Lucene search
K

388 matches found

OSV
OSV
added 2026/07/06 5:55 a.m.3 views

BIT-MASTODON-2026-48028 Mastodon: Removal of integrity-protected JSON entries from signed activities

Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, Mastodon's normalization of incoming activities signed with Linked-Data Signatures does not sufficiently protect the activities from a certain class of spoofing, allowing threat actors...

6.5CVSS6AI score0.00124EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/26 9:57 p.m.17 views

EUVD-2026-32861

Hackney: Per-chunk timeout with unbounded body accumulation enables slow-drip OOM...

8.7CVSS5.8AI score0.00226EPSS
Exploits0References6
NVD
NVD
added 2026/06/24 8:16 p.m.6 views

CVE-2026-48028

Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, Mastodon's normalization of incoming activities signed with Linked-Data Signatures does not sufficiently protect the activities from a certain class of spoofing, allowing threat actors...

6.5CVSS0.00124EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 7:40 p.m.16 views

CVE-2026-46349

CVE-2026-46349 affects Mastodon before versions 4.5.10, 4.4.17, and 4.3.23. The issue arises from Mastodon’s normalization of incoming activities signed with Linked-Data Signatures, which does not sufficiently prevent a class of spoofing. An attacker could re-arrange a valid signed JSON-LD activi...

5.3CVSS5.9AI score0.00162EPSS
Exploits0References1
Ubuntu
Ubuntu
added 2026/06/18 4:30 p.m.16 views

USN-8452-1: pbkdf2 vulnerability

Nikita Skovoroda discovered that pbkdf2 did not properly validate certain algorithm names. An attacker could possibly use this issue to generate predictable cryptographic keys, resulting in signature spoofing...

9.1CVSS5.4AI score0.00359EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.10 views

CVE-2026-47074

Improper Certificate Validation vulnerability in ex-aws exawssns ExAws.SNS, ExAws.SNS.PublicKeyCache modules allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/exaws/sns.ex, lib/exaws/sns/publickeycache.ex and program routines...

8.7CVSS5.5AI score0.00226EPSS
Exploits0References1
SUSE Linux
SUSE Linux
added 2026/06/02 8:40 a.m.11 views

Security update for hplip

This update for hplip fixes the following issues Security issues: CVE-2025-43023: weak code signing DSA key used to generate package signatures can lead to key spoofing and malicious software installation bsc1266031. CVE-2026-8631: escalation of privileges and/or arbitrary code execution via an...

9.8CVSS6.5AI score0.01333EPSS
Exploits0References22
NVD
NVD
added 2026/05/28 10:16 a.m.20 views

CVE-2026-47074

Improper Certificate Validation vulnerability in ex-aws exawssns ExAws.SNS, ExAws.SNS.PublicKeyCache modules allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/exaws/sns.ex, lib/exaws/sns/publickeycache.ex and program routines...

8.7CVSS0.00226EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/28 9:5 a.m.24 views

CVE-2026-47074

Improper Certificate Validation vulnerability in ex-aws exawssns ExAws.SNS, ExAws.SNS.PublicKeyCache modules allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/exaws/sns.ex, lib/exaws/sns/publickeycache.ex and program routines...

8.7CVSS5.8AI score0.00226EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/28 9:5 a.m.15 views

CVE-2026-47074 ex_aws_sns SigningCertURL not validated in verify_message/1

Improper Certificate Validation vulnerability in ex-aws exawssns ExAws.SNS, ExAws.SNS.PublicKeyCache modules allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/exaws/sns.ex, lib/exaws/sns/publickeycache.ex and program routines...

8.7CVSS5.8AI score0.00226EPSS
Exploits0References4
CVE
CVE
added 2026/05/28 9:5 a.m.21 views

CVE-2026-47074

CVE-2026-47074 describes an improper certificate validation in the Elixir ExAws SNS integration. The function ExAws.SNS:verify_message/1 fetches the SigningCertURL from an incoming SNS message without enforcing HTTPS usage or AWS-owned domain binding, allowing an attacker to supply a self-chosen ...

8.7CVSS5.8AI score0.00226EPSS
Exploits0References4
OSV
OSV
added 2026/05/28 9:5 a.m.16 views

EEF-CVE-2026-47074 ex_aws_sns SigningCertURL not validated in verify_message/1

Summary Improper Certificate Validation vulnerability in ex-aws ex\aws\sns ExAws.SNS, ExAws.SNS.PublicKeyCache modules allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/ex\aws/sns.ex, lib/ex\aws/sns/public\key\cache.ex and program routines...

8.7CVSS6.1AI score0.00226EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.13 views

PT-2026-44365

Name of the Vulnerable Software and Affected Versions ex aws sns versions 2.0.1 through 2.3.4 Description Improper Certificate Validation in the ExAws.SNS and ExAws.SNS.PublicKeyCache modules allows for signature spoofing. The function verify message fetches the signing certificate from the...

8.7CVSS5.8AI score0.00226EPSS
Exploits0References10
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in LibreOffice

In the affected versions of LibreOffice, a flaw in the verification code for adbe.pkcs7.sha1 signatures may allow invalid signatures to be accepted as valid. This issue affects LibreOffice versions starting from 24.8 before 24.8.6, and from 25.2 before 25.2.2...

5.5CVSS6.4AI score0.00096EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/03 10:58 a.m.6 views

CVE-2026-29138

SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to claim another user's PGP signature as their own...

7.5CVSS5.9AI score0.00217EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/05 1:40 p.m.8 views

CVE-2026-27445

SEPPmail Secure Email Gateway before version 15.0.1 does not properly verify that a PGP signature was generated by the expected key, allowing signature spoofing...

6.9CVSS5.9AI score0.00123EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/05 1:39 p.m.8 views

CVE-2026-2748

SEPPmail Secure Email Gateway before version 15.0.1 improperly validates S/MIME certificates issued for email addresses containing whitespaces, allowing signature spoofing...

7.8CVSS5.9AI score0.0012EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/04 9:31 a.m.8 views

EUVD-2026-9385

SEPPmail Secure Email Gateway before version 15.0.1 improperly validates S/MIME certificates issued for email addresses containing whitespaces, allowing signature spoofing...

7.8CVSS5.9AI score0.0012EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/04 9:31 a.m.5 views

EUVD-2026-9381

SEPPmail Secure Email Gateway before version 15.0.1 does not properly verify that a PGP signature was generated by the expected key, allowing signature spoofing...

6.9CVSS5.9AI score0.00123EPSS
Exploits0References2
NVD
NVD
added 2026/03/04 9:15 a.m.7 views

CVE-2026-2748

SEPPmail Secure Email Gateway before version 15.0.1 improperly validates S/MIME certificates issued for email addresses containing whitespaces, allowing signature spoofing...

7.8CVSS0.0012EPSS
Exploits0References1
Rows per page
Query Builder