Lucene search
K

192 matches found

CVE
CVE
added 6 days ago14 views

CVE-2026-13165

SzafirHost is affected by a remote code execution vulnerability (CVE-2026-13165) in the way it validates versus extracts native libraries from archives. The application verifies the downloaded native library archive using JarFile (Central Directory) but extracts libraries with JarInputStream (seq...

8.6CVSS6AI score0.00418EPSS
Exploits0References2
OSV
OSV
added 6 days ago5 views

PYSEC-2026-287 Authlib JWS JWK Header Injection: Signature Verification Bypass

Description Summary A JWK Header Injection vulnerability in authlib's JWS implementation allows an unauthenticated attacker to forge arbitrary JWT tokens that pass signature verification. When key=None is passed to any JWS deserialization function, the library extracts and uses the cryptographic...

9.1CVSS7.4AI score0.00548EPSS
Exploits1References7
Cvelist
Cvelist
added 2026/06/25 8:57 p.m.22 views

CVE-2026-11800 Org.keycloak:keycloak-services: keycloak: authentication bypass via jwt algorithm confusion

A flaw was found in Keycloak. This JWT algorithm confusion vulnerability in the JWT Authorization Grant flow allows an attacker with valid client credentials to bypass signature verification. By forging an assertion, the attacker can create unauthorized access tokens. This enables the attacker to...

8.1CVSS0.00181EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/25 6:47 p.m.6 views

org.keycloak:keycloak-services: Keycloak: Authentication bypass via JWT algorithm confusion

A flaw was found in Keycloak. This JWT algorithm confusion vulnerability in the JWT Authorization Grant flow allows an attacker with valid client credentials to bypass signature verification. By forging an assertion, the attacker can create unauthorized access tokens. This enables the attacker to...

8.1CVSS5.8AI score0.00181EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/24 7:48 p.m.13 views

CVE-2026-50128

Mastodon is a free, open-source social network server based on ActivityPub. From 4.3.0 until 4.5.11 and 4.4.18, Mastodon has a feature to let websites credit authors of their articles. To prevent false attribution claims, Mastodon uses the attributionDomains JSON-LD term, however, an error in how...

5.3CVSS5.9AI score0.00129EPSS
Exploits0References2Affected Software1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.9 views

Astra Linux – Vulnerability in Perl

CPAN 2.28 allows for Signature Verification Bypass...

7.8CVSS7.5AI score0.00791EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.12 views

WordPress plugin UpdraftPlus: WP Backup & Migration Plugin 数据伪造问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. One...

8.1CVSS6.6AI score0.03578EPSS
Exploits3References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.11 views

Northern.tech Mender Client 安全漏洞

The Northern.tech Mender Client is a device remote update and management client provided by the Northern.tech company in the United States. Versions of the Northern.tech Mender Client prior to version 5.0.4 contained security vulnerabilities, which were caused by bypassing encryption signature...

5.3CVSS5.8AI score0.00183EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/16 9:26 p.m.40 views

CVE-2026-46728

Das U-Boot before 2026.04 allows FIT Flat Image Tree signature verification bypass because hashed-nodes is omitted from a hash...

8.2CVSS0.00126EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/16 12:0 a.m.19 views

PT-2026-41468

Name of the Vulnerable Software and Affected Versions Das U-Boot versions prior to 2026.04 Description Das U-Boot allows a Flat Image Tree FIT signature verification bypass. This occurs because hashed-nodes are omitted from a hash, which can lead to the acceptance of unsigned or modified images...

8.2CVSS5.8AI score0.00126EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/14 4:55 p.m.13 views

bouncycastle: BC-JAVA: PKIX draft CompositeVerifier accepts empty signature sequence as valid

A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix. The PKIX draft CompositeVerifier implementation improperly accepts an empty signature sequence as a valid cryptographic signature. This issue allows a remote attacker to bypass signature verification mechanisms, potentially...

7.5CVSS7.1AI score0.00392EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.8 views

plunk 数据伪造问题漏洞

Plunk is an open-source email sending and management platform developed by Plunk. Versions of Plunk prior to 0.9.0 contained a data manipulation vulnerability. This vulnerability stems from the /webhooks/sns endpoint accepting Amazon SNS notification payloads without verifying the SNS signature,...

9.1CVSS5.7AI score0.00127EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/06 5:59 p.m.9 views

bouncycastle: BC-JAVA: PKIX draft CompositeVerifier accepts empty signature sequence as valid

A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix. The PKIX draft CompositeVerifier implementation improperly accepts an empty signature sequence as a valid cryptographic signature. This issue allows a remote attacker to bypass signature verification mechanisms, potentially...

7.5CVSS5.8AI score0.00392EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/06 5:58 p.m.7 views

bouncycastle: BC-JAVA: PKIX draft CompositeVerifier accepts empty signature sequence as valid

A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix. The PKIX draft CompositeVerifier implementation improperly accepts an empty signature sequence as a valid cryptographic signature. This issue allows a remote attacker to bypass signature verification mechanisms, potentially...

7.5CVSS5.8AI score0.00392EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/05 7:56 a.m.8 views

bouncycastle: BC-JAVA: PKIX draft CompositeVerifier accepts empty signature sequence as valid

A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix. The PKIX draft CompositeVerifier implementation improperly accepts an empty signature sequence as a valid cryptographic signature. This issue allows a remote attacker to bypass signature verification mechanisms, potentially...

7.5CVSS5.8AI score0.00392EPSS
Exploits0References5
Snyk
Snyk
added 2026/05/03 12:30 p.m.7 views

Insufficient Verification of Data Authenticity

Overview dolibarr/dolibarr is a modern and easy to use web software to manage your business. Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the dolverifyHash function of the Online Signature Module. An attacker can bypass signature verificati...

6.3CVSS5.8AI score0.00145EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/28 6:9 p.m.4 views

CVE-2026-41395 OpenClaw < 2026.3.28 - Webhook Replay via Query Parameter Reordering in Plivo V3

OpenClaw before 2026.3.28 contains a webhook replay vulnerability in Plivo V3 signature verification that canonicalizes query ordering for signatures but hashes raw URLs for replay detection. Attackers can reorder query parameters to bypass replay cache detection and trigger duplicate voice-call...

8.2CVSS5.2AI score0.00149EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/24 3:43 p.m.41 views

New API: Stripe Webhook Signature Bypass via Empty Secret Enables Unlimited Quota Fraud

Summary A critical vulnerability exists in the Stripe webhook handler that allows an unauthenticated attacker to forge webhook events and credit arbitrary quota to their account without making any payment. The vulnerability stems from three compounding flaws: 1. The Stripe webhook endpoint does n...

8.2CVSS5.9AI score0.00259EPSS
Exploits1References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/20 11:8 p.m.3 views

CVE-2026-41301 OpenClaw 2026.3.22 < 2026.3.31 - Forged Nostr DM Pairing State Creation via Signature Verification Bypass

OpenClaw versions 2026.3.22 before 2026.3.31 contain a signature verification bypass vulnerability in the Nostr DM ingress path that allows pairing challenges to be issued before event signature validation. An unauthenticated remote attacker can send forged direct messages to create pending pairi...

6.9CVSS5.8AI score0.00253EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/20 11:8 p.m.8 views

EUVD-2026-24010

OpenClaw versions 2026.3.22 before 2026.3.31 contain a signature verification bypass vulnerability in the Nostr DM ingress path that allows pairing challenges to be issued before event signature validation. An unauthenticated remote attacker can send forged direct messages to create pending pairi...

6.9CVSS5.8AI score0.00253EPSS
Exploits0References3
Rows per page
Query Builder