Lucene search
K

14109 matches found

NVD
NVD
added 1 hour ago3 views

CVE-2026-59955

Apollo is a reliable configuration management system suitable for microservice configuration management scenarios. Prior to 2.5.2, Apollo ConfigService may allow unauthorized access to raw configuration data when AccessKey or management key authentication is enabled because requests under...

7.5CVSS
Exploits0References3
Cvelist
Cvelist
added 2 hours ago8 views

CVE-2026-59955 Apollo ConfigService access key authentication bypass via raw config file appId parsing

Apollo is a reliable configuration management system suitable for microservice configuration management scenarios. Prior to 2.5.2, Apollo ConfigService may allow unauthorized access to raw configuration data when AccessKey or management key authentication is enabled because requests under...

7.5CVSS
Exploits0References3
Cvelist
Cvelist
added 7 hours ago3 views

CVE-2026-61436 PraisonAI before 4.6.78 Missing Webhook Signature Verification

PraisonAI before 4.6.78 fails to verify Svix webhook signatures in AgentMail webhook mode, allowing unauthenticated attackers to forge message.received events. Attackers can send crafted JSON payloads to the webhook endpoint to invoke configured agents with arbitrary sender addresses and message...

8.8CVSS
Exploits0References4
EUVD
EUVD
added 7 hours ago5 views

EUVD-2026-44642

PraisonAI before 4.6.78 fails to verify Svix webhook signatures in AgentMail webhook mode, allowing unauthenticated attackers to forge message.received events. Attackers can send crafted JSON payloads to the webhook endpoint to invoke configured agents with arbitrary sender addresses and message...

8.8CVSS6.2AI score
Exploits0References4
Nuclei
Nuclei
added 13 hours ago168 views

MinIO - Incomplete Signature Validation for Unsigned-Trailer Uploads

MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. The signature component of the authorization may be invalid, which would mean that as a client you can use any arbitrary secret to upload objects given the user already has prior WRITE permissions on...

8.7CVSS7AI score0.02421EPSS
Exploits0References2
Nuclei
Nuclei
added 13 hours ago82 views

DataEase v2.10.2 - JWT Signature Verification Bypass

DataEase is an open source data visualization analysis tool that helps users quickly analyze data and gain insights into business trends. In affected versions, the lack of signature verification of JWT tokens allows attackers to forge JWTs, which then allow access to any interface. The...

9.3CVSS6.1AI score0.01223EPSS
Exploits1References1
Nuclei
Nuclei
added 13 hours ago80 views

Keycloak - SAML Core Package Signature Validation Flaw

A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather than the Referen...

7.7CVSS6.6AI score0.0203EPSS
Exploits0References5
Cvelist
Cvelist
added yesterday23 views

CVE-2026-61520 Simple Machines Forum SSRF via image proxy

Simple Machines Forum 2.1 prior to commit 4bf35cf and 3.0 prior to commit b4d23df contains a server-side request forgery vulnerability in the image proxy that allows authenticated attackers to trigger internal HTTP requests by embedding attacker-controlled URLs in BBCode image tags, which the pro...

7.7CVSS
Exploits0References3
NVD
NVD
added yesterday4 views

CVE-2026-48747

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 7.4.13 and 8.0.13, MailomatRequestParser::validateSignature parsed X-MOM-Webhook-Signature as algo=signature and passed the request-selected algorithm to hashhmac, allowing a signature...

6.3CVSS0.00018EPSS
Exploits0References4
NVD
NVD
added yesterday2 views

CVE-2026-47212

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 6.4.40, 7.4.12, and 8.0.12, TwilioRequestParser::doParse received the configured webhook secret but ignored the X-Twilio-Signature HMAC header, allowing unauthenticated POST requests to inje...

6.9CVSS0.00026EPSS
Exploits0References5
NVD
NVD
added yesterday4 views

CVE-2026-47304

Improper verification of cryptographic signature in .NET allows an unauthorized attacker to bypass a security feature over a network...

8.1CVSS
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-45755

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 7.4.12 and 8.0.12, MailtrapRequestParser::doParse received the configured webhook secret but ignored the X-Mt-Signature HMAC header, allowing unauthenticated POST requests to inject forged...

6.9CVSS0.00026EPSS
Exploits0References4
NVD
NVD
added yesterday4 views

CVE-2026-45075

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 7.4.12 and 8.0.12, method-scoped IsGranted, IsSignatureValid, and IsCsrfTokenValid attributes can be configured for GET only, but Symfony routes HEAD requests to the GET handler while the...

8.3CVSS0.00052EPSS
Exploits0References3
CVE
CVE
added yesterday20 views

CVE-2026-48747

Summary: CVE-2026-48747 affects Symfony’s Mailomat webhook parser. The MailomatRequestParser::validateSignature() method reads the X-MOM-Webhook-Signature header and passes the wire-provided algorithm directly to hash_hmac(), enabling a signature algorithm downgrade instead of enforcing SHA-256 a...

6.3CVSS6.1AI score0.00018EPSS
Exploits0References4Affected Software1
CVE
CVE
added yesterday24 views

CVE-2026-47212

Symfony’s Twilio Notifier Bridge contains a vulnerability in TwilioRequestParser::doParse() where the configured webhook secret is read but the X-Twilio-Signature verification is ignored, allowing unauthenticated POSTs to inject forged Twilio status payloads. Affected releases: Symfony before 6.4...

6.9CVSS6.1AI score0.00026EPSS
Exploits0References5Affected Software1
CVE
CVE
added yesterday12 views

CVE-2026-45755

The CVE-2026-45755 issue affects Symfony’s Mailtrap Mailer Bridge (package symfony/mailtrap-mailer). The MailtrapRequestParser::doParse() method accepts the webhook payload using a configured secret but does not verify the X-Mt-Signature HMAC header, allowing unauthenticated POST requests to forg...

6.9CVSS6.1AI score0.00026EPSS
Exploits0References4Affected Software1
CVE
CVE
added yesterday85 views

CVE-2026-45075

Summary : Symfony's GET-only method checks in #[IsGranted], #[IsSignatureValid], and #[IsCsrfTokenValid] can be bypassed by HEAD requests, causing header leakage and potential side effects as HEAD is routed to the GET handler. This affects Symfony framework versions prior to 7.4.12 and 8.0.12. Im...

8.3CVSS6.2AI score0.00052EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added yesterday3 views

CVE-2026-48758

A flaw was found in the @sigstore/core component. The preAuthEncoding function incorrectly uses Node.js 'ascii' encoding when converting Pre-Authentication Encoding PAE strings to bytes. This encoding truncates Unicode characters to their low byte, allowing an attacker to substitute characters in...

5.4CVSS6AI score
Exploits0References4
Microsoft CVE
Microsoft CVE
added yesterday4 views

.NET Security Feature Bypass Vulnerability

Improper verification of cryptographic signature in .NET allows an unauthorized attacker to bypass a security feature over a network...

8.1CVSS6.1AI score
Exploits0
RedhatCVE
RedhatCVE
added yesterday7 views

CVE-2026-50722

A flaw was found in Libreswan's implementation of IKEv2 authentication when processing signatures utilizing the RSASSA-PKCS1-v15 scheme. The RSAauthenticatehashsignaturepkcs115rsa function does not correctly validate the DER encoding of the ASN.1 digest. A remote, unauthenticated attacker could...

8.1CVSS6.1AI score0.00352EPSS
Exploits0References7
Rows per page
Query Builder