Lucene search
+L

261 matches found

nvd
nvd
added 11 hours ago6 views

CVE-2026-15013

The SAML Single Sign On – SSO Login plugin for WordPress is vulnerable to Authentication Bypass via SAML Signature Algorithm Confusion in all versions up to, and including, 5.4.3. The vulnerability exists because MoSAMLUtilities::mosamlcastkey reads the SignatureMethod Algorithm attribute directl...

9.8CVSS
Exploits0References7
cvelist
cvelist
added 12 hours ago17 views

CVE-2026-15013 SAML Single Sign On <= 5.4.3 - Unauthenticated Authentication Bypass via 'SAMLResponse' Parameter Signature Algorithm Confusion

The SAML Single Sign On – SSO Login plugin for WordPress is vulnerable to Authentication Bypass via SAML Signature Algorithm Confusion in all versions up to, and including, 5.4.3. The vulnerability exists because MoSAMLUtilities::mosamlcastkey reads the SignatureMethod Algorithm attribute directl...

9.8CVSS
Exploits0References7
attackerkb
attackerkb
added 12 hours ago2 views

CVE-2026-15013

The SAML Single Sign On – SSO Login plugin for WordPress is vulnerable to Authentication Bypass via SAML Signature Algorithm Confusion in all versions up to, and including, 5.4.3. The vulnerability exists because MoSAMLUtilities::mosamlcastkey reads the SignatureMethod Algorithm attribute directl...

9.8CVSS6AI score
Exploits0References8
euvd
euvd
added 12 hours ago4 views

EUVD-2026-44866

The SAML Single Sign On – SSO Login plugin for WordPress is vulnerable to Authentication Bypass via SAML Signature Algorithm Confusion in all versions up to, and including, 5.4.3. The vulnerability exists because MoSAMLUtilities::mosamlcastkey reads the SignatureMethod Algorithm attribute directl...

9.8CVSS6AI score
Exploits0References7
cve
cve
added 2 days ago21 views

CVE-2026-48747

Summary: CVE-2026-48747 affects Symfony’s Mailomat webhook parser. The MailomatRequestParser::validateSignature() method reads the X-MOM-Webhook-Signature header and passes the wire-provided algorithm directly to hash_hmac(), enabling a signature algorithm downgrade instead of enforcing SHA-256 a...

6.3CVSS6.1AI score0.00237EPSS
Exploits0References4Affected Software1
redhatcve
redhatcve
added 2 days ago7 views

CVE-2026-50722

A flaw was found in Libreswan's implementation of IKEv2 authentication when processing signatures utilizing the RSASSA-PKCS1-v15 scheme. The RSAauthenticatehashsignaturepkcs115rsa function does not correctly validate the DER encoding of the ASN.1 digest. A remote, unauthenticated attacker could...

8.1CVSS6.1AI score0.00352EPSS
Exploits0References7
fedora
fedora
added 4 days ago9 views

[SECURITY] Fedora 44 Update: perl-Crypt-DSA-1.22-1.fc44

Crypt::DSA is an implementation of the DSA Digital Signature Algorithm signature verification system. This package provides DSA signing, signature verification, and key generation. DSA Digital Signature Algorithm signatures are no longer considered to be adequate for security. This module should...

7.5CVSS6.1AI score0.00508EPSS
Exploits0
fedora
fedora
added 4 days ago7 views

[SECURITY] Fedora 43 Update: perl-Crypt-DSA-1.22-1.fc43

Crypt::DSA is an implementation of the DSA Digital Signature Algorithm signature verification system. This package provides DSA signing, signature verification, and key generation. DSA Digital Signature Algorithm signatures are no longer considered to be adequate for security. This module should...

7.5CVSS6.1AI score0.00508EPSS
Exploits0
nvd
nvd
added 2026/07/05 2:17 a.m.15 views

CVE-2026-14570

Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery. "Crypt::DSA::Util::makerandom forces the high bit of every value it returns to obtain an exactly N-bit integer for prime search. The signing nonce a...

7.5CVSS0.00508EPSS
Exploits0References4
osv
osv
added 2026/07/05 2:17 a.m.6 views

DEBIAN-CVE-2026-14570

Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery. "Crypt::DSA::Util::makerandom forces the high bit of every value it returns to obtain an exactly N-bit integer for prime search. The signing nonce a...

