Lucene search
K

3575 matches found

Cvelist
Cvelist
added 2026/03/27 10:8 p.m.22 views

CVE-2026-33936 python-ecdsa: Denial of Service via improper DER length validation in crafted private keys

The ecdsa PyPI package is a pure Python implementation of ECC Elliptic Curve Cryptography with support for ECDSA Elliptic Curve Digital Signature Algorithm, EdDSA Edwards-curve Digital Signature Algorithm and ECDH Elliptic Curve Diffie-Hellman. Prior to version 0.19.2, an issue in the low-level D...

5.3CVSS0.00476EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/27 10:8 p.m.3 views

CVE-2026-33936

The ecdsa PyPI package is a pure Python implementation of ECC Elliptic Curve Cryptography with support for ECDSA Elliptic Curve Digital Signature Algorithm, EdDSA Edwards-curve Digital Signature Algorithm and ECDH Elliptic Curve Diffie-Hellman. Prior to version 0.19.2, an issue in the low-level D...

5.3CVSS5.8AI score0.00476EPSS
Exploits1References4Affected Software1
AlpineLinux
AlpineLinux
added 2026/03/27 10:8 p.m.3 views

CVE-2026-33936

The ecdsa PyPI package is a pure Python implementation of ECC Elliptic Curve Cryptography with support for ECDSA Elliptic Curve Digital Signature Algorithm, EdDSA Edwards-curve Digital Signature Algorithm and ECDH Elliptic Curve Diffie-Hellman. Prior to version 0.19.2, an issue in the low-level D...

5.3CVSS5.8AI score0.00476EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2026/03/27 10:8 p.m.3 views

CVE-2026-33936

The ecdsa PyPI package is a pure Python implementation of ECC Elliptic Curve Cryptography with support for ECDSA Elliptic Curve Digital Signature Algorithm, EdDSA Edwards-curve Digital Signature Algorithm and ECDH Elliptic Curve Diffie-Hellman. Prior to version 0.19.2, an issue in the low-level D...

5.3CVSS5.2AI score0.00476EPSS
Exploits1
Snyk
Snyk
added 2026/03/27 8:43 p.m.3 views

Improper Encoding or Escaping of Output

Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output through the buildCannedPolicy and buildCustomPolicy functions in the CloudFront signing utilities. An attacker can alter the generated CloudFront policy document and weaken access restrictions by...

9.3CVSS5.9AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/27 8:43 p.m.120 views

AWS SDK for Java 2.0: Improper Handling of Special Characters in CloudFront Signing Utilities

Summary This notification is related to the CloudFront signing utilities in the AWS SDK for Java v2, which are used to generate Amazon CloudFront signed URLs and signed cookies. A defense-in-depth enhancement has been implemented to improve handling of special characters, such as double quotes an...

5.8AI score
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/27 8:43 p.m.1 views

GHSA-443W-3RQ3-5M5H AWS SDK for Java 2.0: Improper Handling of Special Characters in CloudFront Signing Utilities

Summary This notification is related to the CloudFront signing utilities in the AWS SDK for Java v2, which are used to generate Amazon CloudFront signed URLs and signed cookies. A defense-in-depth enhancement has been implemented to improve handling of special characters, such as double quotes an...

7.7CVSS5.8AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/27 7:54 p.m.108 views

AWS SDK for PHP has CloudFront Policy Document Injection via Special Characters

Summary This notification is related to the CloudFront signing utilities in the AWS SDK for PHP, which are used to generate Amazon CloudFront signed URLs and signed cookies. A defense-in-depth enhancement has been implemented to improve handling of special characters, such as double quotes and...

5.8AI score
Exploits0References4Affected Software1
GithubExploit
GithubExploit
added 2026/03/26 5:17 p.m.139 views

Troll-Exploit

TrollStore TrollStore is a permasigned jailed app that can pe...

6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/26 3:16 p.m.4 views

CVE-2026-20699

A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.3, macOS Tahoe 26.4. An app may be able to access user-sensitive data...

6.2CVSS5.8AI score0.00137EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:14 p.m.3 views

CVE-2025-52648

HCL AION is affected by a vulnerability where offering images are not digitally signed. Lack of image signing may allow the use of unverified or tampered images, potentially leading to security risks such as integrity compromise or unintended behavior in the system...

4.8CVSS5.8AI score0.00117EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:4 p.m.3 views

CVE-2025-64998

Exposure of session signing secret in Checkmk 2.4.0p23, 2.3.0p45 and 2.2.0 allows an administrator of a remote site with config sync enabled to hijack sessions on the central site by forging session cookies...

7.3CVSS5.8AI score0.00334EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/26 3:30 a.m.4 views

EUVD-2014-9820

Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution. Plack::Middleware::Session::Cookie versions through 0.21 has a security vulnerability where it allows an attacker to execute arbitrary code on the server during deserialization of the cookie data, when...

9.8CVSS6.4AI score0.0083EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/26 2:4 a.m.2 views

CVE-2014-125112 Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution

Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution. Plack::Middleware::Session::Cookie versions through 0.21 has a security vulnerability where it allows an attacker to execute arbitrary code on the server during deserialization of the cookie data, when...

6.4AI score0.0083EPSS
Exploits0References2
OSV
OSV
added 2026/03/25 5:3 p.m.3 views

GHSA-WWV8-CQPR-VX3M Modoboa has OS Command Injection

Summary execcmd in modoboa/lib/sysutils.py always runs subprocess calls with shell=True. Since domain names flow directly into shell command strings without any sanitization, a Reseller or SuperAdmin can include shell metacharacters in a domain name to run arbitrary OS commands on the server...

7.2CVSS6.1AI score0.00566EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/03/25 4:5 p.m.1 views

CVE-2026-20104

A vulnerability in the bootloader of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches, Cisco Catalyst ESS9300 Embedded Series Switches, Cisco Catalyst IE9310 and IE9320 Rugged Series Switches, and Cisco IE3500 and IE3505 Rugged Series Switches could allow an authenticated, local...

6.1CVSS6.2AI score0.00162EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/25 3:31 a.m.10 views

EUVD-2026-15074

A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.3, macOS Tahoe 26.4. An app may be able to access user-sensitive data...

6.2CVSS5.8AI score0.00137EPSS
Exploits0References5
NVD
NVD
added 2026/03/25 1:17 a.m.4 views

CVE-2026-20699

A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.3, macOS Tahoe 26.4. An app may be able to access user-sensitive data...

6.2CVSS0.00137EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/25 12:32 a.m.6 views

CVE-2026-20699

A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.3, macOS Tahoe 26.4. An app may be able to access user-sensitive data...

5.8AI score0.00137EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/25 12:32 a.m.21 views

CVE-2026-20699

A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.3, macOS Tahoe 26.4. An app may be able to access user-sensitive data...

0.00137EPSS
Exploits0References4
Rows per page
Query Builder