CVE-2026-33894

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, RSASSA PKCS1 v1.5 signature verification accepts forged signatures for low public exponent keys e=3. Attackers can forge signatures by stuffing “garbage” bytes within the ASN...

GHSA-PPP5-5V6C-4JWP Forge has signature forgery in RSA-PKCS due to ASN.1 extra field

Summary RSASSA PKCS1 v1.5 signature verification accepts forged signatures for low public exponent keys e=3. Attackers can forge signatures by stuffing “garbage” bytes within the ASN structure in order to construct a signature that passes verification, enabling Bleichenbacher style forgery. This...

PT-2026-28557

Name of the Vulnerable Software and Affected Versions Forge versions prior to 1.4.0 Description Forge, a native implementation of Transport Layer Security in JavaScript, has a flaw in its RSASSA PKCS1 v1.5 signature verification process. This issue allows attackers to forge signatures for keys wi...

CVE-2026-23323

CVE-2026-23323 concerns the Linux kernel macsmc-hwmon driver on Apple Silicon. The issue stems from two concrete bugs: (1) sensor population logic using the wrong prefix (volt- vs voltage-) and mis-assigning sensors from the voltage array to the temperature array, risking out-of-bounds access or ...

CVE-2026-4602

A flaw was found in jsrsasign. A remote attacker can exploit an incorrect conversion between numeric types by providing a negative exponent to the modPow function. This vulnerability can force the computation of incorrect modular inverses, which ultimately allows an attacker to bypass signature...

EUVD-2026-14379

Versions of the package jsrsasign before 11.1.1 are vulnerable to Incorrect Conversion between Numeric Types due to handling negative exponents in ext/jsbn2.js. An attacker can force the computation of incorrect modular inverses and break signature verification by calling modPow with a negative...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005611)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005611 advisory. In the Linux kernel, the following vulnerability has been resolved: net: ena: fix shift-out-of-bounds in exponential backoff The ENA adapters on our instances...

EUVD-2026-8679

ENS DNSSEC Oracle Vulnerable to RSA Signature Forgery via Missing PKCS1 v1.5 Padding Validation...

GHSA-C6RR-7PMC-73WC ENS DNSSEC Oracle Vulnerable to RSA Signature Forgery via Missing PKCS#1 v1.5 Padding Validation

Impact The RSASHA256Algorithm and RSASHA1Algorithm contracts fail to validate PKCS1 v1.5 padding structure when verifying RSA signatures. The contracts only check if the last 32 or 20 bytes of the decrypted signature match the expected hash. This enables Bleichenbacher's 2006 signature forgery...

ENS DNSSEC Oracle Vulnerable to RSA Signature Forgery via Missing PKCS#1 v1.5 Padding Validation

Impact The RSASHA256Algorithm and RSASHA1Algorithm contracts fail to validate PKCS1 v1.5 padding structure when verifying RSA signatures. The contracts only check if the last 32 or 20 bytes of the decrypted signature match the expected hash. This enables Bleichenbacher's 2006 signature forgery...

CVE-2026-22866

Ethereum Name Service ENS is a distributed, open, and extensible naming system based on the Ethereum blockchain. In versions 1.6.2 and prior, the RSASHA256Algorithm and RSASHA1Algorithm contracts fail to validate PKCS1 v1.5 padding structure when verifying RSA signatures. The contracts only check...

CVE-2026-22866

Ethereum Name Service ENS is a distributed, open, and extensible naming system based on the Ethereum blockchain. In versions 1.6.2 and prior, the RSASHA256Algorithm and RSASHA1Algorithm contracts fail to validate PKCS1 v1.5 padding structure when verifying RSA signatures. The contracts only check...

CVE-2026-22866 ENS DNSSEC Oracle Vulnerable to RSA Signature Forgery via Missing PKCS#1 v1.5 Padding Validation

Ethereum Name Service ENS is a distributed, open, and extensible naming system based on the Ethereum blockchain. In versions 1.6.2 and prior, the RSASHA256Algorithm and RSASHA1Algorithm contracts fail to validate PKCS1 v1.5 padding structure when verifying RSA signatures. The contracts only check...

CVE-2026-22866

The CVE-2026-22866 entry describes a Bleichenbacher-style RSA signature forgery flaw in Ethereum Name Service (ENS) DNSSEC tooling. In ENS v1.6.2 and earlier, RSASHA256Algorithm and RSASHA1Algorithm do not validate PKCS#1 v1.5 padding correctly and only compare the trailing 32 (or 20) bytes of th...

CVE-2026-22866 ENS DNSSEC Oracle Vulnerable to RSA Signature Forgery via Missing PKCS#1 v1.5 Padding Validation

Ethereum Name Service ENS is a distributed, open, and extensible naming system based on the Ethereum blockchain. In versions 1.6.2 and prior, the RSASHA256Algorithm and RSASHA1Algorithm contracts fail to validate PKCS1 v1.5 padding structure when verifying RSA signatures. The contracts only check...

PT-2026-21935

Name of the Vulnerable Software and Affected Versions Ethereum Name Service ENS versions 1.6.2 and prior Description The RSASHA256Algorithm and RSASHA1Algorithm contracts do not properly validate PKCS1 v1.5 padding when verifying RSA signatures. The contracts only verify the final 32 or 20 bytes ...

Beyond the Finite Variant Property: Extending Symbolic Diffie-Hellman Group Models (Extended Version)

Diffie-Hellman groups are commonly used in cryptographic protocols. While most state-of-the-art, symbolic protocol verifiers support them to some degree, they do not support all mathematical operations possible in these groups. In particular, they lack support for exponent addition, as these tool...

Exploit for Cross-site Scripting in Exponentcms Exponent_Cms

Synthetic Test Case: CVE-2017-8085 CWE: CWE-79 Origin...

MiracleLinux 8 : libgcrypt-1.8.5-6.el8 (AXSA:2021-2604:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2604:02 advisory. libgcrypt: mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpipowm CVE-2021-33560 Tenable has...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001041)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001041 advisory. The mpipowm function in lib/mpi/mpi-pow.c in the Linux kernel through 4.8.11 does not ensure that memory is allocated for limb data, which allows local users to caus...