Pinned Loading

1. Linux Kernel io_uring: OOB Read via ... Linux Kernel io_uring: OOB Read via SQE_MIXED + sq_array Physical Index Bypass

   1

   # Linux Kernel io_uring: Out-of-Bounds Read via SQE_MIXED + sq_array Physical Index Bypass

   2

   3

   **CVE**: Pending (kernel fix and liburing test both merged)

   4

   **Affected**: Linux kernels with `IORING_SETUP_SQE_MIXED` (introduced by commit [1cba30bf9fdd](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1cba30bf9fdd))

   5

   **Fix**: [c76e0f1d77f8](https://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux.git/commit/?id=c76e0f1d77f87e258193c2628253782d5ff414c7) — merged into `io_uring-7.0` on 2026-03-10

2. V8 Maglev JIT: Uninitialized Specula... V8 Maglev JIT: Uninitialized SpeculationMode in SaveCallSpeculationScope (CL 7651434)

   1

   // PoC: Uninitialized SpeculationMode in SaveCallSpeculationScope

   2

   //

   3

   // Triggers uninitialized read of saved_mode_ in the destructor of

   4

   // MaglevGraphBuilder::SaveCallSpeculationScope during Maglev JIT compilation.

   5

   //

3. CVE-2026-47164 / GHSA-6x5c-84vm-5j56... CVE-2026-47164 / GHSA-6x5c-84vm-5j56 — Vaultwarden SSO existing-user binding bypasses IdP email_verified check (HIGH 7.7, fixed in 1.36.0). Independent-reporter writeup.

   1

   # Vaultwarden SSO existing-user binding skips the IdP `email_verified` check (CVE-2026-47164)

   2

   3

   **Advisory:** [GHSA-6x5c-84vm-5j56](https://github.com/dani-garcia/vaultwarden/security/advisories/GHSA-6x5c-84vm-5j56)

   4

   **CVE:** CVE-2026-47164

   5

   **Severity:** HIGH — CVSS 7.7 (`AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L`)

4. flowdown flowdown Public

   O(1) streaming markdown renderer for the AI era. Zero dependencies. ~4KB gzipped.

   JavaScript 1

5. logpack logpack Public

   Columnar compression for JSON logs. 30-50% smaller than zstd, 20x faster.

   Rust

6. veil-examples veil-examples Public

   Public integration examples for the hosted Veil API.

   JavaScript