69602 matches found
CVE-2026-2396
creationtimestamp| type| source ---|---|--- 2026-04-15 00:40:36+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjinvgwpcl2z...
CVE-2026-1314
creationtimestamp| type| source ---|---|--- 2026-04-15 00:19:33+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjimprprmr2o 2026-04-22 21:02:34+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3mk4fgtcu522h...
CVE-2026-27301
creationtimestamp| type| source ---|---|--- 2026-04-15 00:06:30+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjilygpeht2z...
CVE-2026-39984
Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Versions 2.0.5 and below contain an authorization bypass vulnerability in the VerifyTimestampResponse function. VerifyTimestampResponse correctly verifies the certificate chain signature, but the TSA-specific constraint...
Sigstore Timestamp Authority 安全漏洞
Sigstore Timestamp Authority is an open-source RFC3161 timestamp authorization software developed by sigstore. Versions of Sigstore Timestamp Authority 2.0.5 and earlier contained security vulnerabilities. These vulnerabilities stemmed from issues with the VerifyTimestampResponse function, which...
CVE-2026-39984 Sigstore Timestamp Authority has Improper Certificate Validation in verifier
Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Versions 2.0.5 and below contain an authorization bypass vulnerability in the VerifyTimestampResponse function. VerifyTimestampResponse correctly verifies the certificate chain signature, but the TSA-specific constraint...
CVE-2026-39984
Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Versions 2.0.5 and below contain an authorization bypass vulnerability in the VerifyTimestampResponse function. VerifyTimestampResponse correctly verifies the certificate chain signature, but the TSA-specific constraint...
Improper Certificate Validation
Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the VerifyTimestampResponse function when a forged certificate is prepended to the certificate bag. An attacker can bypass authorization checks by supplying a payload where the signature is validated...
CVE-2026-39984 Sigstore Timestamp Authority has Improper Certificate Validation in verifier
Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Versions 2.0.5 and below contain an authorization bypass vulnerability in the VerifyTimestampResponse function. VerifyTimestampResponse correctly verifies the certificate chain signature, but the TSA-specific constraint...
CVE-2026-39984
Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Versions 2.0.5 and below contain an authorization bypass vulnerability in the VerifyTimestampResponse function. VerifyTimestampResponse correctly verifies the certificate chain signature, but the TSA-specific constraint...
Improper Certificate Validation
Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the VerifyTimestampResponse function when a forged certificate is prepended to the certificate bag. An attacker can bypass authorization checks by supplying a payload where the signature is validated...
CVE-2026-39984
CVE-2026-39984 – Sigstore Timestamp Authority (tsa/timestamp-authority/v2/pkg/verification) : Versions 2.0.5 and earlier contain an authorization bypass in VerifyTimestampResponse. The code validates the certificate chain correctly but applies TSA-specific constraints using the first non-CA certi...
CVE-2026-34631
creationtimestamp| type| source ---|---|--- 2026-04-14 23:22:29+00:00| published-proof-of-concept| Telegram/70ang71mEb6lYSNq2VZHiuuV7i7KfipPcLMkKoGk9-znXQ 2026-04-15 12:08:32+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mjjudk3jdv2m 2026-06-13 09:07:08+00:00| seen|...
CVE-2026-40291
creationtimestamp| type| source ---|---|--- 2026-04-14 23:22:29+00:00| published-proof-of-concept| Telegram/70ang71mEb6lYSNq2VZHiuuV7i7KfipPcLMkKoGk9-znXQ 2026-04-15 12:00:03+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mjjtuezgen2p 2026-04-22 20:37:07+00:00| seen|...
CVE-2026-35196
creationtimestamp| type| source ---|---|--- 2026-04-14 23:22:29+00:00| published-proof-of-concept| Telegram/70ang71mEb6lYSNq2VZHiuuV7i7KfipPcLMkKoGk9-znXQ 2026-04-15 12:08:40+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mjjudrmv7g2u...
CVE-2026-33019
creationtimestamp| type| source ---|---|--- 2026-04-14 23:22:03+00:00| seen| Telegram/7o25spvsi10qoVsYDQCR4BvQZf2Pb0MXjY1dtOy-qDOy7tc...
CVE-2026-34602
creationtimestamp| type| source ---|---|--- 2026-04-14 23:22:03+00:00| seen| Telegram/7o25spvsi10qoVsYDQCR4BvQZf2Pb0MXjY1dtOy-qDOy7tc...
GHSA-2XGM-4X47-2X2P
creationtimestamp| type| source ---|---|--- 2026-04-14 23:22:03+00:00| seen| Telegram/7o25spvsi10qoVsYDQCR4BvQZf2Pb0MXjY1dtOy-qDOy7tc...
GHSA-X373-8J9J-G5PJ
creationtimestamp| type| source ---|---|--- 2026-04-14 23:22:03+00:00| seen| Telegram/7o25spvsi10qoVsYDQCR4BvQZf2Pb0MXjY1dtOy-qDOy7tc...
CVE-2026-27282
creationtimestamp| type| source ---|---|--- 2026-04-14 23:21:52+00:00| seen| Telegram/jHpVmdM968c9lFQ4KStSRALTqvtLmQ8NC1zLLnKyLbbys0E 2026-04-15 01:56:06+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mjis4gfiax2a 2026-04-15 12:08:47+00:00| seen|...