67 matches found
Exploit for CVE-2026-10795
CVE Lab: CVE-2026-10795 - UpdraftPlus UpdraftCentral RPC Authe...
CMS AuthEnvelopedData Processing May Accept Forged Messages
...
RLSA-2026:25239 Important: openssl security update
OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: OpenSSL: Heap buffer overflow due to signed integer overflow in Unicode output sizing CVE-2026-73...
openssl: CMS AuthEnvelopedData Processing May Accept Forged Messages
A flaw was found in OpenSSL's Cryptographic Message Services CMS AuthEnvelopedData processing. An on-path attacker can exploit insufficient input validation on cipher and tag length fields by sending specially crafted CMS messages. This can lead to the forging of messages or bypassing integrity...
USN-8414-1 openssl vulnerabilities
Frank Buss discovered that OpenSSL had a heap buffer over-read in ASN.1 content parsing. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service, or obtain sensitive information. CVE-2026-34180 Pavol Zacik and Alex Gaynor discovered that OpenSSL...
CVE-2026-34182
CVE-2026-34182 describes a vulnerability in CMS AuthEnvelopedData processing in OpenSSL where insufficient input validation on cipher and tag length can allow forged or manipulated messages. Attack scenarios include selecting non-AEAD ciphers (e.g., AES-256-OFB) that bypasses integrity checks and...
FreeBSD -- Multiple vulnerabilities in OpenSSL
Problem Description: Multiple issues have been reported as part of this advisory with different issues affecting different OpenSSL versions and therefore different FreeBSD versions. Instead of exhaustively listing detailed writeups for each issue, please see the referenced advisory from OpenSSL...
UBUNTU-CVE-2026-34182
Issue Summary: Cryptographic Message Services CMS processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers, leading to various potential compromises. Impact Summary: Attackers making use of these vulnerabilities may achieve...
FreeScout 数据伪造问题漏洞
FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.220 contained a data manipulation vulnerability. This vulnerability stemmed from the use of In-Reply-To/References headers in...
Ella Core 安全漏洞
Ella Core is an open-source solution developed by Ella Networks for use in private networks as a 5G core network solution. Versions of Ella Core prior to 1.10.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of verification of whether the...
CVE-2026-44214 eventsource-encoder: SSE event injection via unsanitized event and id fields
eventsource-encoder encodes events as well-formed EventSource/Server Sent Event SSE messages. Prior to 1.0.2, eventsource-encoder does not sanitize the event or id fields of an EventSourceMessage before serializing them. An attacker who controls either field can inject arbitrary Server-Sent Event...
Astra Linux - уязвимость в thunderbird
The Matrix JavaScript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker working alongside a malicious home server could create messages that appeared to be sent by another person, without any indication such as a gray shield. Additionally, a sophisticated...
Spring Cloud AWS 数据伪造问题漏洞
Spring Cloud AWS is an open-source development framework from awspring, designed for integration with AWS cloud services within the Spring ecosystem. Versions 3.0.0 to 4.0.1 of Spring Cloud AWS contain a data manipulation vulnerability. This vulnerability stems from the lack of validation of the...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via the handling of PDUSessionResourceSetupResponse messages carrying AMF-UE-NGAP-ID. An attacker can redirect downlink user-plane traffic for any targeted UE to their own radio by sending a forged message with a...
CVE-2026-41301
OpenClaw versions 2026.3.22 before 2026.3.31 contain a signature verification bypass vulnerability in the Nostr DM ingress path that allows pairing challenges to be issued before event signature validation. An unauthenticated remote attacker can send forged direct messages to create pending pairi...
Improper Verification of Cryptographic Signature
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the Nostr DM ingress path. An attacker can cause unauthorized pairing challenges to be issued and consume shared pairing capacity by...
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the verifybyte expected function in JcaContentVerifierProviderBuilder. An attacker can forge a protected CMP/PKI message by supplying an empty composite signature sequence that...
OpenClaw: Forged Nostr DMs could create pairing state before signature verification
Summary Before OpenClaw 2026.3.31, the Nostr DM ingress path could issue pairing challenges before validating the event signature. A forged DM could create a pending pairing entry and trigger a pairing-reply attempt before signature rejection. Impact An unauthenticated remote sender could consume...
Devolutions Server 安全漏洞
Devolutions Server is an application system developed by the Canadian company Devolutions. It provides a fully functional solution for shared accounts and password management. Versions of Devolutions Server prior to 2025.3.15 contained a security vulnerability. This vulnerability stemmed from...
CVE-2023-29389
Toyota RAV4 2021 vehicles automatically trust messages from other ECUs on a CAN bus, which allows physically proximate attackers to drive a vehicle by accessing the control CAN bus after pulling the bumper away and reaching the headlight connector, and then sending forged "Key is validated"...