1079 matches found
CVE-2026-32317
CVE-2026-32317 affects Cryptomator for Android prior to version 1.12.3. An integrity-check vulnerability allowed an attacker to tamper with the vault configuration file, causing a MITM in the Hub key loading mechanism by mixing endpoints and bypassing host authenticity checks. Impacted users unlo...
CVE-2026-32310 Cryptomator: Unverified masterkeyfile key IDs can access arbitrary local or UNC paths
Cryptomator encrypts data being stored on cloud infrastructure. From version 1.6.0 to before version 1.19.1, vault configuration is parsed before its integrity is verified, and the masterkeyfile loader uses the unverified keyId as a filesystem path. The loader resolves keyId.getSchemeSpecificPart...
EUVD-2026-13746
Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.1, an integrity check vulnerability allows an attacker to tamper with the vault configuration file leading to a man-in-the-middle vulnerability in Hub key loading mechanism. Before this fix, the client trusted...
CVE-2026-32303 Cryptomator: Tampered vault configuration allows MITM attack on Hub API
Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.1, an integrity check vulnerability allows an attacker to tamper with the vault configuration file leading to a man-in-the-middle vulnerability in Hub key loading mechanism. Before this fix, the client trusted...
PT-2026-26773
Name of the Vulnerable Software and Affected Versions goxmlsig versions prior to 1.6.0 goxmlsig versions prior to 1.22 when using older Go versions or go.mod versions Description The validateSignature function in validate.go has a loop variable capture issue in Go versions before 1.22, or when...
CVE-2026-3856
IBM Db2 Recovery Expert for Linux, UNIX and Windows 5.5 IF 2 could allow an attacker to modify or corrupt data due to an insecure mechanism used for verifying the integrity of the data during transmission...
GHSA-HQMJ-H5C6-369M ONNX Untrusted Model Repository Warnings Suppressed by silent=True in onnx.hub.load() — Silent Supply-Chain Attack
What's the issue Passing silent=True to onnx.hub.load kills all trust warnings and user prompts. This means a model can be downloaded from any unverified GitHub repo with zero user awareness. python if not verifyreporefrepo and not silent: completely skipped when silent=True print"The model repo...
Improper Validation of Integrity Check Value
Overview robrichards/xmlseclibs is a PHP library for XML Security. Affected versions of this package are vulnerable to Improper Validation of Integrity Check Value in the decryptSymmetric function, when checking tag length for the aes-128-gcm, aes-192-gcm, and aes-256-gcm encryption algorithms. A...
SM9 Infinity-Point Ciphertext Forgery Vulnerability
Overview The current SM9 decryption implementation contains an infinity-point ciphertext forgery vulnerability. The root cause is that, during decryption, the elliptic-curve point C1 in the ciphertext is only deserialized and checked to be on the curve, but the implementation does not explicitly...
GHSA-5XXP-2VRJ-X855 SM9 Infinity-Point Ciphertext Forgery Vulnerability
Overview The current SM9 decryption implementation contains an infinity-point ciphertext forgery vulnerability. The root cause is that, during decryption, the elliptic-curve point C1 in the ciphertext is only deserialized and checked to be on the curve, but the implementation does not explicitly...
CVE-2026-3344
A vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS filesystem integrity check and maintain limited persistence via a maliciously-crafted firmware update package.This issue affects Fireware OS 12.0 up to and including 12.11.7, 12.5.9 up to and including...
CVE-2026-3344
A vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS filesystem integrity check and maintain limited persistence via a maliciously-crafted firmware update package.This issue affects Fireware OS 12.0 up to and including 12.11.7, 12.5.9 up to and including...
EUVD-2026-9290
A vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS filesystem integrity check and maintain limited persistence via a maliciously-crafted firmware update package.This issue affects Fireware OS 12.0 up to and including 12.11.7, 12.5.9 up to and including...
CVE-2025-47904
Download of Code Without Integrity Check vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.This issue affects Time Provider 4100: before 2.5...
Exploit for Improper Validation of Integrity Check Value in Openbsd Openssh
Terrapin Attack - Manual Exploitation Lab CVE-2023-48795...
CVE-2025-47904
Download of Code Without Integrity Check vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.This issue affects Time Provider 4100: before 2.5...
CVE-2025-47904 Unsigned upgrade package
Download of Code Without Integrity Check vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.This issue affects Time Provider 4100: before 2.5...
Notepad++ Download of Code Without Integrity Check Vulnerability
Notepad++ when using the WinGUp updater, contains a download of code without integrity check vulnerability that could allow an attacker to intercept or redirect update traffic to download and execute an attacker-controlled installer. This could lead to arbitrary code execution with the privileges...
Improper Validation of Integrity Check Value
Overview Affected versions of this package are vulnerable to Improper Validation of Integrity Check Value for .idx and .pack files. An attacker can cause the application to consume corrupted files, leading to unexpected errors, due to checksums not being checked in the loadIdxFile function...
Improper Validation of Integrity Check Value
Overview Affected versions of this package are vulnerable to Improper Validation of Integrity Check Value for .idx and .pack files. An attacker can cause the application to consume corrupted files, leading to unexpected errors, due to checksums not being checked in the loadIdxFile function...