Lucene search
K

6387 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in nss, Thunderbird

Versions of NSS Network Security Services prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications that use NSS to handle signatures encoded within CMS, S/MIME, PKCS \7, or PKCS \12 are likely to be affected. Applications that...

9.8CVSS7.1AI score0.17563EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in mbedtls

In Arm Mbed TLS before version 2.19.0, and Arm Mbed Crypto before version 2.0.0, when deterministic ECDSA is enabled, an RNG with insufficient entropy is used for blinding. This may allow an attacker to recover a private key through side-channel attacks if a victim signs the same message multiple...

5.3CVSS6AI score0.01773EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Dbus

A issue was discovered in D-Bus before 1.12.24, 1.13.x, and 1.14.x, before 1.14.4, and 1.15.x, before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures...

6.5CVSS6.6AI score0.00831EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in bind9

By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode the available memory to the point where named crashes occur due to lack of resources...

7.5CVSS7.5AI score0.02299EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/18 8:52 p.m.7 views

CVE-2026-49454

Relyra is a strict-by-default SAML 2.0 Service Provider library for Elixir and Phoenix. Versions 1.0.0 and 1.1.0 accept forged SAML signatures because SignatureValue was not cryptographically verified before the library returned a successful authentication result. The XMLDSig trust boundary was...

9.1CVSS5.3AI score0.00135EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.20 views

PT-2026-50796

Name of the Vulnerable Software and Affected Versions Relyra versions 1.0.0 through 1.1.0 Description Relyra is a SAML 2.0 Service Provider library for Elixir and Phoenix that accepts forged SAML signatures. This occurs because the SignatureValue is not cryptographically verified before the libra...

9.1CVSS5.8AI score0.00135EPSS
Exploits0References9
NVD
NVD
added 2026/06/12 7:16 p.m.19 views

CVE-2026-50108

The Naxclow platform API that returns device relay registration details exposes a persistent credential without verifying that the requester is the legitimate device or owner. An actor able to present a platform-valid request signature can retrieve credentials for arbitrary devices and register o...

8.7CVSS0.00306EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/12 6:3 p.m.11 views

EUVD-2026-36525

Naxclow devices use a uniform request-signing scheme based on a hard-coded, platform-wide salt embedded in every firmware image. Once this salt is recovered from any device, an attacker can generate valid signatures for arbitrary device or account operations due to the absence of per-device keys,...

9.8CVSS5.4AI score0.0033EPSS
Exploits0References2
OSV
OSV
added 2026/06/12 12:25 p.m.10 views

OESA-2026-2637 libsolv security update

A free package dependency solver using a satisfiability algorithm. The library is based on two major, but independent, blocks: Security Fixes: A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP verification component due to incorrect length handling when...

5.7AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.16 views

PT-2026-48953

Name of the Vulnerable Software and Affected Versions Naxclow Smart Doorbell X3 affected versions not specified Naxclow platform affected versions not specified Description A flaw in the onboarding workflow allows an attacker to replay a confirm-then-bind sequence to silently reassign a device to...

8.8CVSS5.3AI score0.00312EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.16 views

PT-2026-48733

Name of the Vulnerable Software and Affected Versions Cloud Foundry UAA versions 2.0.0 through 78.13.0 Cloud Foundry CF Deployment versions prior to 56.1.0 Description Cloud Foundry UAA incorrectly treats XML encryption to the Service Provider as a substitute for XML signatures from the Identity...

9CVSS5.2AI score0.00131EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.23 views

Cloud Foundry UAA和CloudFoundry CF Deployment 数据伪造问题漏洞

Cloud Foundry UAA is an identity verification and management service terminal developed by the Cloud Foundry Foundation in the United States, and it is used on the CloudFoundry platform. CloudFoundry CF Deployment is a code deployment component provided by the Cloud Foundry Foundation. Versions o...

9CVSS5.4AI score0.00131EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 2:59 a.m.10 views

CVE-2026-36721

A lack of cryptographic signature verification in the validateAccessToken function of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token...

9.8CVSS5.5AI score0.00268EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.12 views

National Security Agency Ghidra 数据伪造问题漏洞

National Security Agency Ghidra is a software reverse-engineering framework developed by the National Security Agency NSA. Prior to version 12.1 of National Security Agency Ghidra, there was a data manipulation vulnerability. This vulnerability stemmed from the PKIAuthenticationModule.authenticat...

8.8CVSS5.3AI score0.00252EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 7:17 p.m.13 views

CVE-2026-8863

Multiple Microsoft-sigend UEFI SHIM bootloaders are vulnerable to SecureBoot bypass. An attacker with administrative privileges or the ability to modify the boot process could use one of the vulnerable shim bootloaders to bypass Secure Boot protections and execute arbitrary code before the...

7.8CVSS0.00097EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/09 6:10 p.m.12 views

EUVD-2026-35791

Multiple Microsoft-sigend UEFI SHIM bootloaders are vulnerable to SecureBoot bypass. An attacker with administrative privileges or the ability to modify the boot process could use one of the vulnerable shim bootloaders to bypass Secure Boot protections and execute arbitrary code before the...

7.8CVSS6AI score0.00097EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/09 11:19 a.m.11 views

node-forge: Forge: Authentication bypass via forged Ed25519 cryptographic signatures

A flaw was found in Forge also called node-forge, a JavaScript library used for Transport Layer Security TLS. The library's Ed25519 signature verification process does not correctly validate cryptographic signatures, allowing forged non-canonical signatures to be accepted. A remote attacker could...

7.5CVSS5.5AI score0.00348EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.11 views

bookcars 安全漏洞

Bookcars is a car rental management platform developed by Akram El Assas. Version 8.3 of Bookcars contains a security vulnerability. This vulnerability stems from the lack of encryption signature verification in the validateAccessToken function, which may allow attackers to bypass authentication...

9.8CVSS5.3AI score0.00268EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.12 views

PT-2026-48216

Name of the Vulnerable Software and Affected Versions Spyrus WTGCreator version 4.2 Baramundi Management Suite versions prior to 2024R1 WhiteCanyon WipeDrive versions 8.0.0 through 8.1.3 Finland Matriculation Exam Abitti 1 version 1.0.0 NTC IT Rosa versions R9 and R10 PC-Doctor Service Center...

7.8CVSS5.9AI score0.00097EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.8 views

CVE-2026-45557

Technitium DNS Server aggressively tries to fetch missing RRSIG records or mismatched DNSKEY records. An attacker in control of a domain can cause a vulnerable system to generate excessive network traffic. Fixed in 15.0...

6.9CVSS5.5AI score0.00389EPSS
Exploits0References1
Rows per page
Query Builder