Lucene search
K

132 matches found

OSV
OSV
added 2026/01/22 3:15 a.m.4 views

DEBIAN-CVE-2026-23991

go-tuf is a Go implementation of The Update Framework TUF. Starting in version 2.0.0 and prior to version 2.3.1, if the TUF repository or any of its mirrors returns invalid TUF metadata JSON valid JSON but not well formed TUF metadata, the client will panic during parsing, causing a denial of...

7.5CVSS8.3AI score0.0053EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/22 2:20 a.m.25 views

CVE-2026-23992 go-tuf improperly validates the configured threshold for delegations

go-tuf is a Go implementation of The Update Framework TUF. Starting in version 2.0.0 and prior to version 2.3.1, a compromised or misconfigured TUF repository can have the configured value of signature thresholds set to 0, which effectively disables signature verification. This can lead to...

5.9CVSS0.00196EPSS
Exploits0References2
OSV
OSV
added 2026/01/21 4:19 p.m.2 views

GHSA-846P-JG2W-W324 go-tuf affected by client DoS via malformed server response

Security Disclosure: Client DoS via malformed server response Summary If the TUF repository or any of its mirrors returns invalid TUF metadata JSON valid JSON but not well formed TUF metadata, the client will panic during parsing, causing a DoS. The panic happens before any signature is validated...

5.9CVSS5.6AI score0.0053EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.3 views

MiracleLinux 8 : rpm-4.14.3-14.el8 (AXSA:2021-2180:05)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2180:05 advisory. rpm: Signature checks bypass via corrupted rpm package CVE-2021-20271 Tenable has extracted the preceding description block directly from the MiracleLinux...

7CVSS7.5AI score0.00827EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/19 12:0 a.m.9 views

PT-2026-3903

Name of the Vulnerable Software and Affected Versions go-tuf versions 2.0.0 through 2.3.0 Description go-tuf, a Go implementation of The Update Framework TUF, is susceptible to a denial of service. When processing TUF metadata, versions prior to 2.3.1 may panic if invalid JSON is received from th...

7.5CVSS5.2AI score0.0053EPSS
Exploits0References357
RedhatCVE
RedhatCVE
added 2026/01/09 10:55 a.m.7 views

CVE-2022-23334

The Robot application in Ip-label Newtest before v8.5R0 was discovered to use weak signature checks on executed binaries, allowing attackers to have write access and escalate privileges via replacing NEWTESTREMOTEMANAGER.EXE...

9.8CVSS7.5AI score0.00413EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2018-11773

Malware in sbrugna...

6.5CVSS7AI score0.01902EPSS
Exploits0References14
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-7568

Malware in sbrugna...

9.3CVSS8AI score0.01948EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-28003

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00459EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-28414

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00413EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-31754

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00418EPSS
Exploits2References3
Vulnrichment
Vulnrichment
added 2025/09/30 12:0 a.m.3 views

CVE-2025-56513

NiceHash QuickMiner 6.12.0 perform software updates over HTTP without validating digital signatures or hash checks. An attacker capable of intercepting or redirecting traffic to the update url and can hijack the update process and deliver arbitrary executables that are automatically executed,...

7.8AI score0.00418EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2017-16852

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic MetadataProvider plugin in Shibboleth Service Provider before 2.6.1 fails to properly configure itsel...

8.1CVSS7.5AI score0.01105EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/08/21 9:30 a.m.11 views

Mattermost Fails to Validate File Paths

Mattermost versions 10.9.x = 10.9.1, 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17 fail to properly validate file paths during plugin import operations which allows restricted admin users to install unauthorized custom plugins via path traversal in the import functionality, bypassing plugin...

6.8CVSS7AI score0.00461EPSS
Exploits0References4Affected Software4
Redos
Redos
added 2025/08/18 12:0 a.m.5 views

ROS-20250818-03

Vulnerability of phpseclib cryptographic protocol library is related to incorrect processing of RSA PKCS1 signature verification. of RSA PKCS1 signatures. Exploitation of the vulnerability could allow an attacker acting remotely, to compromise the target system. A vulnerability in the phpseclib...

7.5CVSS7.3AI score0.01055EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/08/08 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2020-14365

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf...

7.1CVSS7.9AI score0.00233EPSS
Exploits0References2
OSV
OSV
added 2024/08/23 9:15 a.m.4 views

UBUNTU-CVE-2024-38807

Applications that use spring-boot-loader or spring-boot-loader-classic and contain custom code that performs signature verification of nested jar files may be vulnerable to signature forgery where content that appears to have been signed by one signer has, in fact, been signed by another...

6.3CVSS5.8AI score0.00123EPSS
Exploits0References3
OSV
OSV
added 2024/08/21 4:3 p.m.13 views

GO-2022-0989 Dendrite signature checks not applied to some retrieved missing events in github.com/matrix-org/dendrite

Dendrite signature checks not applied to some retrieved missing events in github.com/matrix-org/dendrite...

7.3CVSS5.9AI score0.00307EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2024/07/23 9:39 a.m.683 views

Exploit for Authentication Bypass by Spoofing in Apache Cloudstack

🇮🇱 BringThemHome NeverAgainIsNow 🇮🇱 We demand the...

8.1CVSS8.4AI score0.1776EPSS
Exploits1
CNNVD
CNNVD
added 2024/07/19 12:0 a.m.6 views

Apache CloudStack 安全漏洞

Apache CloudStack is a suite of Infrastructure as a Service IaaS cloud computing platforms from the Apache Foundation in the United States. The platform is primarily used to deploy and manage large networks of virtual machines. A security bypass vulnerability exists in Apache CloudStack that stem...

8.1CVSS7AI score0.1776EPSS
Exploits1References7
Rows per page
Query Builder