EUVD-2026-39581

PKCS7verify signer confusion allows forged signatures, where the signer associated with a signature is not correctly bound, permitting a forged signature to be accepted...

DEBIAN-CVE-2026-7511

PKCS7verify signer confusion allows forged signatures, where the signer associated with a signature is not correctly bound, permitting a forged signature to be accepted...

CVE-2026-7511

PKCS7verify signer confusion allows forged signatures, where the signer associated with a signature is not correctly bound, permitting a forged signature to be accepted...

CVE-2026-7511

Technical details are not publicly available in the provided documents for CVE-2026-7511. Monitor for updates from vendors and CERT advisories to learn affected products, versions, impact, and remediation.

CVE-2026-7511

PKCS7verify signer confusion allows forged signatures, where the signer associated with a signature is not correctly bound, permitting a forged signature to be accepted...

PT-2026-52622

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A signer confusion issue in PKCS7 verify allows for forged signatures. This occurs because the signer associated with a signature is not correctly bound, which...

Astra Linux – Vulnerability in gnupg2

A flaw was discovered in the way certificate signatures can be forged using collisions found in the SHA-1 algorithm. Attackers could exploit this weakness to create forged certificate signatures. This issue affects GnuPG versions prior to 2.2.18...

PT-2026-50796

Name of the Vulnerable Software and Affected Versions Relyra versions 1.0.0 through 1.1.0 Description Relyra is a SAML 2.0 Service Provider library for Elixir and Phoenix that accepts forged SAML signatures. This occurs because the SignatureValue is not cryptographically verified before the libra...

EUVD-2026-36525

Naxclow devices use a uniform request-signing scheme based on a hard-coded, platform-wide salt embedded in every firmware image. Once this salt is recovered from any device, an attacker can generate valid signatures for arbitrary device or account operations due to the absence of per-device keys,...

Cleartext Storage of Sensitive Information

Overview sagemaker is an Open source library for training and deploying models on Amazon SageMaker. Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information in the ModelBuilder/Serve component. An attacker can extract sensitive HMAC signing keys by accessing...

Cleartext Storage of Sensitive Information

Overview sagemaker-serve is a SageMaker Serve package for model serving and deployment Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information in the ModelBuilder/Serve component. An attacker can extract sensitive HMAC signing keys by accessing the SageMaker...

EUVD-2026-30420

Cleartext storage of HMAC signing key in Amazon SageMaker Python SDK ModelBuilder/Serve path...

libcrux-ml-dsa: Signature Verification on AVX2 Platforms Mishandles Edge Case

The AVX2 implementation of ML-DSA verification incorrectly implemented the usehint function, mishandling an edge case that should lead to signature rejection. Impact An attacker could make the ML-DSA verifier accept a crafted invalid signature under a maliciously generated verification key, if th...

CVE-2026-8596 Cleartext storage of HMAC signing key in Amazon SageMaker Python SDK ModelBuilder/Serve path

Cleartext storage of sensitive information in the ModelBuilder/Serve component in Amazon SageMaker Python SDK before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to extract the HMAC signing key from SageMaker API responses and forge valid integrity signatures for special...

CVE-2026-8596

Cleartext storage of sensitive information in the ModelBuilder/Serve component in Amazon SageMaker Python SDK before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to extract the HMAC signing key from SageMaker API responses and forge valid integrity signatures for special...

Paiement Ecommerce Systempay 安全漏洞

Paiement Ecommerce Systempay is an online payment platform for e-commerce services provided by the French company Paiement. Version 1.0 of Paiement Ecommerce Systempay contains a security vulnerability. This vulnerability stems from weak encryption implementations, which may allow attackers to...

Improper Verification Of Cryptographic Signature

jsrsasign is vulnerable to Improper Verification of Cryptographic Signature. The vulnerability is due to insufficient validation of DSA domain parameters during signature verification, which allows an attacker to craft malicious parameters and forge valid signatures or certificates...

EUVD-2026-21291

wolfSSL's ECCSI signature verifier wcVerifyEccsiHash decodes the r and s scalars from the signature blob via mpreadunsignedbin with no check that they lie in 1, q-1. A crafted forged signature could verify against any message for any identity, using only publicly-known constants...

CVE-2026-5466 wc_VerifyEccsiHash missing sanity check

wolfSSL's ECCSI signature verifier wcVerifyEccsiHash decodes the r and s scalars from the signature blob via mpreadunsignedbin with no check that they lie in 1, q-1. A crafted forged signature could verify against any message for any identity, using only publicly-known constants...

CVE-2026-5466 wc_VerifyEccsiHash missing sanity check

wolfSSL's ECCSI signature verifier wcVerifyEccsiHash decodes the r and s scalars from the signature blob via mpreadunsignedbin with no check that they lie in 1, q-1. A crafted forged signature could verify against any message for any identity, using only publicly-known constants...