Lucene search
+L

42 matches found

OSV
OSV
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-326 dcap-qvl has Missing Verification for QE Identity

Impact This vulnerability involves a critical gap in the cryptographic verification process within the dcap-qvl. The library fetches QE Identity collateral including qeidentity, qeidentitysignature, and qeidentityissuerchain from the PCCS. However, it skips to verify the QE Identity signature...

9.3CVSS5.9AI score0.00208EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2026/05/16 5:23 a.m.357 views

darksword-Exploit

🗡️ DarkSword — iOS Full-Chain Exploit Analysis Reference:...

8.8CVSS7.3AI score0.22721EPSS
Exploits16
EUVD
EUVD
added 2026/01/26 9:28 p.m.6 views

EUVD-2026-4661

dcap-qvl implements the quote verification logic for DCAP Data Center Attestation Primitives. A vulnerability present in versions prior to 0.3.9 involves a critical gap in the cryptographic verification process within the dcap-qvl. The library fetches QE Identity collateral including qeidentity,...

9.3CVSS5.9AI score0.00208EPSS
Exploits0References1
OSV
OSV
added 2026/01/26 9:28 p.m.7 views

CVE-2026-22696 dcap-qvl has Missing Verification for QE Identity

dcap-qvl implements the quote verification logic for DCAP Data Center Attestation Primitives. A vulnerability present in versions prior to 0.3.9 involves a critical gap in the cryptographic verification process within the dcap-qvl. The library fetches QE Identity collateral including qeidentity,...

9.3CVSS5.9AI score0.00208EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/26 12:0 a.m.5 views

PT-2026-4820

Name of the Vulnerable Software and Affected Versions dcap-qvl versions prior to 0.3.9 Description The dcap-qvl library contains a flaw in its quote verification logic. The library retrieves QE Identity collateral from the PCCS, but fails to verify the QE Identity signature against its certificat...

9.3CVSS5.9AI score0.00208EPSS
Exploits0References12
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2006-5998

Malware in sbrugna...

5CVSS6.4AI score0.04053EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-15418

Malware in sbrugna...

6.5CVSS7.4AI score0.0085EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2019-15424

Malware in sbrugna...

8.8CVSS9.1AI score0.00984EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-1217

Malicious code in bioql PyPI...

4.3CVSS4.9AI score0.00441EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/05/23 10:12 a.m.12 views

CVE-2024-31995

@digitalbazaar/zcap provides JavaScript reference implementation for Authorization Capabilities. Prior to version 9.0.1, when invoking a capability with a chain depth of 2, i.e., it is delegated directly from the root capability, the expires property is not properly checked against the current da...

4.3CVSS6.7AI score0.00441EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:36 a.m.9 views

CVE-2023-41037

OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. In affected versions OpenPGP Cleartext Signed Messages are cryptographically signed messages where the signed text is readable without special tools. These messages typically contain a "Hash: ..." header declaring the hash algorit...

4.3CVSS6.5AI score0.00309EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/21 7:3 p.m.9 views

CVE-2025-47934

OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. Startinf in version 5.0.1 and prior to versions 5.11.3 and 6.1.1, a maliciously modified message can be passed to either openpgp.verify or openpgp.decrypt, causing these functions to return a valid signature verification result...

8.7CVSS6.5AI score0.00648EPSS
Exploits0
NVD
NVD
added 2025/05/19 7:15 p.m.12 views

CVE-2025-47934

OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. Startinf in version 5.0.1 and prior to versions 5.11.3 and 6.1.1, a maliciously modified message can be passed to either openpgp.verify or openpgp.decrypt, causing these functions to return a valid signature verification result...

8.7CVSS0.00648EPSS
Exploits0References5
CVE
CVE
added 2025/05/19 6:57 p.m.249 views

CVE-2025-47934

OpenPGP.js CVE-2025-47934 affects versions prior to 5.11.3 and 6.1.1, where a maliciously modified message can cause openpgp.verify or openpgp.decrypt to return a valid signature verification while the data may not have been signed. This affects inline-signed messages and signed-and-encrypted mes...

8.7CVSS6.2AI score0.00648EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/05/19 6:57 p.m.52 views

CVE-2025-47934 OpenPGP.js's message signature verification can be spoofed

OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. Startinf in version 5.0.1 and prior to versions 5.11.3 and 6.1.1, a maliciously modified message can be passed to either openpgp.verify or openpgp.decrypt, causing these functions to return a valid signature verification result...

8.7CVSS0.00648EPSS
Exploits0References5
OSV
OSV
added 2025/05/19 6:57 p.m.7 views

CVE-2025-47934 OpenPGP.js's message signature verification can be spoofed

OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. Startinf in version 5.0.1 and prior to versions 5.11.3 and 6.1.1, a maliciously modified message can be passed to either openpgp.verify or openpgp.decrypt, causing these functions to return a valid signature verification result...

8.7CVSS8.5AI score0.00648EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/10/26 12:0 a.m.5 views

PT-2024-10797 · Unknown · Html2Markdown

Name of the Vulnerable Software and Affected Versions: HTML2Markdown versions all available versions Description: The issue concerns a Regular Expression Denial of Service ReDoS in the HTML2Markdown Javascript implementation, which is used for converting HTML to Markdown text. No known patches ar...

8.7CVSS6.7AI score0.00389EPSS
Exploits0References5
Debian
Debian
added 2023/11/25 10:33 p.m.28 views

[SECURITY] [DLA 3665-1] node-json5 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3665-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès November 25, 2023 https://wiki.debian.org/LTS -...

8.8CVSS8.8AI score0.09304EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2023/08/29 4:46 p.m.11 views

CVE-2023-41037 Cleartext Signed Message Signature Spoofing in openpgpjs

OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. In affected versions OpenPGP Cleartext Signed Messages are cryptographically signed messages where the signed text is readable without special tools. These messages typically contain a "Hash: ..." header declaring the hash algorit...

4.3CVSS6.5AI score0.00309EPSS
Exploits1References2
Talos Blog
Talos Blog
added 2023/07/19 3:58 p.m.41 views

Memory corruption vulnerability in Microsoft Edge; MilesightVPN and router could be taken over

Since the beginning of July, Cisco Talos has published 40 vulnerability advisories affecting a range of software and hardware, including the Microsoft Edge browser. In our new series called "Vulnerability Roundup," well be recapping the vulnerabilities we recently disclosed to provide readers wit...

4.4CVSS9.3AI score0.01353EPSS
Exploits3
Rows per page
Query Builder