Lucene search
K

1079 matches found

CVE
CVE
added 2026/03/20 6:29 p.m.11 views

CVE-2026-32317

CVE-2026-32317 affects Cryptomator for Android prior to version 1.12.3. An integrity-check vulnerability allowed an attacker to tamper with the vault configuration file, causing a MITM in the Hub key loading mechanism by mixing endpoints and bypassing host authenticity checks. Impacted users unlo...

7.6CVSS5.8AI score0.00062EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/20 6:19 p.m.3 views

CVE-2026-32310 Cryptomator: Unverified masterkeyfile key IDs can access arbitrary local or UNC paths

Cryptomator encrypts data being stored on cloud infrastructure. From version 1.6.0 to before version 1.19.1, vault configuration is parsed before its integrity is verified, and the masterkeyfile loader uses the unverified keyId as a filesystem path. The loader resolves keyId.getSchemeSpecificPart...

4.1CVSS5.8AI score0.00248EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/20 5:57 p.m.4 views

EUVD-2026-13746

Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.1, an integrity check vulnerability allows an attacker to tamper with the vault configuration file leading to a man-in-the-middle vulnerability in Hub key loading mechanism. Before this fix, the client trusted...

7.6CVSS5.8AI score0.0011EPSS
Exploits0References4
OSV
OSV
added 2026/03/20 5:57 p.m.8 views

CVE-2026-32303 Cryptomator: Tampered vault configuration allows MITM attack on Hub API

Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.1, an integrity check vulnerability allows an attacker to tamper with the vault configuration file leading to a man-in-the-middle vulnerability in Hub key loading mechanism. Before this fix, the client trusted...

7.6CVSS5.8AI score0.0011EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.9 views

PT-2026-26773

Name of the Vulnerable Software and Affected Versions goxmlsig versions prior to 1.6.0 goxmlsig versions prior to 1.22 when using older Go versions or go.mod versions Description The validateSignature function in validate.go has a loop variable capture issue in Go versions before 1.22, or when...

7.5CVSS5.9AI score0.00299EPSS
Exploits1References174
NVD
NVD
added 2026/03/17 11:16 p.m.8 views

CVE-2026-3856

IBM Db2 Recovery Expert for Linux, UNIX and Windows 5.5 IF 2 could allow an attacker to modify or corrupt data due to an insecure mechanism used for verifying the integrity of the data during transmission...

9.1CVSS0.00152EPSS
Exploits0References1
OSV
OSV
added 2026/03/16 4:23 p.m.1 views

GHSA-HQMJ-H5C6-369M ONNX Untrusted Model Repository Warnings Suppressed by silent=True in onnx.hub.load() — Silent Supply-Chain Attack

What's the issue Passing silent=True to onnx.hub.load kills all trust warnings and user prompts. This means a model can be downloaded from any unverified GitHub repo with zero user awareness. python if not verifyreporefrepo and not silent: completely skipped when silent=True print"The model repo...

8.6CVSS6.2AI score0.00318EPSS
Exploits0References5
Snyk
Snyk
added 2026/03/13 10:41 p.m.2 views

Improper Validation of Integrity Check Value

Overview robrichards/xmlseclibs is a PHP library for XML Security. Affected versions of this package are vulnerable to Improper Validation of Integrity Check Value in the decryptSymmetric function, when checking tag length for the aes-128-gcm, aes-192-gcm, and aes-256-gcm encryption algorithms. A...

8.2CVSS5.9AI score0.00152EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/03/13 4:10 p.m.6 views

SM9 Infinity-Point Ciphertext Forgery Vulnerability

Overview The current SM9 decryption implementation contains an infinity-point ciphertext forgery vulnerability. The root cause is that, during decryption, the elliptic-curve point C1 in the ciphertext is only deserialized and checked to be on the curve, but the implementation does not explicitly...

7.5CVSS5.9AI score0.00211EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/03/13 4:10 p.m.5 views

GHSA-5XXP-2VRJ-X855 SM9 Infinity-Point Ciphertext Forgery Vulnerability

Overview The current SM9 decryption implementation contains an infinity-point ciphertext forgery vulnerability. The root cause is that, during decryption, the elliptic-curve point C1 in the ciphertext is only deserialized and checked to be on the curve, but the implementation does not explicitly...

9.2CVSS5.9AI score0.00211EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/03/04 1:44 p.m.5 views

CVE-2026-3344

A vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS filesystem integrity check and maintain limited persistence via a maliciously-crafted firmware update package.This issue affects Fireware OS 12.0 up to and including 12.11.7, 12.5.9 up to and including...

6.9CVSS5.9AI score0.00258EPSS
Exploits0References1
OSV
OSV
added 2026/03/03 2:15 p.m.7 views

CVE-2026-3344

A vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS filesystem integrity check and maintain limited persistence via a maliciously-crafted firmware update package.This issue affects Fireware OS 12.0 up to and including 12.11.7, 12.5.9 up to and including...

4.9CVSS5.7AI score0.00258EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/03 1:17 p.m.6 views

EUVD-2026-9290

A vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS filesystem integrity check and maintain limited persistence via a maliciously-crafted firmware update package.This issue affects Fireware OS 12.0 up to and including 12.11.7, 12.5.9 up to and including...

6.9CVSS5.9AI score0.00258EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/25 4:17 p.m.5 views

CVE-2025-47904

Download of Code Without Integrity Check vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.This issue affects Time Provider 4100: before 2.5...

5.7CVSS5.4AI score0.00082EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/02/25 7:25 a.m.330 views

Exploit for Improper Validation of Integrity Check Value in Openbsd Openssh

Terrapin Attack - Manual Exploitation Lab CVE-2023-48795...

5.9CVSS8.6AI score0.9378EPSS
Exploits4
OSV
OSV
added 2026/02/24 4:24 p.m.3 views

CVE-2025-47904

Download of Code Without Integrity Check vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.This issue affects Time Provider 4100: before 2.5...

4.1CVSS5.8AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/24 3:34 p.m.5 views

CVE-2025-47904 Unsigned upgrade package

Download of Code Without Integrity Check vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.This issue affects Time Provider 4100: before 2.5...

5.7CVSS5.4AI score0.00082EPSS
Exploits0References2
CISA KEV Catalog
CISA KEV Catalog
added 2026/02/12 12:0 a.m.12 views

Notepad++ Download of Code Without Integrity Check Vulnerability

Notepad++ when using the WinGUp updater, contains a download of code without integrity check vulnerability that could allow an attacker to intercept or redirect update traffic to download and execute an attacker-controlled installer. This could lead to arbitrary code execution with the privileges...

7.7CVSS6.4AI score0.01268EPSS
In wildExploits0
Snyk
Snyk
added 2026/02/09 11:23 p.m.2 views

Improper Validation of Integrity Check Value

Overview Affected versions of this package are vulnerable to Improper Validation of Integrity Check Value for .idx and .pack files. An attacker can cause the application to consume corrupted files, leading to unexpected errors, due to checksums not being checked in the loadIdxFile function...

5.3CVSS5.7AI score0.00136EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/09 11:23 p.m.4 views

Improper Validation of Integrity Check Value

Overview Affected versions of this package are vulnerable to Improper Validation of Integrity Check Value for .idx and .pack files. An attacker can cause the application to consume corrupted files, leading to unexpected errors, due to checksums not being checked in the loadIdxFile function...

5.3CVSS5.7AI score0.00136EPSS
Exploits0References2
Rows per page
Query Builder