CVE-2026-57231

Podman is a tool for managing OCI containers and pods. From 1.8.1 until 5.8.4, a container image that contains a environment variable with just a key and no value can trick podman into passing that variable from the host into the container. This is made worse by the fact that using an asterisk wi...

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication in the signing and verification logic before applying JWT.decode. An attacker can forge valid JWTs by supplying a crafted token that passes signature verification due to the acceptance of empty keys. Note: This i...

WWBN AVideo 访问控制错误漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained an access control vulnerability. This vulnerability stemmed from the use of default empty keys for authentication at the status.json.php and disable.json.php...

SUSE CVE-2019-11729

Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR 60.8, Firefox 68, and Thunderbird 60.8...