Lucene search
K

240 matches found

Veracode
Veracode
added 2026/04/16 5:10 a.m.13 views

Improper Verification Of Cryptographic Signature

node-forge is vulnerable to Improper Verification of Cryptographic Signature. The vulnerability is due to insufficient validation of RSASSA PKCS1 v1.5 signatures allowing malformed ASN structures and inadequate padding checks, which allows an attacker to forge valid signatures and bypass signatur...

7.5CVSS5.7AI score0.00339EPSS
Exploits0References21Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/03/28 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-33896

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, pki.verifyCertificateChain does not...

9.1CVSS6.6AI score0.00348EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/03/28 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-33891

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service DoS vulnerability...

7.5CVSS5.8AI score0.00596EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/03/28 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-33895

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, Ed25519 signature verification accept...

8.1CVSS6.7AI score0.00348EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/27 10:12 p.m.4 views

CVE-2026-33891

A flaw was found in the node-forge library, a JavaScript implementation of Transport Layer Security. This vulnerability, inherited from the bundled jsbn library, allows a remote attacker to cause a Denial of Service DoS. When the BigInteger.modInverse function is called with a zero value, it ente...

7.5CVSS5.8AI score0.00596EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/03/27 9:52 p.m.7 views

CVE-2026-33896

A flaw was found in Forge also known as node-forge, a JavaScript implementation of Transport Layer Security TLS. The pki.verifyCertificateChain function does not properly enforce certificate validation rules. This oversight allows an intermediate certificate that lacks specific security extension...

7.4CVSS6.5AI score0.00348EPSS
Exploits1References5
NVD
NVD
added 2026/03/27 9:17 p.m.5 views

CVE-2026-33896

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, pki.verifyCertificateChain does not enforce RFC 5280 basicConstraints requirements when an intermediate certificate lacks both the basicConstraints and keyUsage extensions...

9.1CVSS0.00348EPSS
Exploits1References9
NVD
NVD
added 2026/03/27 9:17 p.m.7 views

CVE-2026-33891

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service DoS vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse function inherited from the bundled jsbn library...

7.5CVSS0.00596EPSS
Exploits1References10
NVD
NVD
added 2026/03/27 9:17 p.m.5 views

CVE-2026-33894

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, RSASSA PKCS1 v1.5 signature verification accepts forged signatures for low public exponent keys e=3. Attackers can forge signatures by stuffing “garbage” bytes within the ASN...

7.5CVSS0.00339EPSS
Exploits0References18
UbuntuCve
UbuntuCve
added 2026/03/27 9:17 p.m.5 views

CVE-2026-33894

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, RSASSA PKCS1 v1.5 signature verification accepts forged signatures for low public exponent keys e=3. Attackers can forge signatures by stuffing “garbage” bytes within the ASN...

7.5CVSS5.9AI score0.00339EPSS
Exploits0References5
OSV
OSV
added 2026/03/27 9:17 p.m.4 views

UBUNTU-CVE-2026-33896

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, pki.verifyCertificateChain does not enforce RFC 5280 basicConstraints requirements when an intermediate certificate lacks both the basicConstraints and keyUsage extensions...

9.1CVSS5.8AI score0.00348EPSS
Exploits1References4
OSV
OSV
added 2026/03/27 9:17 p.m.3 views

UBUNTU-CVE-2026-33891

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service DoS vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse function inherited from the bundled jsbn library...

7.5CVSS5.8AI score0.00596EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2026/03/27 9:17 p.m.4 views

CVE-2026-33896

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, pki.verifyCertificateChain does not enforce RFC 5280 basicConstraints requirements when an intermediate certificate lacks both the basicConstraints and keyUsage extensions...

9.1CVSS6.6AI score0.00348EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2026/03/27 9:17 p.m.4 views

CVE-2026-33891

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service DoS vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse function inherited from the bundled jsbn library...

7.5CVSS5.9AI score0.00596EPSS
Exploits1References3
OSV
OSV
added 2026/03/27 9:17 p.m.8 views

UBUNTU-CVE-2026-33894

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, RSASSA PKCS1 v1.5 signature verification accepts forged signatures for low public exponent keys e=3. Attackers can forge signatures by stuffing “garbage” bytes within the ASN...

7.5CVSS5.8AI score0.00339EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/03/27 8:50 p.m.31 views

CVE-2026-33896 Forge has a basicConstraints bypass in its certificate chain verification (RFC 5280 violation)

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, pki.verifyCertificateChain does not enforce RFC 5280 basicConstraints requirements when an intermediate certificate lacks both the basicConstraints and keyUsage extensions...

7.4CVSS0.00348EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/27 8:50 p.m.3 views

CVE-2026-33896

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, pki.verifyCertificateChain does not enforce RFC 5280 basicConstraints requirements when an intermediate certificate lacks both the basicConstraints and keyUsage extensions...

9.1CVSS5.9AI score0.00348EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/27 8:45 p.m.1 views

CVE-2026-33894

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, RSASSA PKCS1 v1.5 signature verification accepts forged signatures for low public exponent keys e=3. Attackers can forge signatures by stuffing “garbage” bytes within the ASN...

7.5CVSS5.8AI score0.00339EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/03/27 8:43 p.m.24 views

CVE-2026-33891 Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero Input

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service DoS vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse function inherited from the bundled jsbn library...

7.5CVSS0.00596EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/27 8:43 p.m.3 views

CVE-2026-33891

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service DoS vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse function inherited from the bundled jsbn library...

7.5CVSS5.9AI score0.00596EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder