Lucene search
K

1093 matches found

Snyk
Snyk
added 2026/05/21 5:56 p.m.9 views

Improper Validation of Integrity Check Value

Overview sagemaker is an Open source library for training and deploying models on Amazon SageMaker. Affected versions of this package are vulnerable to Improper Validation of Integrity Check Value in the Triton inference handler. An attacker can execute arbitrary code with the SageMaker execution...

9.1CVSS6.3AI score0.0039EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Ruby-Rack

A security vulnerability exists in versions of Rack 2.2.3 and Rack 2.1.4, where reliance on cookies without validation/integrity checks allows an attacker to forge a secure or host-only cookie prefix...

7.5CVSS6.7AI score0.02938EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Heimdal

The fix for CVE-2022-3437 involved changing the memcmp function to run in constant time, as well as providing a workaround for a compiler bug by adding comparisons of the result of memcmp with the value “!= 0”. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches and...

7.5CVSS6.8AI score0.00491EPSS
Exploits0References1
OSV
OSV
added 2026/05/19 7:53 p.m.13 views

MAL-2026-4740 Malicious code in zod-to-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 370d1632254cb5b5dbd394992054b6c0e943a6fb758ab70f470c059ee734b9c0 The package is published as 'zod-to-js' but ships a copy of pino's source tree main entry pino.js, lib/proto.js, lib/levels.js, pino docs/README with...

6.2AI score
Exploits0References3
Veracode
Veracode
added 2026/05/16 5:18 a.m.13 views

Integrity Check Bypass

Striae is vulnerable to Integrity Check Bypass. The vulnerability is due to reliance on hash-only validation in the digital confirmation workflow, where attackers could modify both package contents and corresponding manifest hash fields, allowing tampered confirmation packages to pass integrity...

8.2CVSS5.2AI score0.00118EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/05/14 8:17 p.m.18 views

CVE-2026-8597

Missing integrity verification in the Triton inference handler in Amazon SageMaker Python SDK v2 before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to achieve code execution in inference containers via replacement of model artifacts in S3 with a specially crafted pickle...

7.2CVSS0.0039EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/14 7:37 p.m.9 views

CVE-2026-8597 Missing integrity verification in Triton inference handler in Amazon SageMaker Python SDK

Missing integrity verification in the Triton inference handler in Amazon SageMaker Python SDK v2 before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to achieve code execution in inference containers via replacement of model artifacts in S3 with a specially crafted pickle...

7.2CVSS6.2AI score0.0039EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.23 views

PT-2026-41118

Name of the Vulnerable Software and Affected Versions Amazon SageMaker Python SDK versions prior to 2.257.2 Amazon SageMaker Python SDK versions prior to 3.8.0 Description Missing integrity verification in the Triton inference handler allows a remote authenticated actor with S3 write access to th...

7.2CVSS6.2AI score0.0039EPSS
Exploits0References15
ATTACKERKB
ATTACKERKB
added 2026/05/12 4:58 p.m.6 views

CVE-2026-33117

The Java Key Vault Keys library in the Azure SDK for Java contains an issue in the local cryptographic verification path where authentication tag comparison was implemented incorrectly. In affected applications that use the vulnerable local cryptography path, specially crafted encrypted input may...

9.1CVSS6AI score0.00479EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/01 8:39 p.m.8 views

CVE-2026-31719

A flaw was found in the krb5enc module of the Linux kernel's crypto subsystem. When performing asynchronous decryption, the krb5encdispatchdecrypt function incorrectly bypasses the integrity verification hash check. This issue occurs because the skcipher completion handler signals completion...

7.5CVSS5.8AI score0.00294EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/29 2:21 p.m.8 views

Download of Code Without Integrity Check

Overview Affected versions of this package are vulnerable to Download of Code Without Integrity Check via the verifyDownload function that does not perform integrity or authenticity verification of downloaded update. An attacker can execute arbitrary code by supplying a malicious executable that ...

9.8CVSS6.4AI score0.00379EPSS
Exploits1References2
OSV
OSV
added 2026/04/29 11:44 a.m.2 views

CVE-2026-42248 Missing Signature Verification for Updates in Ollama

Ollama for Windows does not perform integrity or authenticity verification of downloaded update executables. Unlike other platforms, the Windows implementation of the update verification routine unconditionally returns success so no digital signature or trust validation is performed before stagin...

7.7CVSS7AI score0.00379EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/04/24 7:11 p.m.6 views

CVE-2026-41244

Mojic is a CLI tool to transform readable C code into an unrecognizable chaotic stream of emojis. Prior to 2.1.4, the CipherEngine uses a standard equality operator !== to verify the HMAC-SHA256 integrity seal during the decryption phase. This creates an Observable Timing Discrepancy CWE-208,...

4.7CVSS5.3AI score0.00108EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.7 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013676)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013676 advisory. In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Handle race between rbmovetail and rbcheckpages It seems a data race between...

5.6AI score0.00182EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/21 6:24 p.m.5 views

EUVD-2026-24031

OpenBao: Decompression Bomb via Unbounded Copy in OCI Plugin Extraction DoS...

3.1CVSS5.7AI score0.00218EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/04/21 12:44 a.m.5 views

CVE-2026-39396 OpenBao has Decompression Bomb via Unbounded Copy in OCI Plugin Extraction (DoS)

OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, ExtractPluginFromImage in OpenBao's OCI plugin downloader extracts a plugin binary from a container image by streaming decompressed tar data via io.Copy with no upper bound on the number of bytes written. ...

3.1CVSS5.8AI score0.00218EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.6 views

PT-2026-33882

Name of the Vulnerable Software and Affected Versions OpenBao versions prior to 2.5.3 Description The OCI plugin downloader contains an issue in the ExtractPluginFromImage function where plugin binaries are extracted from container images by streaming decompressed tar data via io.Copy without a...

6.5CVSS5.2AI score0.00218EPSS
Exploits1References19
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.11 views

Siemens SCALANCE Improper Validation of Integrity Check Value(CVE-2020-26141)

An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation does not verify the Message Integrity Check authenticity of fragmented TKIP frames. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the...

6.5CVSS6.9AI score0.03072EPSS
Exploits0References5
CVE
CVE
added 2026/04/17 7:43 p.m.21 views

CVE-2026-40066

CVE-2026-40066 affects Anviz CX2 Lite and CX7 due to unverified update packages that can be uploaded. The device may unpack and execute a script, resulting in unauthenticated remote code execution. Root cause appears to be lack of integrity verification for update packages before execution. Impac...

8.8CVSS6.2AI score0.00409EPSS
Exploits0References3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/14 3:9 p.m.5 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an Improper Validation of Integrity Check Value in go-git [CVE-2026-25934]

Summary IBM Watson Speech Services Cartridge is vulnerable to an Improper Validation of Integrity Check Value in go-git, due to an issue where data integrity values for .pack and .idx files were not properly verified CVE-2026-25934. GO-git is used as a component of our ibm-watson-speech-catalog...

4.3CVSS7AI score0.00136EPSS
Exploits0Affected Software1
Rows per page
Query Builder