6 matches found
CVE-2026-33895 Forge has signature forgery in Ed25519 due to missing S > L check
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, Ed25519 signature verification accepts forged non-canonical signatures where the scalar S is not reduced modulo the group order S = L. A valid signature and its S + L variant...
Open Policy Agent 安全漏洞
Open Policy Agent OPA is an open-source, general-purpose policy engine from Open Policy Agent Open Source that enables unified, context-aware policy enforcement across the stack. A security vulnerability exists in Open Policy Agent versions prior to 1.4.0, which stems from an HTTP Data API that...
dav1d Input Validation Error Vulnerability
dav1d is an AV1 cross-platform decoder from the individual developers at Void². A security vulnerability exists in dav1d versions prior to 1.4.0, which stems from an integer overflow vulnerability in the AV1 decoder...
CloudExplorer Lite 信息泄露漏洞
CloudExplorer Lite is CloudExplorer's platform that provides out-of-the-box basic functionality for cloud hosting management, cloud billing, operational analytics, and security compliance, as well as powerful extensibility to meet the customization needs of enterprises. An information disclosure...
PT-2023-20052 · Knime · Knime Business Hub
Name of the Vulnerable Software and Affected Versions: KNIME Business Hub versions prior to 1.4.0 Description: The issue allows an unauthenticated remote attacker to access internal information about the application, such as versions, host names, or IP addresses. No personal information or...
PT-2019-14031
Name of the Vulnerable Software and Affected Versions Roundcube Webmail versions prior to 1.4.0 Description The issue is related to how Roundcube Webmail handles Punycode xn-- domain names, which can lead to homograph attacks. Recommendations For versions prior to 1.4.0, update to version 1.4.0 o...