CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11 matches found

Veracode•added 2026/01/14 8:1 a.m.•5 views

Cryptographic Semantic Binding Flaw

ALTCHA libraries are vulnerable to a cryptographic semantic binding flaw. The vulnerability is due to ambiguous HMAC binding between challenge parameters and the nonce, which allows an attacker to splice or reinterpret a valid proof-of-work submission for example by modifying the expiration value...

6.5CVSS5.9AI score0.00069EPSS

Exploits0References9Affected Software4

Vulnrichment•added 2025/12/18 11:21 a.m.•1 views

CVE-2025-10910 Gaining remote control over Govee devices

A flaw in the binding process of Govee’s cloud platform and devices allows a remote attacker to bind an existing, online Govee device to the attacker’s account, resulting in full control of the device and removal of the device from its legitimate owner’s account. The server‑side API allows device...

9.3CVSS6.4AI score0.00205EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2021-33968

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00477EPSS

Exploits0References5

Tenable Nessus•added 2024/02/29 12:0 a.m.•14 views

CentOS 9 : tang-11-1.el9

The remote CentOS Linux 9 host has a package installed that is affected by a vulnerability as referenced in the tang-11-1.el9 build changelog. - A flaw exists in tang, a network-based cryptographic binding server, which could result in leak of private keys. CVE-2021-4076 Note that Nessus has not...

7.5CVSS7.3AI score0.00477EPSS

Exploits0References2

Ubuntu•added 2023/11/20 4:4 p.m.•29 views

USN-6489-1: Tang vulnerability

Brian McDermott discovered that Tang incorrectly handled permissions when creating/rotating keys. A local attacker could possibly use this issue to read the keys...

5.3CVSS5.6AI score0.00022EPSS

Exploits1

Github Security Blog•added 2023/04/20 9:18 p.m.•41 views

Bypass of CSRF protection in the presence of predictable userInfo

Description The CSRF protection enforced by the @fastify/csrf-protection library in combination with @fastify/cookie can be bypassed from network and same-site attackers under certain conditions. @fastify/csrf-protection supports an optional userInfo parameter that binds the CSRF token to the use...

6.5CVSS6.3AI score0.00321EPSS

Exploits0References8Affected Software1

NVD•added 2023/04/20 6:15 p.m.•14 views

CVE-2023-27495

@fastify/csrf-protection is a plugin which helps protect Fastify servers against CSRF attacks. The CSRF protection enforced by the @fastify/csrf-protection library in combination with @fastify/cookie can be bypassed from network and same-site attackers under certain conditions...

6.5CVSS5.8AI score0.00321EPSS

Exploits0References3

OSV•added 2022/03/02 11:15 p.m.•0 views

UBUNTU-CVE-2021-4076

A flaw exists in tang, a network-based cryptographic binding server, which could result in leak of private keys...

7.5CVSS7.1AI score0.00477EPSS

Exploits0References3

Prion•added 2022/03/02 11:15 p.m.•5 views

Design/Logic Flaw

A flaw exists in tang, a network-based cryptographic binding server, which could result in leak of private keys...

5CVSS7.3AI score0.00477EPSS

Exploits0References3Affected Software1

Veracode•added 2021/12/29 11:28 p.m.•12 views

Information Disclosure

tang is vulnerable to information disclosure. The vulnerability exists due to a lack of sanitization in the network-based cryptographic binding server...

7.5CVSS1.2AI score0.00477EPSS

Exploits0References4Affected Software1

Debian•added 2021/12/19 8:57 a.m.•16 views

[SECURITY] [DSA 5025-1] tang security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5025-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 19, 2021 https://www.debian.org/security/faq -...

7.5CVSS7.3AI score0.00477EPSS

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by