994 matches found
CVE-2026-54496 Missing copy constraint in halo2_gadgets variable-base scalar multiplication allows under-constrained base, breaking Orchard Action circuit soundness
ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad 5.0.0, halo2gadgets 0.5.0, orchard 0.14.0, zcashprimitives 0.28.0, and zcashd 6.20.0, the variable-base scalar multiplication gadget in halo2gadgets/src/ecc/chip/mul/incomplete.rs used assignadvice for the base point without a copy...
CVE-2026-54496
CVE-2026-54496 affects Zebrad and related crates (halo2_gadgets, orchard, zcash_primitives, zcashd) prior to fixed versions. Root cause: the variable-base scalar multiplication gadget uses assign_advice() to feed the base point in halo2_gadgets—without a copy constraint tying it to the real base—...
CVE-2026-54496
ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad 5.0.0, halo2gadgets 0.5.0, orchard 0.14.0, zcashprimitives 0.28.0, and zcashd 6.20.0, the variable-base scalar multiplication gadget in halo2gadgets/src/ecc/chip/mul/incomplete.rs used assignadvice for the base point without a copy...
CVE-2026-54496 Missing copy constraint in halo2_gadgets variable-base scalar multiplication allows under-constrained base, breaking Orchard Action circuit soundness
ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad 5.0.0, halo2gadgets 0.5.0, orchard 0.14.0, zcashprimitives 0.28.0, and zcashd 6.20.0, the variable-base scalar multiplication gadget in halo2gadgets/src/ecc/chip/mul/incomplete.rs used assignadvice for the base point without a copy...
Linux Distros Unpatched Vulnerability : CVE-2026-59083
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Handling of URL Encoding Hex Encoding vulnerability in Apache Tomcat's rewrite valve allowed security constraint bypass for some configurations. This...
crypto/x509: Incorrect enforcement of email constraints in crypto/x509
A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly...
RHEL 9 : Red Hat OpenStack Services on OpenShift 18.0 (golang-github-openstack-k8s-operators-os-diff) (RHSA-2026:39810)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:39810 advisory. Security Fixes: net/url: Memory exhaustion in query parameter parsing in net/url CVE-2025-61726 golang: Denial of Service due to excessive...
JLSEC-2026-755 X.509 name constraint bypass via the Subject Common Name when treated as a DNS-type name. A...
X.509 name constraint bypass via the Subject Common Name when treated as a DNS-type name. A certificate whose Subject CN violates an issuing CA's DNS name constraints could be accepted...
JLSEC-2026-696 Certificates with wildcard DNS SANs (e.g. *.example.com) bypassed CA name-constraint checks. A...
Certificates with wildcard DNS SANs e.g. .example.com bypassed CA name-constraint checks. A certificate with a wildcard DNS SAN that should be rejected by the issuing CA's permitted/excluded DNS name constraints could be accepted...
CVE-2026-59083 Apache Tomcat: Incorrect URL decoding in RewriteValve may allow security control bypass
Improper Handling of URL Encoding Hex Encoding vulnerability in Apache Tomcat's rewrite valve allowed security constraint bypass for some configurations. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.23, from 10.1.0-M1 through 10.1.56, from 9.0.0.M1 through 9.0.119, from 8.5.0...
SUSE-SU-2026:2924-1 Security update for gnutls
This update for gnutls fixes the following issues - CVE-2026-3833: incorrectly accepted domain names due to comparison during name constraints processing being case-sensitive bsc1263707. - CVE-2026-5260: heap overread when processing extremely short premaster secret as part of an RSA key exchange...
PT-2026-57700
Name of the Vulnerable Software and Affected Versions Themefic Hydra Booking versions prior to 1.1.45 Description Stored Cross-site Scripting XSS occurs due to improper neutralization of input during web page generation. This allows an attacker to inject malicious scripts that are stored on the...
golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to improper handling of key restrictions
A flaw was found in golang.org/x/crypto/ssh/agent. When a key was added to a remote agent, security restrictions, known as constraint extensions, were not properly processed during the request. This allowed these restrictions to be silently removed when keys were forwarded, leading to the...
sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when "sftp server:/path ." is used with an attacker-controlled server.
...
golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to improper handling of key restrictions
A flaw was found in golang.org/x/crypto/ssh/agent. When a key was added to a remote agent, security restrictions, known as constraint extensions, were not properly processed during the request. This allowed these restrictions to be silently removed when keys were forwarded, leading to the...
golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to improper handling of key restrictions
A flaw was found in golang.org/x/crypto/ssh/agent. When a key was added to a remote agent, security restrictions, known as constraint extensions, were not properly processed during the request. This allowed these restrictions to be silently removed when keys were forwarded, leading to the...
SUSE SLED15: jackson-annotations / jackson-core / jackson-databind / etc (SUSE-SU-2026:2801-1)
"The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2801-1 advisory. This update for jackson-annotations, jackson-bom, jackson-core, jackson-databind, jackson-dataformats- binary...
SUSE-SU-2026:2801-1 Security update for jackson-annotations, jackson-bom, jackson-core, jackson-databind, jackson-dataformats-binary, jackson-modules-base, jackson-parent
This update for jackson-annotations, jackson-bom, jackson-core, jackson-databind, jackson-dataformats-binary, jackson-modules-base, jackson-parent fixes the following issues - CVE-2026-54512: jackson-databind has a PolymorphicTypeValidator bypass via generic type parameters that allows arbitrary...
CVE-2026-59995
sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when "sftp server:/path ." is used with an attacker-controlled server...
DEBIAN-CVE-2026-59995
sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when "sftp server:/path ." is used with an attacker-controlled server...