CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 6 days ago•10 views

PT-2026-45019

Summary Binary delta apply intermediate-symlink traversal in malicious .delta Autoupdate/SUBinaryDeltaApply.m enforces relativePath.pathComponents containsObject:@".." and rejects writes whose immediate parent directory IS itself a symbolic link, but does not detect symlinks deeper in the relativ...

6.1CVSS5.8AI score

Positive Technologies•added 2026/05/28 12:0 a.m.•4 views

PT-2026-44395

PyJWT is a JSON Web Token implementation in Python. From 2.9.0 to 2.12.1, there is a verifier-side algorithm allow-list bypass when jwt.decode or jwt.decode complete are called with a PyJWK key. The token header alg is checked against the caller-supplied algorithms allow-list, but signature...

5.4CVSS5.8AI score0.00014EPSS

Exploits1References2

NVD•added 2026/05/27 6:16 p.m.•3 views

CVE-2025-67903

Northern.tech Mender Client 5 before 5.0.4 allows a Cryptographic signature verification bypass...

5.3CVSS0.00025EPSS

Positive Technologies•added 2026/05/27 12:0 a.m.•5 views

PT-2026-44046

Northern.tech Mender Client 5 before 5.0.4 allows a Cryptographic signature verification bypass...

5.8AI score0.00025EPSS

CVE•added 2026/05/27 12:0 a.m.•7 views

CVE-2025-67903

CVE-2025-67903 affects Northern.tech Mender Client 5 prior to 5.0.4. The vulnerability is a cryptographic signature verification bypass. The provided documents do not include details on the root cause, vulnerable components beyond the client, or a confirmed remediation/patch version. No exploitat...

5.3CVSS5.8AI score0.00025EPSS

Github Security Blog•added 2026/05/26 11:38 p.m.•9 views

Fedify has an LD-Signature Bypass via JSON-LD Named-Graph Restructuring

Summary An attacker can make use of JSON-LD features to restructure a JSON-LD document that would change how Fedify interprets it without changing its Linked Data Signature, allowing them to alter a third-party signed activity they have received. Details The vulnerability essentially boils down t...

5.7AI score

Exploits0References3Affected Software1

OSV•added 2026/05/26 11:38 p.m.•2 views

GHSA-9RFG-V8G9-9367 Fedify has an LD-Signature Bypass via JSON-LD Named-Graph Restructuring

7CVSS5.7AI score

CVE•added 2026/05/26 9:4 p.m.•8 views

CVE-2026-44900

CVE-2026-44900 affects epa4all-client (Java client for epa4all / ePA 3.0). The root cause is in SignedPublicKeysTrustValidatorImpl.isTrusted(): the ECDSA verification step discards the boolean result from Signature.verify(), performing certificate chain validation, OCSP check, and signature algor...

8.1CVSS5.8AI score0.00006EPSS

Vulnrichment•added 2026/05/26 9:4 p.m.•5 views

CVE-2026-44900 epa4all-client: VAU Signature bypass

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.1, in SignedPublicKeysTrustValidatorImpl.isTrusted, the ECDSA signature verification at line 45 discards the boolean return value of Signature.verify. The method performs certificate chain...

8.1CVSS5.8AI score0.00006EPSS

OSV•added 2026/05/22 7:14 a.m.•2 views

CLSA-2026-1779434064 libdnf: Fix of CVE-2021-3445

CVE-2021-3445: fix signature verification bypass via signature placed in the main RPM header...

7.5CVSS7.3AI score0.00038EPSS

Exploits0References1

AstraLinux•added 2026/05/20 5:53 a.m.•1 views

Astra Linux - уязвимость в samba

A flaw was discovered in the way Samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request and chose to fragment it, an attacker could replace the later fragments with their own data, thereby bypassing the signature requirements...

7.5CVSS7.2AI score0.00106EPSS

RedhatCVE•added 2026/05/18 1:58 p.m.•6 views

CVE-2026-46728

Das U-Boot before 2026.04 allows FIT Flat Image Tree signature verification bypass because hashed-nodes is omitted from a hash...

RedHat Linux•added 2026/05/18 12:24 p.m.•13 views

Exploits0References1

bouncycastle: BC-JAVA: PKIX draft CompositeVerifier accepts empty signature sequence as valid

A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix. The PKIX draft CompositeVerifier implementation improperly accepts an empty signature sequence as a valid cryptographic signature. This issue allows a remote attacker to bypass signature verification mechanisms, potentially...

6.3CVSS5.8AI score0.00013EPSS

Exploits0References5

EUVD•added 2026/05/17 12:31 a.m.•7 views

EUVD-2026-30673

Das U-Boot before 2026.04 allows FIT Flat Image Tree signature verification bypass because hashed-nodes is omitted from a hash...

Tenable Nessus•added 2026/05/17 12:0 a.m.•7 views

Linux Distros Unpatched Vulnerability : CVE-2026-46728

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Das U-Boot before 2026.04 allows FIT Flat Image Tree signature verification bypass because hashed-nodes is omitted from a hash. CVE-2026-46728 Note that Nessus...

OSV•added 2026/05/16 10:16 p.m.•2 views

DEBIAN-CVE-2026-46728

Das U-Boot before 2026.04 allows FIT Flat Image Tree signature verification bypass because hashed-nodes is omitted from a hash...

NVD•added 2026/05/16 10:16 p.m.•7 views

Exploits0References1

CVE-2026-46728

Das U-Boot before 2026.04 allows FIT Flat Image Tree signature verification bypass because hashed-nodes is omitted from a hash...

8.2CVSS0.00004EPSS