Lucene search
K

1093 matches found

CNNVD
CNNVD
added 2026/04/02 12:0 a.m.6 views

SEPPmail Secure Email Gateway 安全漏洞

SEPPmail Secure Email Gateway is an email security gateway developed by the German company SEPPmail. Versions of SEPPmail Secure Email Gateway prior to version 15.0.3 contained security vulnerabilities. These vulnerabilities allowed attackers to use Unicode-like characters to bypass topic cleanin...

7.8CVSS5.8AI score0.00212EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/31 4:54 p.m.3 views

Brute Force

Overview @openclaw/nextcloud-talk is an OpenClaw Nextcloud Talk channel plugin Affected versions of this package are vulnerable to Brute Force via the webhook authentication process. An attacker can gain unauthorized access by repeatedly attempting to guess shared secrets without restriction,...

6.5CVSS5.9AI score0.00365EPSS
Exploits0References2
OSV
OSV
added 2026/03/31 3:44 p.m.7 views

CVE-2026-34240 jose vulnerable to untrusted JWK header key acceptance during signature verification

JOSE is a Javascript Object Signing and Encryption JOSE library. Prior to version 0.3.5+1, a vulnerability in jose could allow an unauthenticated, remote attacker to forge valid JWS/JWT tokens by using a key embedded in the JOSE header jwk. The vulnerability exists because key selection could tre...

7.5CVSS5.8AI score0.0013EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/31 9:49 a.m.4 views

Security Bulletin: Multiple vulnerabilites in IBM Rational Build Forge.

Summary IBM Rational Build Forge 8.0.0.30 addresses multiple vulnerabilites Vulnerability Details CVEID:CVE-2025-50106 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are...

9.8CVSS7.3AI score0.02591EPSS
Exploits2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/03/28 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-33894

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, RSASSA PKCS1 v1.5 signature...

7.5CVSS6.7AI score0.00339EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/28 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-33896

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, pki.verifyCertificateChain does not...

9.1CVSS6.6AI score0.00348EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/03/28 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-33891

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service DoS vulnerability...

7.5CVSS5.8AI score0.00596EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/03/28 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-33895

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, Ed25519 signature verification accept...

8.1CVSS6.7AI score0.00348EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/27 10:12 p.m.4 views

CVE-2026-33891

A flaw was found in the node-forge library, a JavaScript implementation of Transport Layer Security. This vulnerability, inherited from the bundled jsbn library, allows a remote attacker to cause a Denial of Service DoS. When the BigInteger.modInverse function is called with a zero value, it ente...

7.5CVSS5.8AI score0.00596EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/03/27 10:2 p.m.3 views

CVE-2026-33894

A flaw was found in Forge also called node-forge, a JavaScript implementation of Transport Layer Security. A remote attacker could exploit weaknesses in the RSASSA PKCS1 v1.5 signature verification process. By crafting malicious signatures that include extra data within the ASN structure and do n...

7.5CVSS5.8AI score0.00339EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/03/27 9:52 p.m.4 views

CVE-2026-33895

A flaw was found in Forge also called node-forge, a JavaScript library used for Transport Layer Security TLS. The library's Ed25519 signature verification process does not correctly validate cryptographic signatures, allowing forged non-canonical signatures to be accepted. A remote attacker could...

7.5CVSS5.8AI score0.00348EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/03/27 9:52 p.m.8 views

CVE-2026-33896

A flaw was found in Forge also known as node-forge, a JavaScript implementation of Transport Layer Security TLS. The pki.verifyCertificateChain function does not properly enforce certificate validation rules. This oversight allows an intermediate certificate that lacks specific security extension...

7.4CVSS6.5AI score0.00348EPSS
Exploits1References5
NVD
NVD
added 2026/03/27 9:17 p.m.6 views

CVE-2026-33895

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, Ed25519 signature verification accepts forged non-canonical signatures where the scalar S is not reduced modulo the group order S = L. A valid signature and its S + L variant...

7.5CVSS0.00348EPSS
Exploits0References10
NVD
NVD
added 2026/03/27 9:17 p.m.5 views

CVE-2026-33896

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, pki.verifyCertificateChain does not enforce RFC 5280 basicConstraints requirements when an intermediate certificate lacks both the basicConstraints and keyUsage extensions...

9.1CVSS0.00348EPSS
Exploits1References9
NVD
NVD
added 2026/03/27 9:17 p.m.8 views

CVE-2026-33891

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service DoS vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse function inherited from the bundled jsbn library...

7.5CVSS0.00596EPSS
Exploits1References10
NVD
NVD
added 2026/03/27 9:17 p.m.5 views

CVE-2026-33894

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, RSASSA PKCS1 v1.5 signature verification accepts forged signatures for low public exponent keys e=3. Attackers can forge signatures by stuffing “garbage” bytes within the ASN...

7.5CVSS0.00339EPSS
Exploits0References18
UbuntuCve
UbuntuCve
added 2026/03/27 9:17 p.m.5 views

CVE-2026-33894

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, RSASSA PKCS1 v1.5 signature verification accepts forged signatures for low public exponent keys e=3. Attackers can forge signatures by stuffing “garbage” bytes within the ASN...

7.5CVSS5.9AI score0.00339EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/03/27 9:17 p.m.3 views

CVE-2026-33895

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, Ed25519 signature verification accepts forged non-canonical signatures where the scalar S is not reduced modulo the group order S = L. A valid signature and its S + L variant...

7.5CVSS5.7AI score0.00348EPSS
Exploits0References4
OSV
OSV
added 2026/03/27 9:17 p.m.4 views

UBUNTU-CVE-2026-33896

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, pki.verifyCertificateChain does not enforce RFC 5280 basicConstraints requirements when an intermediate certificate lacks both the basicConstraints and keyUsage extensions...

9.1CVSS5.8AI score0.00348EPSS
Exploits1References4
OSV
OSV
added 2026/03/27 9:17 p.m.3 views

UBUNTU-CVE-2026-33891

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service DoS vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse function inherited from the bundled jsbn library...

7.5CVSS5.8AI score0.00596EPSS
Exploits1References4
Rows per page
Query Builder