Lucene search
K

6 matches found

Cvelist
Cvelist
added 2026/03/27 8:47 p.m.27 views

CVE-2026-33895 Forge has signature forgery in Ed25519 due to missing S > L check

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, Ed25519 signature verification accepts forged non-canonical signatures where the scalar S is not reduced modulo the group order S = L. A valid signature and its S + L variant...

7.5CVSS0.00348EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/05/01 12:0 a.m.2 views

Open Policy Agent 安全漏洞

Open Policy Agent OPA is an open-source, general-purpose policy engine from Open Policy Agent Open Source that enables unified, context-aware policy enforcement across the stack. A security vulnerability exists in Open Policy Agent versions prior to 1.4.0, which stems from an HTTP Data API that...

7.4CVSS8AI score0.0036EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/02/19 12:0 a.m.3 views

dav1d Input Validation Error Vulnerability

dav1d is an AV1 cross-platform decoder from the individual developers at Void². A security vulnerability exists in dav1d versions prior to 1.4.0, which stems from an integer overflow vulnerability in the AV1 decoder...

8.8CVSS7AI score0.01835EPSS
Exploits0References18
CNNVD
CNNVD
added 2023/08/24 12:0 a.m.6 views

CloudExplorer Lite 信息泄露漏洞

CloudExplorer Lite is CloudExplorer's platform that provides out-of-the-box basic functionality for cloud hosting management, cloud billing, operational analytics, and security compliance, as well as powerful extensibility to meet the customization needs of enterprises. An information disclosure...

7.5CVSS5.3AI score0.0063EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/06/07 12:0 a.m.4 views

PT-2023-20052 · Knime · Knime Business Hub

Name of the Vulnerable Software and Affected Versions: KNIME Business Hub versions prior to 1.4.0 Description: The issue allows an unauthenticated remote attacker to access internal information about the application, such as versions, host names, or IP addresses. No personal information or...

5.3CVSS7.2AI score0.00642EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2019/08/20 12:0 a.m.2 views

PT-2019-14031

Name of the Vulnerable Software and Affected Versions Roundcube Webmail versions prior to 1.4.0 Description The issue is related to how Roundcube Webmail handles Punycode xn-- domain names, which can lead to homograph attacks. Recommendations For versions prior to 1.4.0, update to version 1.4.0 o...

9.3CVSS7.1AI score0.5281EPSS
Exploits6References21
Rows per page
Query Builder