Lucene search
K

752 matches found

Cvelist
Cvelist
added 2 days ago37 views

CVE-2026-48816 sigstore-js: Insufficient Verification of Data Authenticity

sigstore-js provides JavaScript libraries for interacting with Sigstore services. Prior to 3.1.1, @sigstore/verify derives a transparency-log timestamp from tlogEntries.integratedTime for bundle v0.2 inclusionProof-only entries even though the inclusion proof path does not cryptographically bind...

6.5CVSS0.00158EPSS
Exploits0References4
CVE
CVE
added 2 days ago16 views

CVE-2026-48816

CVE-2026-48816 affects sigstore-js, where prior to version 3.1.1 the verification logic in @sigstore/verify derives a transparency-log timestamp from tlogEntries[].integratedTime for bundle v0.2 inclusionProof-only entries, even though the inclusion proof path does not cryptographically bind inte...

6.5CVSS6.1AI score0.00158EPSS
Exploits0References4
Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-11901 WP Hotel Booking <= 2.3.1 - Unauthenticated Insufficient Verification of Data Authenticity to Payment Bypass via PayPal IPN Handler

The WP Hotel Booking plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in all versions up to, and including, 2.3.1. This is due to the webhookprocesspaypalstandard IPN handler selecting its PayPal validation endpoint from the attacker-controlled $REQUEST'testipn...

5.3CVSS0.00177EPSS
Exploits0References10
Snyk
Snyk
added 2026/07/08 6:46 p.m.5 views

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity via the toc process. An attacker can interfere with same-page navigation, CSS selectors, or JavaScript handlers by creating content with predictable id attributes that collide with...

5.3CVSS6.1AI score0.00128EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/01 8:44 p.m.4 views

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity via unsanitized repository URL components in the webhook endpoint when no secret is configured. An attacker can trigger continuous repository re-cloning, increasing network traffic and...

8.3CVSS6AI score0.00506EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/01 7:57 p.m.3 views

Insufficient Verification of Data Authenticity

Overview @sigstore/verify is a Verification of Sigstore signatures Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity via the integratedTime process. An attacker can manipulate time-based verification decisions by supplying a crafted bundle that set...

7.1CVSS6AI score0.00158EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/07/01 7:57 p.m.11 views

sigstore-js has Insufficient Verification of Data Authenticity

sigstore-js derives a transparency-log timestamp from tlogEntries.integratedTime and uses it to validate certificate validity windows and satisfy timestampThreshold. For bundle v0.2, a tlog entry can be inclusionProof-only no signed inclusionPromise/set, and the inclusion proof path does not...

6.5CVSS5.8AI score0.00158EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/29 12:31 a.m.9 views

EUVD-2026-40010

A security flaw has been discovered in MyScale MyScaleDB up to 1.8.0. This vulnerability affects the function SegmentId::getCacheKey in the library src/VectorIndex/Common/SegmentId.h. The manipulation results in insufficient verification of data authenticity. It is possible to launch the attack...

5CVSS5.4AI score0.00133EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/29 12:31 a.m.9 views

EUVD-2026-40004

A vulnerability was detected in volcengine OpenViking up to 0.3.21. This affects the function strtouint64 of the file openviking/storage/vectordb/utils/strtouint64.py of the component Local VectorDB Primary-key Label Handler. The manipulation of the argument ID results in insufficient verificatio...

5CVSS5.5AI score0.00138EPSS
Exploits0References8
NVD
NVD
added 2026/06/29 12:16 a.m.10 views

CVE-2026-13513

A security flaw has been discovered in MyScale MyScaleDB up to 1.8.0. This vulnerability affects the function SegmentId::getCacheKey in the library src/VectorIndex/Common/SegmentId.h. The manipulation results in insufficient verification of data authenticity. It is possible to launch the attack...

5CVSS0.00133EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/28 11:0 p.m.40 views

CVE-2026-13513 MyScale MyScaleDB SegmentId.h getCacheKey data authenticity

A security flaw has been discovered in MyScale MyScaleDB up to 1.8.0. This vulnerability affects the function SegmentId::getCacheKey in the library src/VectorIndex/Common/SegmentId.h. The manipulation results in insufficient verification of data authenticity. It is possible to launch the attack...

