EUVD-2026-33002

A firmware update mechanism in the affected charging controller fails to validate the authenticity of firmware packages delivered through the device's management interface. Because cryptographic signatures are not verified, an attacker with the ability to interfere with or impersonate the...

CVE-2026-9037

A firmware update mechanism in the affected charging controller fails to validate the authenticity of firmware packages delivered through the device's management interface. Because cryptographic signatures are not verified, an attacker with the ability to interfere with or impersonate the...

EUVD-2024-43269

Malicious code in bioql PyPI...

CVE-2023-25656

notation-go is a collection of libraries for supporting Notation sign, verify, push, and pull of oci artifacts. Prior to version 1.0.0-rc.3, notation-go users will find their application using excessive memory when verifying signatures. The application will be killed, and thus availability is...

Zoom Workplace Denial of Service Vulnerability

Zoom Workplace is an AI-first collaboration platform from Zoom that integrates core features such as team communication, meetings, document collaboration, and a built-in AI Companion smart assistant to boost productivity. Zoom Workplace suffers from a denial-of-service vulnerability that stems fr...

GE Vernova UR IED 数据伪造问题漏洞

The GE Vernova UR IED is a series of protective relays from GE Vernova, USA. A data forgery issue vulnerability exists in the GE Vernova UR IED that stems from insufficient validation of data authenticity and could result in the installation of modified firmware...

2N Access Commander 安全漏洞

2N Access Commander is an access control solution from 2N. A security vulnerability exists in 2N Access Commander version 3.1.1.2 and prior versions, which stems from the presence of a Data Authenticity Validation Insufficiency vulnerability that allows an attacker to elevate its privileges and...

AMD UltraScale Data Forgery Issue Vulnerability

AMD UltraScale is a family of chips from the American company UltraMicroelectronics AMD. AMD UltraScale suffers from a security vulnerability that stems from insufficient data authenticity validation...

CVE-2022-25333 Flawed SK_LOAD module authenticity check in Texas Instruments OMAP L138

The Texas Instruments OMAP L138 secure variants trusted execution environment TEE performs an RSA check implemented in mask ROM when loading a module through the SKLOAD routine. However, only the module header authenticity is validated. An adversary can re-use any correctly signed header and appe...

CVE-2023-31442

In Lightbend Akka before 2.8.1, the async-dns resolver used by Discovery in DNS mode and transitively by Cluster Bootstrap uses predictable DNS transaction IDs when resolving DNS records, making DNS resolution subject to poisoning by an attacker. If the application performing discovery does not...

AMI MegaRAC 数据伪造问题漏洞

AMI MegaRAC is a family of service processor products from AMI. Complete out-of-band or unlit remote management of computer systems independent of operating system state or location is available to troubleshoot computers and ensure service continuity. A security vulnerability exists in AMI MegaRA...

GHSA-87X9-7GRX-M28V notation-go has excessive memory allocation on verification

Impact notation-go users will find their application using excessive memory when verifying signatures and the application will be finally killed, and thus availability is impacted. Patches The problem has been patched in the release v1.0.0-rc.3. Users should upgrade their notation-go packages to...

CVE-2023-25656

notation-go is a collection of libraries for supporting Notation sign, verify, push, and pull of oci artifacts. Prior to version 1.0.0-rc.3, notation-go users will find their application using excessive memory when verifying signatures. The application will be killed, and thus availability is...

Design/Logic Flaw

notation-go is a collection of libraries for supporting Notation sign, verify, push, and pull of oci artifacts. Prior to version 1.0.0-rc.3, notation-go users will find their application using excessive memory when verifying signatures. The application will be killed, and thus availability is...

CVE-2023-25656 notation-go has excessive memory allocation on verification

notation-go is a collection of libraries for supporting Notation sign, verify, push, and pull of oci artifacts. Prior to version 1.0.0-rc.3, notation-go users will find their application using excessive memory when verifying signatures. The application will be killed, and thus availability is...

CVE-2023-25656

notation-go is a collection of libraries for supporting Notation sign, verify, push, and pull of oci artifacts. Prior to version 1.0.0-rc.3, notation-go users will find their application using excessive memory when verifying signatures. The application will be killed, and thus availability is...

CVE-2023-25656

The CVE affects notation-go (notaryproject) prior to 1.0.0-rc.3, where signature verification may cause memory exhaustion leading to process death and availability impact. Root cause is excessive memory use during verification; a patch is available in v1.0.0-rc.3. Remediation: upgrade to v1.0.0-r...

CVE-2023-25656 notation-go has excessive memory allocation on verification

notation-go is a collection of libraries for supporting Notation sign, verify, push, and pull of oci artifacts. Prior to version 1.0.0-rc.3, notation-go users will find their application using excessive memory when verifying signatures. The application will be killed, and thus availability is...

SAMSUNG Mobile devices 数据伪造问题漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, and more, from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices Android Q10 prior to 2.6.30.6, Android R11 prior to 3.1.21.10, and Android S12 prior to...

Hewlett Packard Enterprise OneView 数据伪造问题漏洞

Hewlett Packard Enterprise OneView is a software from Hewlett Packard Enterprise that facilitates automated device management for IT departments. Hewlett Packard Enterprise OneView has a security vulnerability that stems from inadequate validation of data authenticity vulnerabilities in hybrid...