CVE-2026-13226

CVE-2026-13226 affects the Groundhogg WordPress plugin (CRM/Newsletters/Marketing Automation) up to version 4.5.4. It exposes a generic SQL Injection via the vulnerable 'after' parameter caused by insufficient escaping and lack of proper preparation in the existing SQL query. The issue allows aut...

EUVD-2026-39612

A flaw in Node.js TLS host verification can cause an attacker to bypass certification validation. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

EUVD-2026-39565

HMAC zero-length tag forgery in EVPDigestVerifyFinal, where a zero-length tag could be accepted as valid during HMAC verification. In the OpenSSL-compatibility HMAC verify path the supplied signature length was only checked as not exceeding the MAC length, so a zero-length or otherwise truncated...

EUVD-2026-39581

PKCS7verify signer confusion allows forged signatures, where the signer associated with a signature is not correctly bound, permitting a forged signature to be accepted...

CVE-2026-7511

CVE-2026-7511 describes a signer-confusion in PKCS7_verify where the signer for a signature is not correctly bound, allowing a forged signature to be accepted. The reported CVSSv4.0 metrics indicate an Adjacent attack vector, High attack complexity, requiring a present exploit and user interactio...

CVE-2026-6329

CVE-2026-6329 describes a vulnerability in PKCS#12 MAC verification in wolfSSL where the verification uses an attacker-controlled comparison length. The PKCS#12 verify path compares the locally computed HMAC against the MAC parsed from the PKCS#12 structure using a length taken directly from atta...

CVE-2026-6331

CVE-2026-6331 describes a vulnerability in the OpenSSL-compatibility HMAC verify path where EVP_DigestVerifyFinal could accept a zero-length or truncated tag. The root cause is insufficient validation of the supplied signature length, which was only checked to not exceed the MAC length rather tha...

EUVD-2026-39548

X.509 trust-chain bypass in the OpenSSL compatibility certificate verifier wolfSSLX509verifycert. This affects only builds with --enable-opensslextra OPENSSLEXTRA and whose application validates certificates by calling X509verifycert with caller-supplied untrusted intermediate certificates; for...

CVE-2026-11310

X.509 trust-chain bypass in the OpenSSL compatibility certificate verifier wolfSSLX509verifycert. This affects only builds with --enable-opensslextra OPENSSLEXTRA and whose application validates certificates by calling X509verifycert with caller-supplied untrusted intermediate certificates; for...

CVE-2026-11310

The CVE-2026-11310 entry concerns wolfSSL’s X509_verify_cert() when built with --enable-opensslextra (OPENSSL_EXTRA) and used by applications that pass untrusted intermediates to X509_verify_cert(). The root cause is that wolfSSL temporarily loads untrusted intermediates into the certificate mana...

EUVD-2026-39547

Out-of-bounds heap read during SM2/SM3 certificate signature verification. When parsing a certificate with an SM3wSM2 signature, the Subject Key Identifier computation reads the trailing 65 bytes of the public key without checking that the key is at least that long. A public key shorter than 65...

CVE-2026-12340

Out-of-bounds heap read during SM2/SM3 certificate signature verification. When parsing a certificate with an SM3wSM2 signature, the Subject Key Identifier computation reads the trailing 65 bytes of the public key without checking that the key is at least that long. A public key shorter than 65...

CVE-2026-12340

CVE-2026-12340 involves an out-of-bounds heap read in WolfSSL when verifying SM2/SM3 certificates. The bug occurs during Subject Key Identifier computation: the code reads the trailing 65 bytes of the public key without verifying the key length, causing a potential crash (denial of service) for b...

CVE-2026-55960

Un-negotiated Raw Public Key RFC 7250 accepted in place of an X.509 certificate, bypassing chain validation. A raw public key has no chain, so ParseCertRelative accepts it without performing any trust verification; it must therefore only be accepted when RPK was actually negotiated for that peer...

org.keycloak:keycloak-services: Keycloak: Authentication bypass via JWT algorithm confusion

A flaw was found in Keycloak. This JWT algorithm confusion vulnerability in the JWT Authorization Grant flow allows an attacker with valid client credentials to bypass signature verification. By forging an assertion, the attacker can create unauthorized access tokens. This enables the attacker to...

CVE-2026-6091

Partial-chain certificate verification may accept chains that terminate at a peer-supplied, untrusted intermediate certificate rather than a trusted anchor. An attacker could present a chain that ends at an intermediate they control and have it accepted as valid. This affects the OpenSSL...

CVE-2026-11999

CVE-2026-11999 affects wolfSSL when built with --enable-opensslextra. The X509_verify_cert() path-depth exhaustion in wolfSSL_X509_verify_cert() can allow an attacker-controlled certificate to be accepted if the caller supplies untrusted intermediates and the chain depth exceeds the verifier’s ma...

CVE-2026-11999 X.509 trust-chain bypass via path-depth exhaustion in wolfSSL_X509_verify_cert()

X.509 trust-chain bypass path-depth exhaustion in the OpenSSL compatibility certificate verifier wolfSSLX509verifycert. This affects only builds with --enable-opensslextra whose application calls X509verifycert with caller-supplied untrusted intermediates; for those users it is critical, otherwis...

EUVD-2026-39491

wolfSSLPKCS7verify returning success for a degenerate certs-only PKCS7 object that contains no signer. Such an object has empty signerInfos, so the underlying signed-data verification succeeds without authenticating any content. The compatibility-layer verify path now rejects the object when no...

CVE-2026-55961

wolfSSLPKCS7verify returning success for a degenerate certs-only PKCS7 object that contains no signer. Such an object has empty signerInfos, so the underlying signed-data verification succeeds without authenticating any content. The compatibility-layer verify path now rejects the object when no...