Lucene search
K

2245 matches found

Chainguard
Chainguard
added 2026/04/05 1:17 a.m.3 views

GHSA-M56Q-VW4C-C2CP vulnerabilities

Vulnerabilities for packages: langfuse, langfuse-fips...

6.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/03 12:56 p.m.7 views

CVE-2026-34610

A flaw was found in the leancrypto cryptographic library. A remote attacker can exploit an integer overflow vulnerability in the lcx509extractnamesegment function when processing the Common Name CN field of an X.509 certificate. By crafting a specially designed certificate, an attacker can cause...

5.9CVSS6AI score0.00162EPSS
Exploits0References2
Fedora
Fedora
added 2026/04/01 1:9 a.m.4 views

[SECURITY] Fedora 42 Update: firefox-149.0-4.fc42

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability...

5.8AI score
Exploits0
Fedora
Fedora
added 2026/03/31 12:27 a.m.8 views

[SECURITY] Fedora 44 Update: nss-3.121.0-1.fc44

Network Security Services NSS is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME, X.509 v3 certificates, and other security...

5.9AI score
Exploits0
NVD
NVD
added 2026/03/27 5:16 p.m.53 views

CVE-2026-28369

A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more spaces, it incorrectly processes the request by stripping these leading spaces. This behavior, which violates HTTP standards, can be exploited by a remote attacker to perform...

9.1CVSS0.00677EPSS
Exploits0References4
Fedora
Fedora
added 2026/03/27 1:18 a.m.3 views

[SECURITY] Fedora 43 Update: rust-cryptoki-0.12.0-2.fc43

Rust-native wrapper around the PKCS 11 API...

9.8CVSS5.8AI score0.00704EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.2 views

PT-2026-28378

Name of the Vulnerable Software and Affected Versions Undertow affected versions not specified Description A flaw exists in Undertow where the software incorrectly processes HTTP requests containing leading spaces in the first header line, violating HTTP standards. This can be exploited to perfor...

9.1CVSS6AI score0.00677EPSS
Exploits0References16
OSV
OSV
added 2026/03/24 3:23 p.m.3 views

MAL-2026-2329 Malicious code in @abi-labs-frontend/standards (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a60eba79d2fd49b58fb2a2073d2b7c87f66c1ad781bc1a6137962f9b5e772449 The package @abi-labs-frontend/standards was found to contain malicious code...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/24 3:23 p.m.9 views

Malicious code in @abi-labs-frontend/standards (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a60eba79d2fd49b58fb2a2073d2b7c87f66c1ad781bc1a6137962f9b5e772449 The package @abi-labs-frontend/standards was found to contain malicious code...

5.9AI score
Exploits0
OSV
OSV
added 2026/03/24 12:0 a.m.12 views

ALSA-2026:5603 Moderate: opencryptoki security update

The opencryptoki packages contain version 2.11 of the PKCS11 API, implemented for IBM Cryptocards, such as IBM 4764 and 4765 crypto cards. These packages includes support for the IBM 4758 Cryptographic CoProcessor with the PKCS11 firmware loaded, the IBM eServer Cryptographic Accelerator FC 4960 ...

6.8CVSS5.9AI score0.00162EPSS
Exploits0References4
Packet Storm News
Packet Storm News
added 2026/03/23 12:0 a.m.27 views

Towards Secure Retrieval-Augmented Generation: A Comprehensive Review of Threats, Defenses and Benchmarks

Retrieval-Augmented Generation RAG significantly mitigates the hallucinations and domain knowledge deficiency in large language models by incorporating external knowledge bases. However, the multi-module architecture of RAG introduces complex system-level security vulnerabilities. Guided by the R...

5.8AI score
Exploits0
CVE
CVE
added 2026/03/19 8:37 p.m.15 views

CVE-2026-4428

The CVE relates to AWS-LC CRL distribution point validation logic before 1.71.0. A logic error caused partitioned CRLs to be incorrectly rejected as out of scope, enabling a revoked certificate to bypass revocation checks. Affected software is AWS-LC prior to 1.71.0; the issue is fixed in AWS-LC ...

9.1CVSS5.7AI score0.00252EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/03/19 5:16 p.m.4 views

CVE-2026-0819

A stack buffer overflow vulnerability exists in wolfSSL's PKCS7 SignedData encoding functionality. In wcPKCS7BuildSignedAttributes, when adding custom signed attributes, the code passes an incorrect capacity value esd-signedAttribsCount to EncodeAttributes instead of the remaining available space...

7.1CVSS6.1AI score0.00101EPSS
Exploits0References2
Chainguard
Chainguard
added 2026/03/18 7:17 p.m.7 views

GHSA-8Q2W-WR49-WHQJ vulnerabilities

Vulnerabilities for packages: traefik-fips, traefik...

6.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2026/03/17 6:13 p.m.4 views

openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing

A flaw was found in OpenSSL. When processing a specially crafted PKCS12 Personal Information Exchange Syntax Standard file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSLuni2utf8 function, leads to memory corruption by writing data...

7.4CVSS7.4AI score0.00444EPSS
Exploits1References4
Packet Storm News
Packet Storm News
added 2026/03/17 12:0 a.m.10 views

Synchronized DNA Sources for Unconditionally Secure Cryptography

Secure communication is the cornerstone of modern infrastructures, yet achieving unconditional security -resistant to any computational attack- remains a fundamental challenge. The One-Time Pad OTP, proven by Shannon to offer perfect secrecy, requires a shared random key as long as the message,...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/09 12:0 a.m.4 views

AgenticCyOps: Securing Multi-Agentic AI Integration in Enterprise Cyber Operations

Multi-agent systems MAS powered by LLMs promise adaptive, reasoning-driven enterprise workflows, yet granting agents autonomous control over tools, memory, and communication introduces attack surfaces absent from deterministic pipelines. While current research largely addresses prompt-level...

5.8AI score
Exploits0
SUSE CVE
SUSE CVE
added 2026/03/04 12:29 a.m.4 views

SUSE CVE-2026-3338

Improper signature validation in PKCS7verify in AWS-LC allows an unauthenticated user to bypass signature verification when processing PKCS7 objects with Authenticated Attributes. Customers of AWS services do not need to take action. Applications using AWS-LC should upgrade to AWS-LC version 1.69...

8.7CVSS5.8AI score0.00779EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/02 12:0 a.m.7 views

PT-2026-22704

Name of the Vulnerable Software and Affected Versions AWS-LC versions prior to 1.69.0 Description A flaw exists in the PKCS7 verify function within AWS-LC that permits an unauthenticated user to circumvent signature verification when handling PKCS7 objects containing Authenticated Attributes. Thi...

8.7CVSS5.9AI score0.00779EPSS
Exploits0References20
Packet Storm News
Packet Storm News
added 2026/03/02 12:0 a.m.9 views

Comparison of Credential Management Systems Based on the Standards of IEEE, ETSI, and YD/T 3957-2021

As V2X Vehicle-to-Everything technology becomes increasingly prevalent, the security of V2X networks has garnered growing attention worldwide. In North America, the IEEE 1609 series standards are primarily used, while Europe adopts the ETSI series standards, and China has also established its...

5.9AI score
Exploits0
Rows per page
Query Builder