Lucene search
K

393238 matches found

NVD
NVD
added 1 hour ago4 views

CVE-2026-50721

Libreswan, via the function RSAauthenticatehashsignaturerawrsa, did not correctly verify the length of the authentication hash when the SIG payload of an IKEv1 packet was encoded using PKCS 1 RSA Encryption as per RFC 2313. A remote attacker can use a variation on the Bleichenbacher attack to for...

8.1CVSS
Exploits0References4
NVD
NVD
added 1 hour ago4 views

CVE-2026-50722

Libreswan, via the function RSAauthenticatehashsignaturepkcs115rsa, did not correctly verify the DER encoding of the ASN.1 digest when the IKEv2 AUTH payload was encoded using RSASSA-PKCS1-v15 RFC 8017. A remote attacker can use a variation on the Bleichenbacher attack to forge the AUTH payload...

8.1CVSS
Exploits0References4
Cvelist
Cvelist
added 1 hour ago5 views

CVE-2026-50721 IKEv1 Denial of Service via RSA-SHA1 (PKCS#1 Version 1.5 Encrypted) authentication payload

Libreswan, via the function RSAauthenticatehashsignaturerawrsa, did not correctly verify the length of the authentication hash when the SIG payload of an IKEv1 packet was encoded using PKCS 1 RSA Encryption as per RFC 2313. A remote attacker can use a variation on the Bleichenbacher attack to for...

8.1CVSS
Exploits0References4
EUVD
EUVD
added 1 hour ago2 views

EUVD-2026-41441

Libreswan, via the function RSAauthenticatehashsignaturerawrsa, did not correctly verify the length of the authentication hash when the SIG payload of an IKEv1 packet was encoded using PKCS 1 RSA Encryption as per RFC 2313. A remote attacker can use a variation on the Bleichenbacher attack to for...

8.1CVSS6.3AI score
Exploits0References4
CVE
CVE
added 1 hour ago6 views

CVE-2026-50721

Libreswan, via the function RSAauthenticatehashsignaturerawrsa, did not correctly verify the length of the authentication hash when the SIG payload of an IKEv1 packet was encoded using PKCS 1 RSA Encryption as per RFC 2313. A remote attacker can use a variation on the Bleichenbacher attack to for...

8.1CVSS6.3AI score
Exploits0References4
Cvelist
Cvelist
added 1 hour ago4 views

CVE-2026-50722 IKEv2 Denial of Service via RSA-SHA1 (PKCS#1 RSASSA-PKCS1-v1_5) authentication payload

Libreswan, via the function RSAauthenticatehashsignaturepkcs115rsa, did not correctly verify the DER encoding of the ASN.1 digest when the IKEv2 AUTH payload was encoded using RSASSA-PKCS1-v15 RFC 8017. A remote attacker can use a variation on the Bleichenbacher attack to forge the AUTH payload...

8.1CVSS
Exploits0References4
EUVD
EUVD
added 1 hour ago2 views

EUVD-2026-41440

Libreswan, via the function RSAauthenticatehashsignaturepkcs115rsa, did not correctly verify the DER encoding of the ASN.1 digest when the IKEv2 AUTH payload was encoded using RSASSA-PKCS1-v15 RFC 8017. A remote attacker can use a variation on the Bleichenbacher attack to forge the AUTH payload...

8.1CVSS6.3AI score
Exploits0References4
CVE
CVE
added 1 hour ago4 views

CVE-2026-50722

Libreswan, via the function RSAauthenticatehashsignaturepkcs115rsa, did not correctly verify the DER encoding of the ASN.1 digest when the IKEv2 AUTH payload was encoded using RSASSA-PKCS1-v15 RFC 8017. A remote attacker can use a variation on the Bleichenbacher attack to forge the AUTH payload...

8.1CVSS6.3AI score
Exploits0References4
EUVD
EUVD
added 1 hour ago3 views

EUVD-2026-41433

Forgejo before 15.0.3 contains a stored cross-site scripting vulnerability that allows authenticated attackers to execute arbitrary JavaScript in other users' browsers by setting a full name containing an HTML payload and triggering an Actions run. When the DEFAULTSHOWFULLNAME option is enabled,...

5.4CVSS6AI score
Exploits0References5
EUVD
EUVD
added 1 hour ago3 views

EUVD-2026-41417

Eclipse Wakaama before snapshot/2026-05-26 contains an unbounded memory allocation vulnerability in the CoAP Block1 handler within coap/block.c that allows unauthenticated remote attackers to exhaust server memory by sending a sequence of Block1 PUT requests with incrementing block numbers...