5CVSS0.00133EPSS
Exploits0References7
CVE
CVE
added 2026/06/28 11:0 p.m.16 views

CVE-2026-13513

Summary: CVE-2026-13513 affects MyScale MyScaleDB up to 1.8.0, impacting SegmentId::getCacheKey in src/VectorIndex/Common/SegmentId.h. The issue is described as insufficient verification of data authenticity and can be exploited remotely with high attack complexity; exploit maturity is labeled as...

5CVSS5.4AI score0.00133EPSS
Exploits0References7
OSV
OSV
added 2026/06/28 11:0 p.m.2 views

CVE-2026-13513 MyScale MyScaleDB SegmentId.h getCacheKey data authenticity

A security flaw has been discovered in MyScale MyScaleDB up to 1.8.0. This vulnerability affects the function SegmentId::getCacheKey in the library src/VectorIndex/Common/SegmentId.h. The manipulation results in insufficient verification of data authenticity. It is possible to launch the attack...

2.3CVSS5.3AI score0.00133EPSS
Exploits0References9
NVD
NVD
added 2026/06/28 10:16 p.m.9 views

CVE-2026-13507

A vulnerability was detected in volcengine OpenViking up to 0.3.21. This affects the function strtouint64 of the file openviking/storage/vectordb/utils/strtouint64.py of the component Local VectorDB Primary-key Label Handler. The manipulation of the argument ID results in insufficient verificatio...

5CVSS0.00138EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/28 9:30 p.m.9 views

CVE-2026-13507

A vulnerability was detected in volcengine OpenViking up to 0.3.21. This affects the function strtouint64 of the file openviking/storage/vectordb/utils/strtouint64.py of the component Local VectorDB Primary-key Label Handler. The manipulation of the argument ID results in insufficient verificatio...

5CVSS5.5AI score0.00138EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2026/06/28 9:30 p.m.36 views

CVE-2026-13507 volcengine OpenViking Local VectorDB Primary-key Label str_to_uint64.py str_to_uint64 data authenticity

A vulnerability was detected in volcengine OpenViking up to 0.3.21. This affects the function strtouint64 of the file openviking/storage/vectordb/utils/strtouint64.py of the component Local VectorDB Primary-key Label Handler. The manipulation of the argument ID results in insufficient verificatio...

5CVSS0.00138EPSS
Exploits0References7
OSV
OSV
added 2026/06/28 9:30 p.m.3 views

CVE-2026-13507 volcengine OpenViking Local VectorDB Primary-key Label str_to_uint64.py str_to_uint64 data authenticity

A vulnerability was detected in volcengine OpenViking up to 0.3.21. This affects the function strtouint64 of the file openviking/storage/vectordb/utils/strtouint64.py of the component Local VectorDB Primary-key Label Handler. The manipulation of the argument ID results in insufficient verificatio...

2.3CVSS5.5AI score0.00138EPSS
Exploits0References9
CVE
CVE
added 2026/06/28 9:30 p.m.16 views

CVE-2026-13507

Summary (CVE-2026-13507) Volcengine OpenViking up to 0.3.21 is affected in the Local VectorDB Primary-key Label Handler, specifically the str_to_uint64 function in openviking/storage/vectordb/utils/str_to_uint64.py. The issue arises from manipulating the argument ID, causing insufficient verifica...

5CVSS5.5AI score0.00138EPSS
Exploits0References7
NVD
NVD
added 2026/06/28 7:16 a.m.13 views

CVE-2026-13483

A flaw has been found in arc53 DocsGPT up to 0.18.0. The affected element is the function encryptcredentials of the file application/security/encryption.py of the component Credential Storage. This manipulation causes insufficient verification of data authenticity. It is possible to initiate the...

3.1CVSS0.00095EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/28 5:45 a.m.7 views

CVE-2026-13483

A flaw has been found in arc53 DocsGPT up to 0.18.0. The affected element is the function encryptcredentials of the file application/security/encryption.py of the component Credential Storage. This manipulation causes insufficient verification of data authenticity. It is possible to initiate the...

3.1CVSS4.9AI score0.00095EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder