388 matches found
BIT-MASTODON-2026-48028 Mastodon: Removal of integrity-protected JSON entries from signed activities
Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, Mastodon's normalization of incoming activities signed with Linked-Data Signatures does not sufficiently protect the activities from a certain class of spoofing, allowing threat actors...
EUVD-2026-32861
Hackney: Per-chunk timeout with unbounded body accumulation enables slow-drip OOM...
CVE-2026-48028
Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, Mastodon's normalization of incoming activities signed with Linked-Data Signatures does not sufficiently protect the activities from a certain class of spoofing, allowing threat actors...
CVE-2026-46349
CVE-2026-46349 affects Mastodon before versions 4.5.10, 4.4.17, and 4.3.23. The issue arises from Mastodon’s normalization of incoming activities signed with Linked-Data Signatures, which does not sufficiently prevent a class of spoofing. An attacker could re-arrange a valid signed JSON-LD activi...
USN-8452-1: pbkdf2 vulnerability
Nikita Skovoroda discovered that pbkdf2 did not properly validate certain algorithm names. An attacker could possibly use this issue to generate predictable cryptographic keys, resulting in signature spoofing...
CVE-2026-47074
Improper Certificate Validation vulnerability in ex-aws exawssns ExAws.SNS, ExAws.SNS.PublicKeyCache modules allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/exaws/sns.ex, lib/exaws/sns/publickeycache.ex and program routines...
Security update for hplip
This update for hplip fixes the following issues Security issues: CVE-2025-43023: weak code signing DSA key used to generate package signatures can lead to key spoofing and malicious software installation bsc1266031. CVE-2026-8631: escalation of privileges and/or arbitrary code execution via an...
CVE-2026-47074
Improper Certificate Validation vulnerability in ex-aws exawssns ExAws.SNS, ExAws.SNS.PublicKeyCache modules allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/exaws/sns.ex, lib/exaws/sns/publickeycache.ex and program routines...
CVE-2026-47074
Improper Certificate Validation vulnerability in ex-aws exawssns ExAws.SNS, ExAws.SNS.PublicKeyCache modules allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/exaws/sns.ex, lib/exaws/sns/publickeycache.ex and program routines...
CVE-2026-47074 ex_aws_sns SigningCertURL not validated in verify_message/1
Improper Certificate Validation vulnerability in ex-aws exawssns ExAws.SNS, ExAws.SNS.PublicKeyCache modules allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/exaws/sns.ex, lib/exaws/sns/publickeycache.ex and program routines...
CVE-2026-47074
CVE-2026-47074 describes an improper certificate validation in the Elixir ExAws SNS integration. The function ExAws.SNS:verify_message/1 fetches the SigningCertURL from an incoming SNS message without enforcing HTTPS usage or AWS-owned domain binding, allowing an attacker to supply a self-chosen ...
EEF-CVE-2026-47074 ex_aws_sns SigningCertURL not validated in verify_message/1
Summary Improper Certificate Validation vulnerability in ex-aws ex\aws\sns ExAws.SNS, ExAws.SNS.PublicKeyCache modules allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/ex\aws/sns.ex, lib/ex\aws/sns/public\key\cache.ex and program routines...
PT-2026-44365
Name of the Vulnerable Software and Affected Versions ex aws sns versions 2.0.1 through 2.3.4 Description Improper Certificate Validation in the ExAws.SNS and ExAws.SNS.PublicKeyCache modules allows for signature spoofing. The function verify message fetches the signing certificate from the...
Astra Linux – Vulnerability in LibreOffice
In the affected versions of LibreOffice, a flaw in the verification code for adbe.pkcs7.sha1 signatures may allow invalid signatures to be accepted as valid. This issue affects LibreOffice versions starting from 24.8 before 24.8.6, and from 25.2 before 25.2.2...
CVE-2026-29138
SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to claim another user's PGP signature as their own...
CVE-2026-27445
SEPPmail Secure Email Gateway before version 15.0.1 does not properly verify that a PGP signature was generated by the expected key, allowing signature spoofing...
CVE-2026-2748
SEPPmail Secure Email Gateway before version 15.0.1 improperly validates S/MIME certificates issued for email addresses containing whitespaces, allowing signature spoofing...
EUVD-2026-9385
SEPPmail Secure Email Gateway before version 15.0.1 improperly validates S/MIME certificates issued for email addresses containing whitespaces, allowing signature spoofing...
EUVD-2026-9381
SEPPmail Secure Email Gateway before version 15.0.1 does not properly verify that a PGP signature was generated by the expected key, allowing signature spoofing...
CVE-2026-2748
SEPPmail Secure Email Gateway before version 15.0.1 improperly validates S/MIME certificates issued for email addresses containing whitespaces, allowing signature spoofing...