570 matches found
CVE-2026-26078 Discourse has authentication bypass vulnerability in the Patreon plugin webhook endpoint
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, when the patreonwebhooksecret site setting is blank, an attacker can forge valid webhook signatures by computing an HMAC-MD5 with an empty string as the key. Since the request body is known to th...
Discourse 安全漏洞
Discourse is an open-source community discussion platform developed by Discourse. This platform includes features such as communities, email communication, and chat rooms. Versions of Discourse before 2025.12.2, 2026.1.1, and 2026.2.0 contained security vulnerabilities. These vulnerabilities...
PT-2026-22153
Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2025.12.2 Discourse versions prior to 2026.1.1 Discourse versions prior to 2026.2.0 Description Discourse, an open source discussion platform, is susceptible to a security issue. When the patreon webhook secret site...
EUVD-2026-8680
An issue in OpenFUN Richie LMS in src/richie/apps/courses/api.py. The application used the non-constant time == operator for HMAC signature verification in the synccourserunfromrequest function. This allows remote attackers to forge valid signatures and bypass authentication by measuring response...
GHSA-XJHR-FM27-4HMX OpenFUN Richie Observable Timing Discrepancy in its sync_course_run_from_request function
An issue in OpenFUN Richie LMS in src/richie/apps/courses/api.py. The application used the non-constant time == operator for HMAC signature verification in the synccourserunfromrequest function. This allows remote attackers to forge valid signatures and bypass authentication by measuring response...
CVE-2026-24890
OpenEMR prior to 8.0.0 contains an Authorization bypass in the patient portal signature endpoint that lets authenticated portal users forge provider signatures by setting type=admin-signature and targeting any provider user ID. This could enable signature forgery on medical documents, with possib...
CVE-2026-24890 OpenEMR Portal Users Can Forge Provider Signatures
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an authorization bypass vulnerability in the patient portal signature endpoint allows authenticated portal users to upload and overwrite provider signatures by setting...
CVE-2026-24890
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an authorization bypass vulnerability in the patient portal signature endpoint allows authenticated portal users to upload and overwrite provider signatures by setting...
CVE-2026-24890 OpenEMR Portal Users Can Forge Provider Signatures
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an authorization bypass vulnerability in the patient portal signature endpoint allows authenticated portal users to upload and overwrite provider signatures by setting...
CVE-2026-24890 OpenEMR Portal Users Can Forge Provider Signatures
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an authorization bypass vulnerability in the patient portal signature endpoint allows authenticated portal users to upload and overwrite provider signatures by setting...
CVE-2026-26717
An issue in OpenFUN Richie LMS in src/richie/apps/courses/api.py. The application used the non-constant time == operator for HMAC signature verification in the synccourserunfromrequest function. This allows remote attackers to forge valid signatures and bypass authentication by measuring response...
CVE-2026-26717
An issue in OpenFUN Richie LMS in src/richie/apps/courses/api.py. The application used the non-constant time == operator for HMAC signature verification in the synccourserunfromrequest function. This allows remote attackers to forge valid signatures and bypass authentication by measuring response...
CVE-2026-22866
The CVE describes a critical flaw in Ethereum Name Service (ENS) contracts prior to 1.6.2 where RSASHA256Algorithm and RSASHA1Algorithm fail to properly validate PKCS#1 v1.5 padding, checking only the trailing hash instead of full padding. This enables Bleichenbacher-style signature forgery again...
CVE-2026-26717
OpenFUN Richie (LMS) is affected. The issue is in src/richie/apps/courses/api.py: sync_course_run_from_request uses a non-constant time == operator for HMAC signature verification, enabling timing-based forgery of valid signatures and authentication bypass. Documented in Red Hat/Snyk advisories w...
CVE-2026-26717
An issue in OpenFUN Richie LMS in src/richie/apps/courses/api.py. The application used the non-constant time == operator for HMAC signature verification in the synccourserunfromrequest function. This allows remote attackers to forge valid signatures and bypass authentication by measuring response...
PT-2026-21973
Name of the Vulnerable Software and Affected Versions OpenEMR versions prior to 8.0.0 Description OpenEMR is an electronic health records and medical practice management application. An authorization bypass in the patient portal signature endpoint allows authenticated portal users to upload and...
PT-2026-21958
Name of the Vulnerable Software and Affected Versions OpenFUN Richie LMS affected versions not specified Description The application uses a non-constant time comparison operator for HMAC signature verification within the sync course run from request function, located in...
ENS 数据伪造问题漏洞
ENS is an open-source Ethereum domain name service, involving both registrars and local resolvers. Versions of ENS 1.6.2 and earlier had a vulnerability related to data manipulation. This vulnerability stemmed from the lack of verification of the PKCS1 v1.5 padding structure during RSA signature...
CVE-2026-26717
An issue in OpenFUN Richie LMS in src/richie/apps/courses/api.py. The application used the non-constant time == operator for HMAC signature verification in the synccourserunfromrequest function. This allows remote attackers to forge valid signatures and bypass authentication by measuring response...
Richie 安全漏洞
Richie is an open-source educational content management system developed by France Université Numérique. Richie has a security vulnerability. This vulnerability stems from the use of the non-constant time == operator in the synccourserunfromrequest function for HMAC signature verification. This...