CVE-2026-42769 Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate

Issue Summary: An error in the callback used to verify the certificate provided in a Root CA key update Certificate Management Protocol CMP message response rendered the certificate validation ineffectual, which could lead to escalation of credentials from the Registration Authority RA level to t...

CVE-2026-42769

Summary: CVE-2026-42769 arises from an error in the CMP Root CA key rollover verification in OpenSSL. A typo in the certificate chain building code caused the verifier to add the wrong certificate ("newWithOld" instead of the intended "oldRoot") to the chain, rendering the verification ineffectiv...

PT-2026-47839

Issue Summary: An error in the callback used to verify the certificate provided in a Root CA key update Certificate Management Protocol CMP message response rendered the certificate validation ineffectual, which could lead to escalation of credentials from the Registration Authority RA level to t...

CVE-2026-8938

The auto making JSON-LD plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the amJLcertification function. This makes it possible for unauthenticated attackers to update the plugin's...

eCPPT-Penetration-Testing-Reports

eCPPT Penetration Testing Reports Penetration testing lab rep...

WordPress plugin auto making JSON-LD 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

WordPress auto making JSON-LD plugin <= 4.5.3 - Cross-Site Request Forgery to Plugin Certification Settings vulnerability

Cross-Site Request Forgery to Plugin Certification Settings vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin auto making JSON-LD versions = 4.5.3...

Encrypted Neural Networks without Overflows

Fully homomorphic encryption FHE enables private inference by evaluating neural networks on encrypted data. In this way, we can delegate the computation to a third party server without ever revealing the user's data. Currently, the CKKS scheme is the backbone of most efficient FHE implementations...

Numerical Security Analysis for Practical Quantum Key Distribution

Quantum key distribution QKD promises information-theoretic security based on quantum mechanics and idealized device models. Practical implementations, however, deviate from these models due to unavoidable device imperfections, and existing security proofs fall short of capturing the complexity o...

Dell ECS 安全漏洞

Dell ECS is an enterprise-level object storage solution from the American company Dell. Versions 3.8.1.0 to 3.8.1.7 of Dell ECS, as well as versions prior to 4.3.0.0 of Dell ObjectScale, have security vulnerabilities. These vulnerabilities stem from a certification bypass in Geo replication, whic...

CVE-2025-13480

creationtimestamp| type| source ---|---|--- 2026-04-20 02:55:00+00:00| seen| https://cert.pl/en/posts/2026/04/CVE-2025-13480 2026-04-20 11:39:05+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjwezimq2l2e...

Description of the security update for SharePoint Server Subscription Edition: April 14, 2026 (KB5002853)

Description of the security update for SharePoint Server Subscription Edition: April 14, 2026 KB5002853 Summary Important: If you're currently running SharePoint Workflow Manager, you must install SharePoint Workflow Manager KB5002799 to your farm before you install this cumulative update. If...

CVE-2025-13822

creationtimestamp| type| source ---|---|--- 2026-04-14 03:55:00+00:00| seen| https://cert.pl/en/posts/2026/04/CVE-2025-13822 2026-04-15 09:42:12+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116408066492828654...

CVE-2026-4901

creationtimestamp| type| source ---|---|--- 2026-04-09 03:55:00+00:00| seen| https://cert.pl/en/posts/2026/04/CVE-2026-4901/ 2026-04-09 11:16:38+00:00| seen| Telegram/nE1gVyn8jRxbZ-OhSUewb4fvVZDT-qjlGTvhk8YiMctdMk 2026-04-09 12:27:44+00:00| seen|...

CVE-2021-3200

creationtimestamp| type| source ---|---|--- 2026-04-02 17:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0395/...

certstrike

CertStrike ADCS exploitation and PKI attack framework with in...

Beyond the Badge: What Achieving Microsoft’s Certified Software Designation Means for Your Cloud Security

Verified by Microsoft. Built for Azure. Secured by Wiz...

CVE-2025-68795

creationtimestamp| type| source ---|---|--- 2026-03-19 00:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/ 2026-04-02 17:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0397/ 2026-04-07 18:00:00+00:00| seen|...

CVE-2023-53168

creationtimestamp| type| source ---|---|--- 2026-03-19 00:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/...

CVE-2022-50380

creationtimestamp| type| source ---|---|--- 2026-03-19 00:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/...