UBUNTU-CVE-2026-8367

aria2c accepts a server certificate with incorrect Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for a different purpose, they may be able to reuse it for TLS server authentication...

Broken hard revocation handling

Before sq-git checks if a commit can be authenticated, it first looks for hard revocations. Because parsing a policy is expensive and a project's policy rarely changes, sq-git has an optimization to only check a policy if it hasn't checked it before. It does this by maintaining a set of policies...

Linux Distros Unpatched Vulnerability : CVE-2021-20179

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again,...

CVE-2025-54417

Craft is a platform for creating digital experiences. Versions 4.13.8 through 4.16.2 and 5.5.8 through 5.8.3 contain a vulnerability that can bypass CVE-2025-23209: "Craft CMS has a potential RCE with a compromised security key". To exploit this vulnerability, the project must meet these...

CVE-2025-54417

CVE-2025-54417 affects Craft CMS: versions 4.13.8–4.16.2 and 5.5.8–5.8.3 contain a bypass of CVE-2025-23209, requiring a compromised security key and ability to create a file under Craft’s /storage/backups. Under these conditions, a crafted request to /updater/restore-db could trigger remote code...

Craft CMS has a theoretical bypass for CVE-2025-23209

Pre-requisites: Have a compromised security key https://craftcms.com/knowledge-base/securing-craftkeep-your-secrets-secret Somehow, manage to create an arbitrary file in Craft’s /storage/backups folder. With those two pieces in place, you could create a specific, malicious request to the...

GHSA-2VCF-QXV3-2MGW Craft CMS has a theoretical bypass for CVE-2025-23209

Pre-requisites: Have a compromised security key https://craftcms.com/knowledge-base/securing-craftkeep-your-secrets-secret Somehow, manage to create an arbitrary file in Craft’s /storage/backups folder. With those two pieces in place, you could create a specific, malicious request to the...

MAL-2025-5425 Malicious code in jun-xss-payload (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fcb0bad0a9a4d062fb4b4b42ac803616eb78ce2cee23746dfc3636d0909ee918 Any computer that has this package installed or running should be considered...

MAL-2025-4289 Malicious code in vite-tsconsole-log (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2d6727c1546f4afc56f343e8f3911a3679df15839cbfcb46f3f561c3de0faa06 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-9471

A privilege escalation PE vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API key to perform actions as a higher privileged PAN-OS administrator. For example, an administrator with...

CVE-2024-9471

CVE-2024-9471 affects Palo Alto Networks PAN-OS XML API. An authenticated administrator with restricted privileges can use a compromised XML API key to perform actions as a higher-privileged administrator (e.g., a read-only virtual-system admin could write changes). The issue arises from privileg...

CVE-2024-8105

A flaw was found in PKfail, a firmware supply-chain issue affecting hundreds of device models in the UEFI ecosystem. The Secure Boot "master key," known as the Platform Key, which manages the Secure Boot databases and maintains the chain of trust from firmware to the operating system, is often no...

CVE-2024-8105

CVE-2024-8105 describes PKfail, a vulnerability where a compromised private Platform Key (PK) can sign malicious UEFI modules, allowing code execution at boot and potential bypass of Secure Boot. Public documents confirm the root cause is insecure PK usage in UEFI signatures, enabling attackers t...

CVE-2024-8105 Insecure Platform Key (PK) used in UEFI system firmware signature

A vulnerability related to the use an insecure Platform Key PK has been discovered. An attacker with the compromised PK private key can create malicious UEFI software that is signed with a trusted key that has been compromised...

MAL-2024-440 Malicious code in wlwz-2312-3000 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0fcf14fd0d80ab5b58044ad2d8faf523f93ab0d0d6500b6a0804284024d9686b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

SUSE CVE-2021-20179

A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked. The highest threat from this vulnerability is to data confidentiality and integrity...

Synth: cannot change approval once set to max value

Handle cmichel Vulnerability details The Synth.approve function performs a no-op if the allowance is currently set to typeuint256.max. This leads to the issue that approvals cannot be changed anymore once they are set to the max value. Impact Imagine someone approving an operator with the max val...

Oracle Linux 8 : pki-core:10.6 (ELSA-2021-0966)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-0966 advisory. pki-core 10.9.4-3.0.1 - Remove redhat reference. 10.9.4-3 - Bug 1933146 - PKI instance creation failed with new 389-ds-base build 10.9.4-2 - CVE-2021-20179: Fix...

DEBIAN-CVE-2021-20179

A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked. The highest threat from this vulnerability is to data confidentiality and integrity...

CVE-2021-20179

A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked. The highest threat from this vulnerability is to data confidentiality and integrity...