Lucene search
K

501 matches found

RedhatCVE
RedhatCVE
added yesterday6 views

CVE-2026-14781

A flaw exists in the org.keycloak.broker.oidc package where the OIDC broker incorrectly synchronizes the emailverified claim. When an OIDC identity provider is configured with trustEmail=true and the userinfo endpoint is enabled, Keycloak retrieves the email address from the userinfo response but...

4.8CVSS6.1AI score0.00196EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-41419

CubeSpace CW0057 Reaction Wheel firmware versions prior to 5.0.20 are vulnerable to an Improper Verification of Cryptographic Signature vulnerability. This could allow an attacker with physical access to the product to upload arbitrary malicious firmware to the device without authentication...

5.2CVSS5.9AI score0.00116EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 4 days ago7 views

PT-2026-55283

Name of the Vulnerable Software and Affected Versions CubeSpace CW0057 Reaction Wheel versions prior to 5.0.20 Description An improper verification of cryptographic signature allows an attacker with physical access to the product to upload arbitrary malicious firmware to the device without...

5.2CVSS6AI score0.00116EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 6 days ago8 views

Linux Distros Unpatched Vulnerability : CVE-2026-6329

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PKCS12 MAC verification uses an attacker-controlled comparison length, weakening the integrity check on the MAC and allowing a mismatched MAC to be accepted. Th...

6.5CVSS6AI score0.0016EPSS
Exploits0References3
NVD
NVD
added last week10 views

CVE-2026-13742

Honeywell IQ MultiAccess, all versions prior to and including version 28, contain an improper digital signature verification vulnerability. An attacker could potentially exploit this vulnerability, leading to the replacement of downloaded file with a malicious one. Honeywell also recommends...

5.8CVSS0.00083EPSS
Exploits0References1
OSV
OSV
added last week6 views

PYSEC-2026-525 rfc3161-client has insufficient verification for timestamp response signatures

Impact rfc3161-client 1.0.2 and earlier contain a flaw in their timestamp response signature verification logic. In particular, it performs chain verification against the TSR's embedded certificates up to the trusted roots, but fails to verify the TSR's own signature against the timestamping leaf...

9.3CVSS5.7AI score0.00147EPSS
Exploits0References6
NVD
NVD
added 2026/06/26 9:16 p.m.8 views

CVE-2026-52885

Notepad++ is a free and open-source source code editor. Prior to 8.9.6.4, NppCommands.cpp checks the HMAC of the on-disk shortcuts.xml at the moment a user command fires Time-of-Check. However, the command payload is taken from the in-memory userCommands vector, which is populated at application...

7.5CVSS0.00129EPSS
Exploits2References2
OSV
OSV
added 2026/06/26 2:16 a.m.3 views

ALPINE-CVE-2026-48934

A flaw in Node.js TLS host verification can cause an attacker to bypass certification validation. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

4.3CVSS6.1AI score0.00258EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 1:14 a.m.8 views

EUVD-2026-39612

A flaw in Node.js TLS host verification can cause an attacker to bypass certification validation. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

4.3CVSS6.3AI score0.00258EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 12:32 a.m.4 views

EUVD-2026-39581

PKCS7verify signer confusion allows forged signatures, where the signer associated with a signature is not correctly bound, permitting a forged signature to be accepted...

5.9CVSS5.8AI score0.00171EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/24 9:37 p.m.19 views

CVE-2026-9779 ATEN Unizon doCryptoHugeFileToFile Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability

ATEN Unizon doCryptoHugeFileToFile Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability. The...

7.2CVSS0.00376EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/18 8:52 p.m.7 views

CVE-2026-49454

Relyra is a strict-by-default SAML 2.0 Service Provider library for Elixir and Phoenix. Versions 1.0.0 and 1.1.0 accept forged SAML signatures because SignatureValue was not cryptographically verified before the library returned a successful authentication result. The XMLDSig trust boundary was...

9.1CVSS5.3AI score0.00135EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/06/18 2:13 p.m.10 views

EUVD-2026-37897

Woodpecker is a CI/CD engine. Starting in version 3.0.0 and prior to version 3.14.1, a vulnerability in Woodpecker CI's gRPC layer allowed any authenticated agent to impersonate any other agent on the same server by injecting a forged agentid value into outgoing gRPC metadata. The server correctl...

7.1CVSS5.4AI score0.00246EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/06/13 2:19 a.m.8 views

SUSE CVE-2026-42769

Issue Summary: An error in the callback used to verify the certificate provided in a Root CA key update Certificate Management Protocol CMP message response rendered the certificate validation ineffectual, which could lead to escalation of credentials from the Registration Authority RA level to t...

5.9CVSS5.7AI score0.00262EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/12 2:27 a.m.28 views

CVE-2026-48612

Improper state verification in the OAuth implementation could allow an attacker to manipulate the authentication flow and cause a victim’s account to be linked to an attacker-controlled account. This can result in unauthorized account linking and potential account takeover...

8CVSS0.0012EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.13 views

SAP NetWeaver AS Java Apache Log4j Vulnerability (3726899)

The version of SAP NetWeaver Application Server Java detected on the remote host is affected by a vulnerability in the Apache Log4j library as referenced in SAP Security Note 3726899: - The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname...

6.3CVSS6.1AI score0.00743EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/11 3:0 p.m.7 views

Security Bulletin: Multiple Vulnerabilities in IBM Guardium Key Lifecycle Manager (CVE-2025-68161, CVE-2026-1726)

Summary Security Vulnerabilities have been addressed in IBM Guardium Key Lifecycle Manager Vulnerability Details CVEID:CVE-2026-1726 DESCRIPTION: IBM Security Guardium enables privilege escalation, allowing unauthorized users to perform administrative operations after being demoted. Attackers cou...

6.3CVSS6.1AI score0.00743EPSS
Exploits1Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/11 1:24 p.m.7 views

openssl: Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate

A flaw was found in the Certificate Management Protocol CMP implementation within OpenSSL. An attacker with existing Registration Authority RA level credentials could exploit an error in the certificate verification process during a Root Certificate Authority CA key update. This vulnerability...

5.3CVSS5.5AI score0.00262EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2026/06/09 4:3 p.m.8 views

CVE-2026-42769

Issue Summary: An error in the callback used to verify the certificate provided in a Root CA key update Certificate Management Protocol CMP message response rendered the certificate validation ineffectual, which could lead to escalation of credentials from the Registration Authority RA level to t...

5.3CVSS5.7AI score0.00262EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:29 p.m.10 views

CVE-2026-2128

The Breeze plugin for WordPress is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor in all versions up to, and including, 2.5.2 This is due to improper verification of the wordpressloggedin cookie in the inc/cache/execute-cache.php file when the "Cache Logged-in Users"...

5.3CVSS5.5AI score0.00273EPSS
Exploits0References1
Rows per page
Query Builder