Lucene search
K

6386 matches found

Snyk
Snyk
added 2026/05/21 5:42 p.m.10 views

Cleartext Storage of Sensitive Information

Overview sagemaker-serve is a SageMaker Serve package for model serving and deployment Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information in the ModelBuilder/Serve component. An attacker can extract sensitive HMAC signing keys by accessing the SageMaker...

9.1CVSS6.2AI score0.00439EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/21 5:42 p.m.9 views

Cleartext Storage of Sensitive Information

Overview sagemaker is an Open source library for training and deploying models on Amazon SageMaker. Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information in the ModelBuilder/Serve component. An attacker can extract sensitive HMAC signing keys by accessing...

9.1CVSS6.2AI score0.00439EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/21 9:27 a.m.10 views

EUVD-2026-31260

Concurrency and locking defects in GSS-TSIG...

5.9CVSS5.8AI score0.00264EPSS
Exploits0References1
OSV
OSV
added 2026/05/20 1:22 a.m.7 views

MAL-2026-4643 Malicious code in polymarket-clob-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e0a3a7bbeb25fb478d59cdd4b62ebb34c13e8e236505813660e81abf61e74ec The package is published as polymarket-clob-client, an unscoped lookalike of the legitimate @polymarket/clob-client maintained by Polymarket, but the...

5.9AI score
Exploits0References1
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.12 views

Nimiq 代码问题漏洞

Nimiq is an open-source implementation of the Albatross protocol in Rust. Versions of Nimiq 1.3.0 and earlier have code vulnerabilities. These vulnerabilities stem from the network discovery process, which accepts signature updates from untrusted peer nodes. When PeerContact contains an empty...

4.3CVSS5.9AI score0.00302EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/19 8:4 p.m.13 views

Coder: PKCS#7 signature bypass in Azure instance identity allows unauthenticated agent token theft

Summary azureidentity.Validate verifies that the PKCS7 signer certificate chains to a trusted Azure CA but never verifies the PKCS7 signature itself. An attacker can embed a legitimate Azure certificate alongside arbitrary content e.g. "vmId":"" and the forged vmId will be accepted returning the...

5.9AI score0.0003EPSS
Exploits0References9Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/19 4:18 p.m.48 views

libcrux-ml-dsa: Signature Verification on AVX2 Platforms Mishandles Edge Case

The AVX2 implementation of ML-DSA verification incorrectly implemented the usehint function, mishandling an edge case that should lead to signature rejection. Impact An attacker could make the ML-DSA verifier accept a crafted invalid signature under a maliciously generated verification key, if th...

5.8AI score
Exploits0References5Affected Software1
NVD
NVD
added 2026/05/19 3:16 p.m.11 views

CVE-2026-45557

Technitium DNS Server aggressively tries to fetch missing RRSIG records or mismatched DNSKEY records. An attacker in control of a domain can cause a vulnerable system to generate excessive network traffic. Fixed in 15.0...

6.9CVSS0.00389EPSS
Exploits0References3
CVE
CVE
added 2026/05/19 1:47 p.m.15 views

CVE-2026-45557

CVE-2026-45557 affects Technitium DNS Server. The issue is that the server aggressively fetches missing RRSIG records or mismatched DNSKEY records, enabling an attacker that controls a domain to trigger excessive network traffic from a vulnerable system. The vulnerability is fixed in version 15.0...

6.9CVSS5.8AI score0.00389EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.10 views

PT-2026-41937

Technitium DNS Server aggressively tries to fetch missing RRSIG records or mismatched DNSKEY records. An attacker in control of a domain can cause a vulnerable system to generate excessive network traffic. Fixed in 15.0...

6.9CVSS5.8AI score0.00389EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/05/18 12:21 p.m.20 views

bouncycastle: BC-JAVA: PKIX draft CompositeVerifier accepts empty signature sequence as valid

A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix. The PKIX draft CompositeVerifier implementation improperly accepts an empty signature sequence as a valid cryptographic signature. This issue allows a remote attacker to bypass signature verification mechanisms, potentially...

7.5CVSS5.8AI score0.00392EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/05/15 7:57 p.m.9 views

CVE-2026-8596

Cleartext storage of sensitive information in the ModelBuilder/Serve component in Amazon SageMaker Python SDK before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to extract the HMAC signing key from SageMaker API responses and forge valid integrity signatures for special...

8.5CVSS6.2AI score0.00439EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/15 6:30 p.m.4 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the discovery document retrieval process via uripukidpenc and uripukidpsig properties. An attacker can intercept and modify the TLS connection to substitute a forged discovery document...

9.1CVSS5.4AI score0.00118EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/15 2:58 a.m.5 views

CVE-2024-36334

Improper verification of cryptographic signature in the Radeon RGB tool could allow a malicious file placed in the installation directory to be run with elevated privileges potentially leading to arbitrary code execution...

7CVSS6.1AI score0.00082EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.13 views

Crypt::DSA 安全特征问题漏洞

Crypt::DSA is a Perl cryptography module developed by TIMLEGGE’s individual developers, which supports the generation and verification of DSA digital signatures. Versions of Crypt::DSA prior to version 1.20 had security vulnerabilities. These vulnerabilities stemmed from the use of the Perl...

7.3CVSS5.8AI score0.00355EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/14 7:35 p.m.7 views

CVE-2026-8596 Cleartext storage of HMAC signing key in Amazon SageMaker Python SDK ModelBuilder/Serve path

Cleartext storage of sensitive information in the ModelBuilder/Serve component in Amazon SageMaker Python SDK before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to extract the HMAC signing key from SageMaker API responses and forge valid integrity signatures for special...

8.5CVSS6.2AI score0.00439EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/14 7:35 p.m.6 views

CVE-2026-8596

Cleartext storage of sensitive information in the ModelBuilder/Serve component in Amazon SageMaker Python SDK before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to extract the HMAC signing key from SageMaker API responses and forge valid integrity signatures for special...

8.5CVSS6.2AI score0.00439EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/05/14 7:35 p.m.29 views

CVE-2026-8596 Cleartext storage of HMAC signing key in Amazon SageMaker Python SDK ModelBuilder/Serve path

Cleartext storage of sensitive information in the ModelBuilder/Serve component in Amazon SageMaker Python SDK before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to extract the HMAC signing key from SageMaker API responses and forge valid integrity signatures for special...

8.5CVSS0.00439EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/14 2:39 p.m.50 views

CVE-2026-44308 Spring Cloud AWS: Missing SNS message signature verification allows spoofing of HTTP/HTTPS endpoint notifications

Spring Cloud AWS simplifies using AWS managed services in a Spring and Spring Boot applications. From 3.0.0 to 4.0.1, pplications using Spring Cloud AWS SNS HTTP/HTTPS endpoint support @NotificationMessageMapping, @NotificationSubscriptionMapping, @NotificationUnsubscribeConfirmationMapping did n...

6.3CVSS0.00179EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/13 6:30 p.m.10 views

EUVD-2020-31214

Ecommerce Systempay 1.0 contains a weak cryptographic implementation vulnerability that allows attackers to brute force the 16-character production secret key used for payment signature generation. Attackers can extract payment form data and signatures from POST requests to the payment endpoint,...

9.8CVSS5.8AI score0.00246EPSS
Exploits0References5
Rows per page
Query Builder