8.7CVSS6AI score
Exploits0References5
Github Security Blog
Github Security Blog
added 3 hours ago2 views

9router: Missing Authorization and OS Command Injection

Unauthenticated RCE via /api/tunnel/tailscale-install Affected: 9router npm package — current master v0.4.39. Summary POST /api/tunnel/tailscale-install accepts a JSON body with a sudoPassword field and pipes it, followed by the body of https://tailscale.com/install.sh, into a child process spawn...

5.9AI score
Exploits0References2Affected Software1
NVD
NVD
added 3 hours ago2 views

CVE-2026-59102

Forgejo before 15.0.3 contains a stored cross-site scripting vulnerability that allows authenticated attackers to execute arbitrary JavaScript in other users' browsers by setting a full name containing an HTML payload and triggering an Actions run. When the DEFAULTSHOWFULLNAME option is enabled,...

5.4CVSS
Exploits0References4
Github Security Blog
Github Security Blog
added 3 hours ago2 views

zebrad has unbounded memory leak in mempool download pipeline via timeout path cancel_handles retention

Am I affected You are affected if: 1. You run zebrad up to and including v4.4.1. 2. Your node accepts inbound P2P connections network.listenaddr is set, which is the default. 3. Your node's mempool is active node is synced near the chain tip. All default configurations are affected. Summary The...

5.7AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 3 hours ago3 views

Craft CMS's mass assignment via id in newAttributes during bulk duplicate overwrites existing elements

Summary There is a mass-assignment flaw in the bulk-duplicate element action. Alice, holding only the permission to duplicate an entry she owns, submits an arbitrary id through the newAttributes request parameter. The duplication routine overrides its own id = null reset with that value and write...

7.1CVSS5.9AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 3 hours ago2 views

Mautic has Stored Cross-Site Scripting (XSS) in Project Option Selector

Summary A stored Cross-Site Scripting XSS vulnerability exists in the project selector component of Mautic 7. When rendering selection menus for associating projects with system entities, the application fails to sanitize project names returned via AJAX before injecting them into the DOM as optio...

5.4CVSS5.7AI score0.00133EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 3 hours ago2 views

Zebra has sync restart poisoning from single unauthenticated peer via above-lookahead block

Am I affected You are affected if: 1. You run zebrad up to and including v4.4.1. 2. Your node accepts inbound P2P connections and is syncing or catching up to the chain tip. Summary A malicious peer can answer Zebra's outbound getblocks/FindBlocks request with a small two-hash inventory, then ser...

5.8AI score
Exploits0References2Affected Software2
CVE
CVE
added 3 hours ago4 views

CVE-2026-59102

CVE-2026-59102 affects Forgejo prior to 15.0.3, with a stored XSS in the Actions run page when DEFAULT_SHOW_FULL_NAME is enabled. The description shows that an authenticated attacker can inject an HTML payload into the full name, which is interpolated into an HTML string via a translation functio...

5.4CVSS6AI score
Exploits0References4
ATTACKERKB
ATTACKERKB
added 3 hours ago2 views

CVE-2026-59102

Forgejo before 15.0.3 contains a stored cross-site scripting vulnerability that allows authenticated attackers to execute arbitrary JavaScript in other users' browsers by setting a full name containing an HTML payload and triggering an Actions run. When the DEFAULTSHOWFULLNAME option is enabled,...

5.4CVSS6AI score
Exploits0References5
Cvelist
Cvelist
added 3 hours ago3 views

CVE-2026-59102 Forgejo < 15.0.3 - Stored XSS via Actions Run Full Name Rendering

Forgejo before 15.0.3 contains a stored cross-site scripting vulnerability that allows authenticated attackers to execute arbitrary JavaScript in other users' browsers by setting a full name containing an HTML payload and triggering an Actions run. When the DEFAULTSHOWFULLNAME option is enabled,...

5.4CVSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 3 hours ago3 views

Security Bulletin: Multiple vulnerabilities that affects IBM Db2 Genius Hub

Summary The following dependency packages are being used by IBM Db2 Genius Hub. flatted-3.3.3.tgz , axios-1.15.1.tgz, immutable-4.0.0-rc.12.tgz , lodash-4.17.23.tgz, jspdf-3.0.2.tgz , swiper-11.2.10.tgz , picomatch-2.3.1.tgz , axios-1.12.2.tgz , router-1.23.0.tgz , minimatch-10.2.1.tgz ,...

7.5CVSS5.9AI score0.00521EPSS
Exploits2Affected Software1
Rows per page
Query Builder