6 matches found
CVE-2026-7511
PKCS7verify signer confusion allows forged signatures, where the signer associated with a signature is not correctly bound, permitting a forged signature to be accepted...
CVE-2026-45028
Astro is a web framework. Astro versions prior to 6.1.10 used AES-GCM encryption to protect the confidentiality and integrity of server island props and slots parameters, but did not bind the ciphertext to its intended component or parameter type. An attacker could replay one component's encrypte...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006753)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006753 advisory. In the Linux kernel, the following vulnerability has been resolved: sctp: initialize more fields in sctpv6fromsk syzbot found that sin6scopeid was not properly...
CVE-2025-56676
TitanSystems Zender v3.9.7 contains an account takeover vulnerability in its password reset functionality. A temporary password or reset token issued to one user can be used to log in as another user, due to improper validation of token-user linkage. This allows remote attackers to gain...
PT-2024-29038
Name of the Vulnerable Software and Affected Versions parisneo/lollms version latest Description The issue is related to arbitrary code execution due to insufficient sanitization of user input. Specifically, the /unInstall binding endpoint is vulnerable, and the problem arises from the lack of pa...
PYSEC-2021-288
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.RaggedTensorToVariant. The implementation has an incomplete validation of the splits values, missing the case...