Lucene search
K

2261 matches found

NVD
NVD
added 4 days ago7 views

CVE-2026-57997

Strapi users-permissions plugin fails to restrict JWT algorithms when plugin::users-permissions.jwt.algorithm is not explicitly configured, allowing acceptance of HS384 and HS512 tokens alongside HS256. Attackers possessing the jwtSecret can mint tokens with non-standard HMAC variants to bypass...

6.3CVSS0.00147EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 4 days ago9 views

PT-2026-53747

Name of the Vulnerable Software and Affected Versions Strapi users-permissions plugin affected versions not specified Description The users-permissions plugin fails to restrict JSON Web Token JWT algorithms when the plugin::users-permissions.jwt.algorithm configuration is not explicitly set. This...

6.3CVSS5.8AI score0.00147EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 5 days ago7 views

Linux Distros Unpatched Vulnerability : CVE-2026-53038

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - imafs: Correctly create securityfs files for unsupported hash algos imatpmchip-allocatedbanksi.cryptoid is initialized to HASHALGOLAST if the TPM algorithm is n...

5.8AI score0.00168EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 6 days ago6 views

EulerOS 2.0 SP15 : openssh (EulerOS-SA-2026-2455)

According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions.CVE-2026-35388 OpenSSH before 10.3 mishandles...

8.2CVSS7.4AI score0.0218EPSS
Exploits0References7
NVD
NVD
added last week5 views

CVE-2026-53302

In the Linux kernel, the following vulnerability has been resolved: crypto: eip93 - fix hmac setkey algo selection eip93hmacsetkey allocates a temporary ahash transform for computing HMAC ipad/opad key material. The allocation uses the driver-specific cradrivername e.g. "sha256-eip93" but passes...

0.00166EPSS
Exploits0References3
OSV
OSV
added last week2 views

UBUNTU-CVE-2026-53302

In the Linux kernel, the following vulnerability has been resolved: crypto: eip93 - fix hmac setkey algo selection eip93hmacsetkey allocates a temporary ahash transform for computing HMAC ipad/opad key material. The allocation uses the driver-specific cradrivername e.g. "sha256-eip93" but passes...

5.8AI score0.00166EPSS
Exploits0References6
EUVD
EUVD
added last week5 views

EUVD-2026-39837

In the Linux kernel, the following vulnerability has been resolved: crypto: eip93 - fix hmac setkey algo selection eip93hmacsetkey allocates a temporary ahash transform for computing HMAC ipad/opad key material. The allocation uses the driver-specific cradrivername e.g. "sha256-eip93" but passes...

5.9AI score0.00166EPSS
Exploits0References3
CVE
CVE
added last week6 views

CVE-2026-53302

The CVE concerns the Linux kernel’s crypto/eip93 path. Specifically, eip93_hmac_setkey() creates a temporary ahash transform using a driver name (e.g., sha256-eip93) but passes CRYPTO_ALG_ASYNC as the mask, which excludes async algorithms. Since EIP93 hash algorithms are inherently async, the loo...

5.9AI score0.00166EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added last week7 views

CVE-2026-53038

A flaw was found in the Linux kernel's Integrity Measurement Architecture IMA subsystem. When handling unsupported Trusted Platform Module TPM hash algorithms, the imafs component incorrectly accesses a hash algorithm name array, leading to a read out-of-bounds. This vulnerability could allow a...

5.5CVSS5.7AI score0.00168EPSS
Exploits0References4
OSV
OSV
added 2026/06/25 10:17 p.m.3 views

DEBIAN-CVE-2026-6325

Out-of-bounds write in SetSuitesHashSigAlgo when processing an oversized signature algorithms list, allowing a write past the bounds of the destination buffer...

7.5CVSS5.8AI score0.00175EPSS
Exploits0References1
NVD
NVD
added 2026/06/25 10:17 p.m.6 views

CVE-2026-6325

Out-of-bounds write in SetSuitesHashSigAlgo when processing an oversized signature algorithms list, allowing a write past the bounds of the destination buffer...

7.5CVSS0.00175EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 9:16 p.m.6 views

CVE-2026-6412

Certificate policy and RFC 8446 compliance concerns regarding the continued acceptance of SHA-1/MD5 in certificate processing...

4.3CVSS0.00074EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/25 9:4 p.m.22 views

CVE-2026-6325 Out-of-bounds write in SetSuitesHashSigAlgo on oversized signature algorithms list

Out-of-bounds write in SetSuitesHashSigAlgo when processing an oversized signature algorithms list, allowing a write past the bounds of the destination buffer...

2CVSS0.00175EPSS
Exploits0References2
CVE
CVE
added 2026/06/25 9:4 p.m.9 views

CVE-2026-6325

Technical details are not publicly available in the provided documents. Monitor for updates.

7.5CVSS5.8AI score0.00175EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/24 6:32 p.m.5 views

EUVD-2026-38906

In the Linux kernel, the following vulnerability has been resolved: imafs: Correctly create securityfs files for unsupported hash algos imatpmchip-allocatedbanksi.cryptoid is initialized to HASHALGOLAST if the TPM algorithm is not supported. However there are places relying on the algorithm to be...

5.7AI score0.00168EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/23 3:36 a.m.10 views

CVE-2026-55653

A flaw was found in OpenSSH. A malicious SSH server can exploit a double free vulnerability in the Diffie-Hellman Group Exchange DH-GEX client path. This occurs during FIPS Federal Information Processing Standards mode known-group validation when the client processes attacker-controlled DH-GEX...

6.5CVSS5.8AI score0.00202EPSS
Exploits1References3
CVE
CVE
added 2026/06/22 1:55 p.m.14 views

CVE-2026-12725

CVE-2026-12725 affects dnsmasq. The flaw is a heap-based buffer overflow in the log_query() path when DNSSEC validation and query logging are both enabled and DNS responses contain DS/DNSKEY records with unsupported algorithm or digest types. This can cause dnsmasq to write past the end of an int...

5.9CVSS6.1AI score0.00406EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: erofs: fixed an issue where the algorithm used for encoded extents was invalid. The current algorithm sanity checks do not properly apply to newly encoded extents. We need to unify the algorithm checks with the...

5.5CVSS5.3AI score0.00119EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: crypto: tegra – Added the missing CRYPTOALGASYNC flag. The tegra crypto driver failed to set CRYPTOALGASYNC for its asynchronous algorithms. As a result, the crypto API would select these algorithms for users who request only...

8.8CVSS5.7AI score0.00415EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.11 views

Astra Linux – Vulnerability in CGal

There are multiple code execution vulnerabilities in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could result in code execution. An attacker can provide malicious input to trigger...

10CVSS7.7AI score0.02186EPSS
Exploits1References2
Rows per page
Query Builder