7.5CVSS5.9AI score0.00508EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/07/05 12:0 a.m.16 views

PT-2026-55751

Name of the Vulnerable Software and Affected Versions Crypt::DSA versions prior to 1.22 Description The software draws the DSA signing nonce and private key from a biased random generator. Specifically, the makerandom function in Crypt::DSA::Util forces the high bit of every returned value to...

7.5CVSS5.9AI score0.00508EPSS
Exploits0References10
nessus
nessus
added 2026/06/30 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-6325

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out-of-bounds write in SetSuitesHashSigAlgo when processing an oversized signature algorithms list, allowing a write past the bounds of the destination buffer...

7.5CVSS6.1AI score0.00175EPSS
Exploits0References3
fedora
fedora
added 2026/06/24 1:33 a.m.10 views

[SECURITY] Fedora 43 Update: perl-Crypt-DSA-1.21-1.fc43

Crypt::DSA is an implementation of the DSA Digital Signature Algorithm signature verification system. This package provides DSA signing, signature verification, and key generation. DSA Digital Signature Algorithm signatures are no longer considered to be adequate for security. This module should...

9.1CVSS5.7AI score0.00289EPSS
Exploits0
fedora
fedora
added 2026/06/24 1:30 a.m.8 views

[SECURITY] Fedora 44 Update: perl-Crypt-DSA-1.21-1.fc44

Crypt::DSA is an implementation of the DSA Digital Signature Algorithm signature verification system. This package provides DSA signing, signature verification, and key generation. DSA Digital Signature Algorithm signatures are no longer considered to be adequate for security. This module should...

9.1CVSS5.7AI score0.00289EPSS
Exploits0
euvd
euvd
added 2026/06/16 12:34 a.m.12 views

EUVD-2026-37016

Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery. Crypt::DSA::sign caches the per-signature nonce material in the Key object without ever clearing it. The first sign on a Key object picks a nonce, and every later sign on that same object...

5.2AI score0.00289EPSS
Exploits0References4
cve
cve
added 2026/06/15 9:57 p.m.23 views

CVE-2026-12205

Crypt::DSA for Perl versions before 1.21 reuse the per-signature nonce across signatures because the sign() function caches nonce data in the Key object and does not clear it. The first sign() selects a nonce and later signs reuse that nonce, producing identical r values, enabling potential priva...

9.1CVSS5.2AI score0.00289EPSS
Exploits0References3
osv
osv
added 2026/06/15 5:32 p.m.7 views

GHSA-RRJ9-5Q2J-4GVR Symfony: Mailomat Mailer Webhook Parser Reads the HMAC Algorithm from the Request: Signature Algorithm Downgrade

Description Symfony\Component\Mailer\Bridge\Mailomat\Webhook\MailomatRequestParser::validateSignature parses the X-MOM-Webhook-Signature request header as algo=signature and passes the wire-supplied $algo directly to hashhmac when verifying the request against the configured webhook secret. The...

6.3CVSS5.5AI score0.00237EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/06/15 12:0 a.m.15 views

PT-2026-49531

Name of the Vulnerable Software and Affected Versions Crypt::DSA versions prior to 1.21 Description The software reuses the nonce across signatures, which can lead to the recovery of the private key. The sign function in the Crypt::DSA::sign module caches the per-signature nonce material within t...

5.3AI score0.00289EPSS
Exploits0References5
opensuse
opensuse
added 2026/06/03 12:0 a.m.9 views

Security update for ovmf (important)

openSUSE security update: security update for ovmf ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20875-1 Rating: important References: bsc1261469 bsc1261476 bsc1261477 bsc1261478 Cross-References: CVE-2026-25833 CVE-2026-25834 CVE-2026-25835...

8.7CVSS6AI score0.00308EPSS
Exploits0References4
osv
osv
added 2026/06/02 9:33 a.m.8 views

SUSE-SU-2026:22016-1 Security update for ovmf

This update for ovmf fixes the following issues: - CVE-2026-25833: mbedtls: buffer overflow in the x509inetptonipv6 function bsc1261476. - CVE-2026-25834: mbedtls: client accepts signature algorithm chosen by server even if not advertised in client hello bsc1261477. - CVE-2026-25835: mbedtls: no...

7.7CVSS5.6AI score0.00308EPSS
Exploits0References9
Rows per page
Query Builder