11390 matches found
CVE-2026-22097 Missing firmware validation allows remote code execution
The firmware update mechanism does not include cryptographic signature validation. This allows anyone with access to the firmware update capability to upload arbitrary files which can then lead to arbitrary code execution...
openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing
A flaw was found in OpenSSL. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax CMS EnvelopedData message. During the processing of a KeyTransportRecipientInfo with RSA-OAEP encryption, the system attempts to access an optional parameter...
Moderate: Red Hat Security Advisory: openssl security update
An update for openssl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
[SECURITY] Fedora 44 Update: p11-kit-0.26.4-1.fc44
p11-kit provides a way to load and enumerate PKCS11 modules, as well as a standard configuration setup for installing PKCS11 modules in such a way that they're discoverable...
CVE-2026-55207
Pimcore is an Open Source Data & Experience Management Platform. Prior to 2025.4.6 and 2026.1.6, an unauthenticated attacker who knows a valid admin username can take over any Pimcore admin account by sending a password reset request with an attacker-controlled resetPasswordUrl. The server...
CVE-2026-9027
The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to Payment Bypass via Improper Verification of Cryptographic Signature in all versions up to, and including, 2.7.4. The corvuspaysuccesshandler function registers the REST endpoint POST /wp-json/corvuspay/success/ with...
CVE-2026-9027 CorvusPay WooCommerce Payment Gateway <= 2.7.4 - Unauthenticated Improper Verification of Cryptographic Signature to Payment Bypass via /wp-json/corvuspay/success/ REST Endpoint
The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to Payment Bypass via Improper Verification of Cryptographic Signature in all versions up to, and including, 2.7.4. The corvuspaysuccesshandler function registers the REST endpoint POST /wp-json/corvuspay/success/ with...
openCryptoki: openCryptoki: Information disclosure and Denial of Service via malformed BER-encoded cryptographic objects
A flaw was found in openCryptoki, a PKCS11 Cryptographic Token Interface Standard library. The BER/DER Basic Encoding Rules/Distinguished Encoding Rules decoding functions in the shared common library do not properly validate attacker-controlled length fields against actual buffer boundaries. Thi...
openCryptoki: openCryptoki: Information disclosure and Denial of Service via malformed BER-encoded cryptographic objects
A flaw was found in openCryptoki, a PKCS11 Cryptographic Token Interface Standard library. The BER/DER Basic Encoding Rules/Distinguished Encoding Rules decoding functions in the shared common library do not properly validate attacker-controlled length fields against actual buffer boundaries. Thi...
CVE-2026-44877
An unauthenticated remote disclosure vulnerability has been identified in HPE Networking Instant On 1830, 1930, and 1960 Switches. Successful exploitation of this vulnerability could allow an unauthenticated remote threat actor to access sensitive cryptographic secrets on a vulnerable system...
CVE-2026-44877
CVE-2026-44877 affects HPE Networking Instant On 1830, 1930, and 1960 switches. It is described as an unauthenticated remote disclosure vulnerability that could allow a remote attacker to access sensitive cryptographic secrets on a vulnerable system. CVSS‑3.1 metrics indicate Network access, Low ...
CVE-2026-44877
An unauthenticated remote disclosure vulnerability has been identified in HPE Networking Instant On 1830, 1930, and 1960 Switches. Successful exploitation of this vulnerability could allow an unauthenticated remote threat actor to access sensitive cryptographic secrets on a vulnerable system...
CVE-2026-44877 Unauthenticated Remote Disclosure of Cryptographic Secrets
An unauthenticated remote disclosure vulnerability has been identified in HPE Networking Instant On 1830, 1930, and 1960 Switches. Successful exploitation of this vulnerability could allow an unauthenticated remote threat actor to access sensitive cryptographic secrets on a vulnerable system...
CVE-2026-11348
Improper verification of cryptographic signature vulnerability in HAVELSAN Inc. Liman MYS allows Fake the Source of Data. This issue affects Liman MYS: before release.Master.1107...
CVE-2026-11348
The CVE-2026-11348 vulnerability affects HAVELSAN Liman MYS (before release.Master.1107) and is caused by improper verification of a cryptographic signature. The entry indicates a remote attack vector (Network) with high impact across confidentiality, integrity, and availability (CVSS v3.1: 8.1, ...
CVE-2026-11348 Authentication Bypass in HAVELSAN's Open Source Project Liman MYS
Improper verification of cryptographic signature vulnerability in HAVELSAN Inc. Liman MYS allows Fake the Source of Data. This issue affects Liman MYS: before release.Master.1107...
EUVD-2026-42034
Improper verification of cryptographic signature vulnerability in HAVELSAN Inc. Liman MYS allows Fake the Source of Data. This issue affects Liman MYS: before release.Master.1107...
Ubuntu 26.04 LTS : Linux kernel (NVIDIA) vulnerabilities (USN-8507-1)
"The remote Ubuntu 26.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8507-1 advisory. It was discovered that some AMD processors did not properly clear data in the floating point divider unit during speculative execution. A local attacker...
CVE-2026-21383
Cryptographic Issue when using a static initialization vector for AES-GCM key wrapping, which requires a unique value for each call to ensure security...
DEBIAN-CVE-2026-41515
OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.9.0 and prior to version 4.11.0, the RSA-OAEP decryption implementation in the NXP CAAM crypto driver uses...