Lucene search
+L

263 matches found

CNNVD
CNNVD
added 2026/03/18 12:0 a.m.9 views

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has a security vulnerability, which stems from the SAML proxy endpoint failing to properly verify encrypted assertions. This vulnerability may lead to unauthorized access and information leakage...

7.7CVSS5.8AI score0.00241EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.9 views

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has a security vulnerability, which stems from the SAML endpoint not verifying the status of external identity Providers. This could lead to bypassing security controls and performing unauthorized...

8.1CVSS5.8AI score0.00413EPSS
Exploits0References7
EUVD
EUVD
added 2026/03/11 12:24 a.m.5 views

EUVD-2026-10932

sigstore-ruby verifier returns success for DSSE bundles with mismatched in-toto subject digest...

7.5CVSS5.8AI score0.00217EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/11 12:24 a.m.5 views

EUVD-2026-10933

sigstore-ruby verifier returns success for DSSE bundles with mismatched in-toto subject digest...

7.5CVSS5.8AI score0.00217EPSS
Exploits0References1
OSV
OSV
added 2026/03/11 12:24 a.m.4 views

GHSA-MHG6-2Q2V-9H2C sigstore-ruby verifier returns success for DSSE bundles with mismatched in-toto subject digest

Summary Sigstore::Verifierverify does not propagate the VerificationFailure returned by verifyintoto when the artifact digest does not match the digest in the in-toto attestation subject. As a result, verification of DSSE bundles containing in-toto statements returns VerificationSuccess regardles...

7.5CVSS6AI score0.00217EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/11 12:24 a.m.12 views

sigstore-ruby verifier returns success for DSSE bundles with mismatched in-toto subject digest

Summary Sigstore::Verifierverify does not propagate the VerificationFailure returned by verifyintoto when the artifact digest does not match the digest in the in-toto attestation subject. As a result, verification of DSSE bundles containing in-toto statements returns VerificationSuccess regardles...

7.5CVSS6AI score0.00217EPSS
Exploits0References4Affected Software1
RubySec
RubySec
added 2026/03/11 12:0 a.m.13 views

sigstore-ruby verifier returns success for DSSE bundles with mismatched in-toto subject digest

Summary Sigstore::Verifierverify does not propagate the VerificationFailure returned by verifyintoto when the artifact digest does not match the digest in the in-toto attestation subject. As a result, verification of DSSE bundles containing in-toto statements returns VerificationSuccess regardles...

7.5CVSS6AI score0.00217EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/03/10 10:16 p.m.7 views

CVE-2026-31830

sigstore-ruby is a pure Ruby implementation of the sigstore verify command from the sigstore/cosign project. Prior to 0.2.3, Sigstore::Verifierverify does not propagate the VerificationFailure returned by verifyintoto when the artifact digest does not match the digest in the in-toto attestation...

7.5CVSS0.00217EPSS
Exploits0References1
OSV
OSV
added 2026/03/10 9:46 p.m.5 views

CVE-2026-31830 sigstore-ruby verifier returns success for DSSE bundles with mismatched in-toto subject digest

sigstore-ruby is a pure Ruby implementation of the sigstore verify command from the sigstore/cosign project. Prior to 0.2.3, Sigstore::Verifierverify does not propagate the VerificationFailure returned by verifyintoto when the artifact digest does not match the digest in the in-toto attestation...

7.5CVSS5.8AI score0.00217EPSS
Exploits0References3
NVD
NVD
added 2026/03/06 7:16 a.m.8 views

CVE-2026-28802

Authlib is a Python library which builds OAuth and OpenID Connect servers. From version 1.6.5 to before version 1.6.7, previous tests involving passing a malicious JWT containing alg: none and an empty signature was passing the signature verification step without any changes to the application co...

9.8CVSS0.00425EPSS
Exploits1References12
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.14 views

ASUSTOR ADM 安全漏洞

ASUSTOR ADM is a dedicated operating system developed by ASUSTOR Technology ASUSTOR for all ASUSTOR NAS devices. Vulnerabilities exist in versions 4.1.0 to 4.3.3.ROF1, and from version 5.0.0 to 5.1.1.RCI1 of ASUSTOR ADM. These vulnerabilities stem from the DDNS update feature not correctly...

8.9CVSS7.1AI score0.00206EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/27 9:7 a.m.9 views

CVE-2026-21721

The dashboard permissions API does not verify the target dashboard scope and only checks the dashboards.permissions: action. As a result, a user who has permission management rights on one dashboard can read and modify permissions on other dashboards. This is an organization‑internal privilege...

8.1CVSS5.9AI score0.00647EPSS
Exploits1References2Affected Software2
OSV
OSV
added 2026/01/20 8:55 p.m.8 views

GHSA-63M5-974W-448V Fleet has a JWT signature bypass vulnerability in Azure AD MDM enrollment

Summary A vulnerability in Fleet’s Windows MDM enrollment flow could allow an attacker to submit forged authentication tokens that are not properly validated. Because JWT signatures were not verified, Fleet could accept attacker-controlled identity claims, enabling enrollment of unauthorized...

9.3CVSS5.8AI score0.00226EPSS
Exploits0References5
NVD
NVD
added 2026/01/16 7:15 a.m.9 views

CVE-2026-0939

The Rede Itaú for WooCommerce plugin for WordPress is vulnerable to order status manipulation due to insufficient verification of data authenticity in all versions up to, and including, 5.1.2. This is due to the plugin failing to verify the authenticity of payment callbacks. This makes it possibl...

5.3CVSS0.00148EPSS
Exploits0References5
Snyk
Snyk
added 2026/01/13 9:55 p.m.3 views

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception in the handling of failed KZG verification for p2p messages. An attacker can cause a node to shut down or crash by sending a specially crafted message. Remediation Upgrade github.com/ethereum/go-ethereum/core/txpool t...

7.5CVSS6.8AI score0.00569EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/13 9:55 p.m.6 views

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception in the handling of failed KZG verification for p2p messages. An attacker can cause a node to shut down or crash by sending a specially crafted message. Remediation Upgrade github.com/ethereum/go-ethereum/eth/fetcher t...

7.5CVSS6.8AI score0.00569EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 11:20 a.m.5 views

CVE-2021-22410

There is a XSS injection vulnerability in iMaster NCE-Fabric V100R019C10. A module of the client does not verify the input sufficiently. Attackers can exploit this vulnerability by modifying input after logging onto the client. This may compromise the normal service of the client...

5.4CVSS6.7AI score0.00315EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:59 a.m.5 views

CVE-2023-50253

Laf is a cloud development platform. In the Laf version design, the log uses communication with k8s to quickly retrieve logs from the container without the need for additional storage. However, in version 1.0.0-beta.13 and prior, this interface does not verify the permissions of the pod, which...

9.6CVSS6.2AI score0.00741EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:44 a.m.14 views

CVE-2022-23764

The vulnerability causing from insufficient verification procedures for downloaded files during WebCube update. Remote attackers can bypass this verification logic to update both digitally signed and unauthorized files, enabling remote code execution...

9.8CVSS7.6AI score0.00548EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/25 8:16 a.m.7 views

CVE-2025-64641

Mattermost versions 11.1.x = 11.1.0, 11.0.x = 11.0.5, 10.12.x = 10.12.3, 10.11.x = 10.11.7 fail to verify that post actions invoking /share-issue-publicly were created by the Jira plugin which allowed a malicious Mattermost user to exfiltrate Jira tickets when victim users interacted with affecte...

4.1CVSS6.8AI score0.00146EPSS
Exploits0References1
Rows per page
Query Builder