause applications to crash when processing malformed encrypted data. The vulnerability, tracked as CVE-2026-34986, is triggered during the decryption of a JSON Web Encryption...
A critical security flaw in the widely-used `github.com/go-jose/go-jose/v4` library has been patched, addressing a vulnerability that could cause applications to crash when processing malformed encrypted data. The issue, tracked as CVE-2026-34986, triggers a panic during the decryption of specific JSON Web Encryption (...
A critical security vulnerability in the widely-used `github.com/go-jose/go-jose/v4` library can cause a panic and crash in applications processing certain encrypted data. The flaw, tracked as CVE-2026-34986, is triggered when decrypting a JSON Web Encryption (JWE) object that uses a specific type of key wrapping algor...
A critical security vulnerability in the widely-used `go-jose/go-jose/v4` library could cause applications to crash when processing malformed encrypted data. The flaw, tracked as CVE-2026-34986, triggers a panic during the decryption of a JSON Web Encryption (JWE) object under specific, exploitable conditions. This is ...
A critical security flaw in the widely-used Go-JOSE library forces a mandatory patch to version 4.1.4. The vulnerability, tracked as CVE-2026-34986, causes the library to panic and crash when attempting to decrypt a specially crafted JSON Web Encryption (JWE) object. This is not a theoretical weakness; it is a denial-o...
A critical vulnerability in the widely-used MailKit library allows attackers to inject malicious commands and force weaker authentication, compromising the security of countless email clients and applications. The flaw, tracked as GHSA-9j88-vvj5-vhgr, is a STARTTLS Response Injection vulnerability that enables a Man-in...