Lucene search
K

720 matches found

CVE
CVE
added 2026/04/02 5:54 p.m.8 views

CVE-2026-34610

The CVE affects leancrypto's PQC-focused crypto library. Before 1.7.1, lc_x509_extract_name_segment() truncates size_t vlen to uint8_t for CN length, allowing an attacker to craft a certificate whose CN impersonates the victim’s CN during PKCS#7 verification, certificate chain matching, and code ...

5.9CVSS5.8AI score0.00162EPSS
Exploits0References3Affected Software1
Amazon
Amazon
added 2026/04/01 12:0 a.m.7 views

Medium: runfinch-finch

Issue Overview: Fulcio is a certificate authority for issuing code signing certificates for an OpenID Connect OIDC identity. Prior to 1.8.5, Fulcio's metaRegex function uses unanchored regex, allowing attackers to bypass MetaIssuer URL validation and trigger SSRF to arbitrary internal services...

7.5CVSS6.9AI score0.00728EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2026/03/26 3:16 p.m.4 views

CVE-2026-20699

A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.3, macOS Tahoe 26.4. An app may be able to access user-sensitive data...

6.2CVSS5.8AI score0.00137EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/25 3:31 a.m.10 views

EUVD-2026-15074

A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.3, macOS Tahoe 26.4. An app may be able to access user-sensitive data...

6.2CVSS5.8AI score0.00137EPSS
Exploits0References5
NVD
NVD
added 2026/03/25 1:17 a.m.5 views

CVE-2026-20699

A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.3, macOS Tahoe 26.4. An app may be able to access user-sensitive data...

6.2CVSS0.00137EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/25 12:32 a.m.22 views

CVE-2026-20699

A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.3, macOS Tahoe 26.4. An app may be able to access user-sensitive data...

0.00137EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/25 12:32 a.m.7 views

CVE-2026-20699

A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.3, macOS Tahoe 26.4. An app may be able to access user-sensitive data...

5.8AI score0.00137EPSS
Exploits0References4
CVE
CVE
added 2026/03/25 12:32 a.m.20 views

CVE-2026-20699

CVE-2026-20699 describes a downgrade issue in Intel-based Macs that was addressed with additional code-signing restrictions. Affected products include macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.3 and 26.4. The issue could allow an app to access user-sensitive data. Remediation is t...

6.2CVSS5.8AI score0.00137EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/25 12:32 a.m.3 views

CVE-2026-20699

A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.3, macOS Tahoe 26.4. An app may be able to access user-sensitive data...

5.8AI score0.00137EPSS
Exploits0References5
NVD
NVD
added 2026/03/11 8:16 p.m.10 views

CVE-2026-31961

Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 contains an unbounded memory allocation vulnerability when parsing Mach-O binaries. Exploitation requires that Quill processes an attacker-supplied Mach-O binary, which is most likely in...

5.5CVSS0.001EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/11 7:32 p.m.5 views

CVE-2026-31961

Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 contains an unbounded memory allocation vulnerability when parsing Mach-O binaries. Exploitation requires that Quill processes an attacker-supplied Mach-O binary, which is most likely in...

5.5CVSS5.8AI score0.001EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/03/11 7:32 p.m.6 views

CVE-2026-31961 Unbounded memory allocation in Quill via unvalidated size fields in Mach-O binary parsing

Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 contains an unbounded memory allocation vulnerability when parsing Mach-O binaries. Exploitation requires that Quill processes an attacker-supplied Mach-O binary, which is most likely in...

5.5CVSS5.9AI score0.001EPSS
Exploits0References3
OSV
OSV
added 2026/03/11 12:38 a.m.6 views

GHSA-XJ69-M9QQ-8M94 Quill has unbounded memory allocation via unvalidated size fields in Mach-O binary parsing

Impact Quill before version v0.7.1 contains an unbounded memory allocation vulnerability when parsing Mach-O binaries. Exploitation requires that Quill processes an attacker-supplied Mach-O binary, which is most likely in environments such as CI/CD pipelines, shared signing services, or any...

5.5CVSS5.9AI score0.001EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/03/11 12:38 a.m.6 views

Quill has unbounded memory allocation via unvalidated size fields in Mach-O binary parsing

Impact Quill before version v0.7.1 contains an unbounded memory allocation vulnerability when parsing Mach-O binaries. Exploitation requires that Quill processes an attacker-supplied Mach-O binary, which is most likely in environments such as CI/CD pipelines, shared signing services, or any...

5.5CVSS5.8AI score0.001EPSS
Exploits0References6Affected Software1
SUSE CVE
SUSE CVE
added 2026/02/21 12:24 a.m.3 views

SUSE CVE-2026-24122

Cosign provides code signing and transparency for containers and binaries. In versions 3.0.4 and below, an issuing certificate with a validity that expires before the leaf certificate will be considered valid during verification even if the provided timestamp would mean the issuing certificate...

3.7CVSS5.7AI score0.00197EPSS
Exploits2References6
NVD
NVD
added 2026/02/19 11:16 p.m.18 views

CVE-2026-24122

Cosign provides code signing and transparency for containers and binaries. In versions 3.0.4 and below, an issuing certificate with a validity that expires before the leaf certificate will be considered valid during verification even if the provided timestamp would mean the issuing certificate...

3.7CVSS0.00197EPSS
Exploits2References3
OSV
OSV
added 2026/02/19 11:16 p.m.4 views

DEBIAN-CVE-2026-24122

Cosign provides code signing and transparency for containers and binaries. In versions 3.0.4 and below, an issuing certificate with a validity that expires before the leaf certificate will be considered valid during verification even if the provided timestamp would mean the issuing certificate...

3.7CVSS5.3AI score0.00197EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2026/02/11 12:0 a.m.8 views

PT-2026-27551

Name of the Vulnerable Software and Affected Versions macOS Sequoia versions prior to 15.7.5 macOS Sonoma versions prior to 14.8.5 macOS Tahoe versions prior to 26.4 Description A flaw exists in Intel-based Mac computers that could allow an application to access user-sensitive data. This issue wa...

6.2CVSS5.8AI score0.00137EPSS
Exploits0References7
NVD
NVD
added 2026/02/02 2:16 p.m.10 views

CVE-2026-24070

During the installation of the Native Access application, a privileged helper com.native-instruments.NativeAccess.Helper2, which is used by Native Access to trigger functions via XPC communication like copy-file, remove or set-permissions, is deployed as well. The communication with the XPC servi...

8.8CVSS0.00213EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/02/02 1:15 p.m.6 views

CVE-2026-24070

During the installation of the Native Access application, a privileged helper com.native-instruments.NativeAccess.Helper2, which is used by Native Access to trigger functions via XPC communication like copy-file, remove or set-permissions, is deployed as well. The communication with the XPC servi...

8.8CVSS5.8AI score0.00213EPSS
Exploits1References3
Rows per page
Query Builder