Lucene search
K

24 matches found

Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.24 views

PT-2026-50796

Name of the Vulnerable Software and Affected Versions Relyra versions 1.0.0 through 1.1.0 Description Relyra is a SAML 2.0 Service Provider library for Elixir and Phoenix that accepts forged SAML signatures. This occurs because the SignatureValue is not cryptographically verified before the libra...

9.1CVSS5.8AI score0.00135EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/06/05 7:11 p.m.10 views

CVE-2026-44714

The bitcoinj library is a Java implementation of the Bitcoin protocol. Prior to 0.17.1, ScriptExecution.correctlySpends contains two fast-path verification bugs for standard P2PKH and native P2WPKH spends in core/src/main/java/org/bitcoinj/script/ScriptExecution.java. In both branches, bitcoinj...

7.5CVSS5.5AI score0.0027EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.12 views

PT-2026-43713

Name of the Vulnerable Software and Affected Versions Erlang OTP versions 27.0 through 27.3.4.11 Erlang OTP versions prior to 28.5.0.1 Erlang OTP versions prior to 29.0.1 public key versions 1.16 through 1.17.1.2 public key versions prior to 1.20.3.1 public key versions prior to 1.21.1 Descriptio...

6.3CVSS5.8AI score0.00316EPSS
Exploits0References33
CVE
CVE
added 2026/05/22 2:31 a.m.66 views

CVE-2026-39829

CVE-2026-39829 affects golang.org/x/crypto/ssh. The vulnerability arises because the RSA/DSA public key parsers did not enforce size limits on key parameters, allowing crafted keys with oversized modulus or DSA parameters to cause prolonged CPU use during signature verification. Affected behavior...

7.5CVSS5.8AI score0.004EPSS
Exploits0References27Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/15 4:51 p.m.6 views

CVE-2026-44714

The bitcoinj library is a Java implementation of the Bitcoin protocol. Prior to 0.17.1, ScriptExecution.correctlySpends contains two fast-path verification bugs for standard P2PKH and native P2WPKH spends in core/src/main/java/org/bitcoinj/script/ScriptExecution.java. In both branches, bitcoinj...

7.5CVSS5.9AI score0.0027EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.13 views

PT-2026-28169

Name of the Vulnerable Software and Affected Versions Pay versions prior to 3.7.20 Description The verify wechat sign function in src/Functions.php does not properly validate signatures when the Host header in a PSR-7 request is set to localhost. This allows an attacker to bypass the RSA signatur...

8.6CVSS5.9AI score0.00503EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/03/17 12:0 a.m.7 views

sjcl 安全漏洞

sjcl is a deprecated JavaScript encryption library developed by bitwiseshiftleft. Sjcl has a security vulnerability, which stems from the lack of point-to-point verification in sjcl.ecc.basicKey.publicKey. This vulnerability could allow attackers to recover the victim’s ECDH private key by sendin...

8.7CVSS5.8AI score0.00246EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/03/04 8:47 a.m.28 views

CVE-2026-27445 PGP Signature Reflection

SEPPmail Secure Email Gateway before version 15.0.1 does not properly verify that a PGP signature was generated by the expected key, allowing signature spoofing...

6.9CVSS0.00123EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/01/10 6:11 a.m.6 views

CVE-2026-22703

Cosign provides code signing and transparency for containers and binaries. Prior to versions 2.6.2 and 3.0.4, Cosign bundle can be crafted to successfully verify an artifact even if the embedded Rekor entry does not reference the artifact's digest, signature or public key. When verifying a Rekor...

5.5CVSS7.1AI score0.00077EPSS
Exploits1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-23568

Malware in sbrugna...

7.5CVSS7.6AI score0.00672EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-38107

Malicious code in bioql PyPI...

7.4CVSS7.5AI score0.00596EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:34 a.m.13 views

CVE-2023-31580

light-oauth2 before version 2.1.27 obtains the public key without any verification. This could allow attackers to authenticate to the application with a crafted JWT token...

5.9CVSS6.7AI score0.0055EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:0 p.m.7 views

CVE-2021-36992

There is a Public key verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality...

7.5CVSS6.9AI score0.00672EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2025/05/07 12:0 a.m.9 views

Do Not Preset known_hosts for the SSH Service

knownhosts stores the public keys of the computers that the host has accessed. After a user successfully logs in to another computer, the public key information is automatically saved in $HOME/.ssh/knownhosts. When the same computer is accessed next time, its public key is verified. If the...

6.7AI score
Exploits0References3
OSV
OSV
added 2025/02/07 12:0 p.m.7 views

RUSTSEC-2025-0006 Hickory DNS failure to verify self-signed RRSIG for DNSKEYs

Summary The DNSSEC validation routines treat entire RRsets of DNSKEY records as trusted once they have established trust in only one of the DNSKEYs. As a result, if a zone includes a DNSKEY with a public key that matches a configured trust anchor, all keys in that zone will be trusted to...

7.3AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/10/25 6:17 p.m.7 views

CVE-2023-31580

light-oauth2 before version 2.1.27 obtains the public key without any verification. This could allow attackers to authenticate to the application with a crafted JWT token...

5.9CVSS6.2AI score0.0055EPSS
Exploits1References3
Amazon
Amazon
added 2023/07/26 12:0 a.m.5 views

Medium: curl

Issue Overview: libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the now freed hash. This flaw risks inserting sensitive heap-based data into t...

7.5CVSS6.9AI score0.02489EPSS
Exploits3
NVD
NVD
added 2023/05/24 6:15 p.m.9 views

CVE-2023-33983

The Introduction Client in Briar through 1.5.3 does not implement out-of-band verification for the public keys of introducees. An introducer can launch man-in-the-middle attacks against later private communication between two introduced parties...

7.4CVSS7.4AI score0.00596EPSS
Exploits1References1
OSV
OSV
added 2023/05/24 6:15 p.m.5 views

CVE-2023-33983

The Introduction Client in Briar through 1.5.3 does not implement out-of-band verification for the public keys of introducees. An introducer can launch man-in-the-middle attacks against later private communication between two introduced parties...

7.4CVSS7.1AI score0.00596EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/05/24 12:0 a.m.11 views

CVE-2023-33983

The Introduction Client in Briar through 1.5.3 does not implement out-of-band verification for the public keys of introducees. An introducer can launch man-in-the-middle attacks against later private communication between two introduced parties...

6.9AI score0.00596EPSS
Exploits1References1
Rows per page
Query Builder