Lucene search
K

986 matches found

NVD
NVD
added 12 hours ago3 views

CVE-2026-22097

The firmware update mechanism does not include cryptographic signature validation. This allows anyone with access to the firmware update capability to upload arbitrary files which can then lead to arbitrary code execution...

9.3CVSS
Exploits0References1
Nuclei
Nuclei
added 18 hours ago77 views

Keycloak - SAML Core Package Signature Validation Flaw

A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather than the Referen...

7.7CVSS6.6AI score0.0203EPSS
Exploits0References5
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-42958

ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL's external JWT Identity Provider validates a token's signature and issuer iss but not the audience aud claim, allowing a validly signed token from a trusted issuer for another relying party to be accepted ...

4.2CVSS6.1AI score0.00112EPSS
Exploits0References3
NVD
NVD
added 4 days ago7 views

CVE-2026-54799

A vulnerability has been identified in CPCI85 Central Processing/Communication All versions V26.20, SICORE Base system All versions V26.20.0. The affected application contains a vulnerability in its firmware update mechanism's signature validation process. This could allow an attacker to install...

8.4CVSS0.00127EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-42594

A vulnerability has been identified in CPCI85 Central Processing/Communication All versions V26.20, SICORE Base system All versions V26.20.0. The affected application contains a vulnerability in its firmware update mechanism's signature validation process. This could allow an attacker to install...

8.4CVSS6.3AI score0.00127EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago35 views

CVE-2026-54799

A vulnerability has been identified in CPCI85 Central Processing/Communication All versions V26.20, SICORE Base system All versions V26.20.0. The affected application contains a vulnerability in its firmware update mechanism's signature validation process. This could allow an attacker to install...

8.4CVSS0.00127EPSS
Exploits0References1
CVE
CVE
added 4 days ago12 views

CVE-2026-54799

The CVE-2026-54799 entry describes a vulnerability in the firmware update signature validation for CPCI85 Central Processing/Communication (all versions < V26.20) and SICORE Base system (all versions

8.4CVSS6.3AI score0.00127EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/04 1:56 a.m.26 views

Security Bulletin: Multiple vulnerabilities in IBM Tivoli Monitoring affect IBM Cloud Pak System

Summary Multiple vulnerabilities in IBM Tivoli Monitoring affect IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2024-35154 DESCRIPTION: IBM WebSphere Application Server 8.5 and 9.0 could allow a remote authenticated attacker, who has authorized access to the administrative console, to...

8.8CVSS7.7AI score0.01163EPSS
Exploits0Affected Software2
Ivanti
Ivanti
added 2026/07/03 11:45 a.m.16 views

SAML 2.0 SP signature validation behaviour from ICS 25.1.3.0

Last Modified Date Jul 3, 2026 11:45:26 AM...

5.9AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/07/01 1:45 p.m.6 views

CVE-2026-13602

We found a chain of combining multiple weaknesses in the product that could allow an attacker to become any user in the backend and access any data: The payment integration plugins Stripe included in the core system, pretix-mollie, pretix-oppwa, pretix-bitpay, pretix-payone, pretix-secuconnect,...

9.4CVSS6AI score0.00239EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/26 7:18 a.m.7 views

CVE-2026-40941

A flaw was found in Cacti, an open-source performance and fault management framework. This vulnerability allows a remote attacker to bypass the package import signature validation. By exploiting this flaw, an attacker can import self-signed packages, potentially leading to the execution of...

8.8CVSS6AI score0.00159EPSS
Exploits0References6
F5 Networks
F5 Networks
added 2026/06/26 3:3 a.m.12 views

K000161919: BIND vulnerability CVE-2026-5947

Security Advisory Description Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming DNS message signed with SIG0, it begins work to validate that signature. If, during that validation, the "recursive-clients" limit is reached as...

7.5CVSS5.8AI score0.01387EPSS
Exploits0
OSV
OSV
added 2026/06/25 11:17 p.m.3 views

DEBIAN-CVE-2026-40941

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a package import signature validation bypass allows which allows self-signed packages. This issue has been fixed in version 1.2.31...

6.5CVSS5.7AI score0.00159EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 11:1 p.m.21 views

CVE-2026-40941

CVE-2026-40941 affects Cacti up to version 1.2.30 and is caused by a package import signature validation bypass that allows the use of self-signed packages. The issue has been fixed in version 1.2.31. Affected software is Cacti (open source performance and fault management framework). Remediation...

7.1CVSS5.7AI score0.00159EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/24 8:58 p.m.13 views

CVE-2026-46423

Rocket.Chat prior to versions 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11 contains a SAML SP issue where the verifySignatures routine returns early if serviceProviderOptions.cert is falsy, causing silent skip of SAML Response and Assertion signature validation when the IdP certi...

9.3CVSS5.9AI score0.00149EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.4 views

PT-2026-52171

Name of the Vulnerable Software and Affected Versions Drupal Commerce Realex / Global Payments versions 0.0.0 through 3.0.2 Description An incorrect authorization issue allows forceful browsing when the gateway is configured with the redirect payment method. The module fails to sufficiently verif...

6.1AI score0.0018EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/22 8:0 p.m.4 views

CVE-2026-55599

phpseclib is a PHP secure communications library. From 0.1.1 until 1.0.30, 2.0.55, and 3.0.54, when an application validates an untrusted X.509 certificate with phpseclib, X509::validateSignature reads a URL out of that certificate's Authority Information Access AIA extension and connects to it...

5.8CVSS5.9AI score0.00133EPSS
Exploits1References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-12725

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap-based buffer overflow was found in dnsmasq. When DNSSEC validation and query logging are both enabled, logging of DS or DNSKEY replies containing...

5.9CVSS6.2AI score0.00403EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/09 12:0 a.m.5 views

Information Exposure

Overview org.springframework.security:spring-security-saml2-service-provider is a security component for the Spring Framework. Affected versions of this package are vulnerable to Information Exposure via SAML message decryption prior to signature validation. An attacker can use the Service Provid...

6.3CVSS5.4AI score0.00137EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.10 views

CVE-2026-41669

Admidio is an open-source user management solution. Prior to version 5.0.9, the Admidio SAML Identity Provider implementation discards the return value of its validateSignature method at both call sites handleSSORequest line 418 and handleSLORequest line 613. The method returns error strings on...

8.2CVSS5.3AI score0.00191EPSS
Exploits0References1
Rows per page
Query Builder