Lucene search
K

6398 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/08 1:47 p.m.9 views

CVE-2026-41509

CROSS implementation contains reference and optimized implementations of the CROSS post-quantum signature algorithm. Prior to commit fc6b7e7, there is a buffer overflow in cryptosignopen caused by an underflow of the integer mlen. This issue has been patched via commit fc6b7e7...

6.9CVSS6AI score0.0034EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.19 views

PT-2026-38965

CROSS implementation contains reference and optimized implementations of the CROSS post-quantum signature algorithm. Prior to commit fc6b7e7, there is a buffer overflow in crypto sign open caused by an underflow of the integer mlen. This issue has been patched via commit fc6b7e7...

6.9CVSS6AI score0.0034EPSS
Exploits0References3
NVD
NVD
added 2026/05/07 4:16 a.m.19 views

CVE-2026-41669

Admidio is an open-source user management solution. Prior to version 5.0.9, the Admidio SAML Identity Provider implementation discards the return value of its validateSignature method at both call sites handleSSORequest line 418 and handleSLORequest line 613. The method returns error strings on...

8.2CVSS0.00191EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.12 views

Ivanti EPMM 信任管理问题漏洞

Ivanti EPMM is a product developed by the American company Ivanti, designed to help IT departments establish policies for mobile devices, applications, and content. Versions of Ivanti EPMM prior to 12.6.1.1, 12.7.0.1, and 12.8.0.1 contained vulnerabilities related to trust management. These...

9.1CVSS5.8AI score0.00686EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.18 views

PT-2026-38619

Zebra's block validator undercounts transparent signature operations against the 20000-sigop block limit MAX BLOCK SIGOPS, allowing it to accept blocks that zcashd rejects with bad-blk-sigops. A miner who produces such a block can split the network: Zebra nodes follow the offending chain while...

9.2CVSS5.7AI score0.00283EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/07 12:0 a.m.9 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: openssh (UTSA-2026-016492)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016492 advisory. OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted ...

6.5CVSS5.8AI score0.00237EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/06 11:15 p.m.6 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the lack of exposure of the HMAC-SHA256 signing key in the SDK's typed API, which prevents verification of the X-AxonFlow-Signature header on incoming webhook deliveries. An attack...

8.2CVSS5.8AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/05 6:46 p.m.9 views

awslabs/tough Delegated Roles have a Signature Threshold Bypass

Summary Improper verification of cryptographic signature uniqueness in delegated role validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users to bypass the TUF signature threshold requirement by duplicating a valid signature, causing the client to accept forged delegate...

7CVSS5.8AI score0.00262EPSS
Exploits0References8Affected Software2
RedHat Linux
RedHat Linux
added 2026/05/05 3:47 a.m.10 views

bouncycastle: BC-JAVA: PKIX draft CompositeVerifier accepts empty signature sequence as valid

A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix. The PKIX draft CompositeVerifier implementation improperly accepts an empty signature sequence as a valid cryptographic signature. This issue allows a remote attacker to bypass signature verification mechanisms, potentially...

7.5CVSS5.8AI score0.00392EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.8 views

CVE-2026-7689

A security flaw has been discovered in Dolibarr ERP CRM up to 23.0.2. This vulnerability affects the function dolverifyHash in the library htdocs/core/lib/security.lib.php of the component Online Signature Module. The manipulation results in improper verification of cryptographic signature. The...

6.3CVSS5.1AI score0.00145EPSS
Exploits0References1
OSV
OSV
added 2026/05/02 1:16 a.m.17 views

CLSA-2026-1777545003 rpm: Fix of CVE-2021-3521

CVE-2021-3521: validate and require subkey binding signatures on PGP public keys...

4.7CVSS6.7AI score0.00302EPSS
Exploits0References1
OSV
OSV
added 2026/04/30 8:56 a.m.8 views

CLSA-2026-1777539405 rpm: Fix of CVE-2021-3521

CVE-2021-3521: validate and require subkey binding signatures on PGP public keys...

4.7CVSS6.7AI score0.00302EPSS
Exploits0References1
OSV
OSV
added 2026/04/30 8:51 a.m.9 views

CLSA-2026-1777539108 rpm: Fix of CVE-2021-3521

CVE-2021-3521: validate and require subkey binding signatures on PGP public keys...

4.7CVSS5.8AI score0.00302EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/29 9:56 p.m.8 views

Improper Verification of Cryptographic Signature

Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to improper validation of SAML signatures in the authentication and logout...

8.8CVSS5.8AI score0.00191EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/29 12:30 a.m.9 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the cryptographic signature verification process. An attacker can cause the acceptance of tampered packages by intercepting network traffic or influencing the contents served to a...

8.2CVSS5.8AI score0.00124EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/29 12:0 a.m.5 views

Ubuntu 24.04 LTS / 25.10 : .NET vulnerability (USN-8215-1)

The remote Ubuntu 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8215-1 advisory. It was discovered that the Microsoft.AspNetCore.DataProtection library in .NET did not properly verify cryptographic signatures under certain conditions. ...

9.1CVSS5.9AI score0.11205EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/28 9:15 p.m.30 views

CVE-2026-33467 Improper Verification of Cryptographic Signature in Elastic Package Registry Leading to Package Integrity Bypass

Improper Verification of Cryptographic Signature CWE-347 in Elastic Package Registry could allow an attacker positioned to intercept network traffic, or to otherwise influence the contents served to a self-hosted registry, to substitute a tampered package without the integrity check failing close...

5.9CVSS0.00124EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/28 9:15 p.m.6 views

EUVD-2026-26140

Improper Verification of Cryptographic Signature CWE-347 in Elastic Package Registry could allow an attacker positioned to intercept network traffic, or to otherwise influence the contents served to a self-hosted registry, to substitute a tampered package without the integrity check failing close...

5.9CVSS5.2AI score0.00124EPSS
Exploits0References1
CVE
CVE
added 2026/04/28 9:15 p.m.20 views

CVE-2026-33467

Elastic Package Registry is affected by CVE-2026-33467 due to improper verification of cryptographic signatures (CWE-347), enabling package integrity bypass for self-hosted deployments that sync from upstream. Affected versions: all up to and including 1.37.0. The issue can be exploited if an att...

5.9CVSS5.3AI score0.00124EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/04/28 1:19 p.m.4 views

CVE-2026-5435

The deprecated functions nsprintrrf, nsprintrr and fpnquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records...

7.3CVSS0.00197EPSS
Exploits0References2
Rows per page
Query Builder