Lucene search
K

16 matches found

NVD
NVD
added 2026/06/12 7:16 p.m.21 views

CVE-2026-50108

The Naxclow platform API that returns device relay registration details exposes a persistent credential without verifying that the requester is the legitimate device or owner. An actor able to present a platform-valid request signature can retrieve credentials for arbitrary devices and register o...

8.7CVSS0.00306EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.10 views

CVE-2026-44308

Spring Cloud AWS simplifies using AWS managed services in a Spring and Spring Boot applications. From 3.0.0 to 4.0.1, pplications using Spring Cloud AWS SNS HTTP/HTTPS endpoint support @NotificationMessageMapping, @NotificationSubscriptionMapping, @NotificationUnsubscribeConfirmationMapping did n...

6.3CVSS5.5AI score0.00179EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/13 7:23 p.m.4 views

CVE-2026-40070

BSV Ruby SDK is the Ruby SDK for the BSV blockchain. From 0.3.1 to before 0.8.2, BSV::Wallet::WalletClientacquirecertificate persists certificate records to storage without verifying the certifier's signature over the certificate contents. In acquisitionprotocol: 'direct', the caller supplies all...

8.1CVSS5.8AI score0.00135EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/04/09 8:28 p.m.8 views

bsv-sdk and bsv-wallet persist unverified certifier signatures in acquire_certificate (direct and issuance paths)

Unverified certifier signatures persisted by acquirecertificate Affected packages Both bsv-sdk and bsv-wallet are published from the sgbett/bsv-ruby-sdk repository. The vulnerable code lives in lib/bsv/walletinterface/walletclient.rb, which is physically shipped inside both gems the...

8.1CVSS6.1AI score0.00135EPSS
Exploits1References9Affected Software2
Vulnrichment
Vulnrichment
added 2026/04/09 5:26 p.m.4 views

CVE-2026-40070 bsv-sdk and bsv-wallet persist unverified certifier signatures in acquire_certificate (direct and issuance paths)

BSV Ruby SDK is the Ruby SDK for the BSV blockchain. From 0.3.1 to before 0.8.2, BSV::Wallet::WalletClientacquirecertificate persists certificate records to storage without verifying the certifier's signature over the certificate contents. In acquisitionprotocol: 'direct', the caller supplies all...

8.1CVSS5.8AI score0.00135EPSS
Exploits1References5
CVE
CVE
added 2026/04/09 5:26 p.m.18 views

CVE-2026-40070

The CVE-2026-40070 entry affects the BSV Ruby SDK (0.3.1–before 0.8.2). The vulnerability is in BSV::Wallet::WalletClient#acquire_certificate, which persists certificate records to storage without verifying the certifier’s signature in both acquisition_protocol paths: direct (caller-supplied fiel...

8.1CVSS5.9AI score0.00135EPSS
Exploits1References5Affected Software2
Cvelist
Cvelist
added 2026/04/09 5:26 p.m.24 views

CVE-2026-40070 bsv-sdk and bsv-wallet persist unverified certifier signatures in acquire_certificate (direct and issuance paths)

BSV Ruby SDK is the Ruby SDK for the BSV blockchain. From 0.3.1 to before 0.8.2, BSV::Wallet::WalletClientacquirecertificate persists certificate records to storage without verifying the certifier's signature over the certificate contents. In acquisitionprotocol: 'direct', the caller supplies all...

8.1CVSS0.00135EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/04/01 6:56 a.m.7 views

CVE-2026-32883

A flaw was found in Botan. A remote attacker could exploit a vulnerability in the X509 path validation process where the signature of Online Certificate Status Protocol OCSP responses was not verified. This omission allows an attacker to provide forged OCSP responses, potentially leading to the...

6.8CVSS5.8AI score0.00154EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/22 10:7 p.m.9 views

CVE-2026-23518

Fleet is open source device management software. In versions prior to 4.78.3, 4.77.1, 4.76.2, 4.75.2, and 4.53.3, a vulnerability in Fleet's Windows MDM enrollment flow could allow an attacker to submit forged authentication tokens that are not properly validated. Because JWT signatures were not...

9.8CVSS5.7AI score0.00226EPSS
Exploits0References1
OSV
OSV
added 2026/01/14 10:23 a.m.3 views

SUSE-SU-2026:20080-1 Security update for gpg2

This update for gpg2 fixes the following issues: - CVE-2025-68973: out-of-bounds write when processing specially crafted input in the armor parser can lead to memory corruption bsc1255715. Other security fixes: - gpg: Avoid potential downgrade to SHA1 in 3rd party key signatures bsc1256246. - gpg...

7.8CVSS7.1AI score0.00129EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2025/12/31 12:0 a.m.6 views

Unity Linux 20.1070e Security Update: poppler (UTSA-2025-993337)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993337 advisory. NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries. Tenable ha...

4.3CVSS5.1AI score0.00097EPSS
Exploits0References4
OSV
OSV
added 2025/12/13 4:16 p.m.5 views

CVE-2025-36747

ShineLan-X contains a set of credentials for an FTP server was found within the firmware, allowing testers to establish an insecure FTP connection with the server. This may allow an attacker to replace legitimate files being deployed to devices with their own malicious versions, since the firmwar...

9.8CVSS5.8AI score0.00299EPSS
Exploits0References1
CVE
CVE
added 2025/12/10 12:0 a.m.22 views

CVE-2025-65295

The CVE-2025-65295 affects Aqara Hub family (Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, Hub M3 4.3.6_0025). Root cause: firmware update process fails to validate signatures and uses outdated cryptographic methods, enabling forged signatures and potential malicious firmware installation. Additio...

8.1CVSS6.5AI score0.00204EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2025/04/23 12:0 a.m.4 views

CarlinKit CPC200-CCPA 数据伪造问题漏洞

CarlinKit CPC200-CCPA is a wireless CarPlay and Android Auto adapter from CarlinKit. The CarlinKit CPC200-CCPA suffers from a Data Forgery Issue vulnerability that stems from update.cgi processing update packages without verifying cryptographic signatures, which could lead to arbitrary code...

8CVSS8.2AI score0.00233EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/10/31 12:0 a.m.8 views

PT-2024-34157 · Laravel · Laravel Reverb

Name of the Vulnerable Software and Affected Versions: Laravel Reverb versions prior to 1.4.0 Description: The issue is related to unverified verification signatures for requests sent to Reverb's Pusher-compatible API. This API is used for scenarios such as broadcasting messages or obtaining...

8.7CVSS6.8AI score0.00332EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2022/05/10 2:11 p.m.4 views

libreoffice: Content Manipulation with Certificate Validation Attack

A flaw was found in LibreOffice, where it improperly validated signatures for algorithms that were not verified. This flaw leads to LibreOffice presenting a valid signature when the validity of the signature was not verified. The highest threat from this vulnerability is to confidentiality and...

5.5CVSS7AI score0.00135EPSS
Exploits0References5
Rows per page
Query Builder