CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/06/09 12:0 a.m.•30 views

CVE-2026-36721

A lack of cryptographic signature verification in the validateAccessToken function of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token...

0.00268EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:26 p.m.•7 views

CVE-2026-48480

The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.22.FInal, the codec-ohttp implementation of draft-ietf-ohai-chunked-ohttp does not verify that a cryptographically-signed final chunk was received before the outer HTTP body terminates. An on-path adversar...

8.7CVSS5.5AI score0.00167EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:11 p.m.•5 views

CVE-2026-44905

Vanetza is an open-source implementation of the ETSI C-ITS protocol suite. In 26.02 and earlier, a denial-of-service vulnerability was identified in the cryptographic verification pipeline of Vanetza. When processing incoming V2X messages, the ASN.1 decoder accepts the structure as syntactically...

7.5CVSS5.5AI score0.00202EPSS

Exploits0References1

Positive Technologies•added 2026/05/28 12:0 a.m.•23 views

PT-2026-44498

Name of the Vulnerable Software and Affected Versions Charging controller affected versions not specified Description A firmware update mechanism fails to validate the authenticity of firmware packages delivered through the device's management interface. Due to the lack of cryptographic signature...

9.3CVSS6AI score0.00224EPSS

Exploits0References4

ATTACKERKB•added 2026/05/26 9:18 p.m.•7 views

CVE-2026-44905

Exploits0References3Affected Software1

EUVD•added 2026/05/26 9:18 p.m.•9 views

EUVD-2026-32006

Vulnrichment•added 2026/05/26 9:18 p.m.•7 views

CVE-2026-44905 Vanetza: Remote Denial of Service via Uncaught OER Encoding Exception in Cryptographic Verification

Cvelist•added 2026/05/26 9:18 p.m.•31 views

CVE-2026-44905 Vanetza: Remote Denial of Service via Uncaught OER Encoding Exception in Cryptographic Verification

7.5CVSS0.00202EPSS

CVE•added 2026/05/26 9:18 p.m.•16 views

CVE-2026-44905

Vanetza (ETSI C-ITS) contains a denial-of-service condition in 26.02 and earlier due to a logic flaw in the cryptographic verification path. An incoming V2X certificate with a Psid subtype violation can be parsed syntactically, but semantic checks are not enforced until re-encoding during Straigh...

Positive Technologies•added 2026/05/26 12:0 a.m.•9 views

PT-2026-43425

Name of the Vulnerable Software and Affected Versions Vanetza versions 26.02 and earlier Description A denial-of-service issue exists in the cryptographic verification pipeline. When processing incoming V2X messages, the ASN.1 decoder accepts structures as syntactically valid even if semantic...

CNNVD•added 2026/05/25 12:0 a.m.•9 views

Exploits0References4

Krajowa Izba Rozliczeniowa Szafir SDK 安全漏洞

Krajowa Izba Rozliczeniowa Szafir SDK is an electronic signature development kit from Krajowa Izba Rozliczeniowa, Poland. A security vulnerability exists in the Krajowa Izba Rozliczeniowa Szafir SDK that stems from the cryptographic digital signature verification process returning a success statu...

9.3CVSS5.9AI score0.00307EPSS

OSV•added 2026/05/21 7:38 p.m.•9 views

GHSA-799F-29JM-GR6C nimiq-primitives: BlockInclusionProof interlink issue when hops are empty

Impact A logic flaw in BlockInclusionProof::isblockproven causes the function to return true without performing any cryptographic verification when getinterlinkhops yields an empty hop list. This occurs when the target block is at the election block position immediately preceding the election...

5.9CVSS5.8AI score0.0015EPSS

Exploits0References6

Positive Technologies•added 2026/05/21 12:0 a.m.•7 views

PT-2026-42602

Impact A logic flaw in BlockInclusionProof::is block proven causes the function to return true without performing any cryptographic verification when get interlink hops yields an empty hop list. This occurs when the target block is at the election block position immediately preceding the election...

5.9CVSS5.8AI score

Exploits0References6

Snyk•added 2026/04/15 10:13 a.m.•7 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the verifybyte expected function in JcaContentVerifierProviderBuilder. An attacker can forge a protected CMP/PKI message by supplying an empty composite signature sequence that...

9.2CVSS5.7AI score0.00259EPSS

Snyk•added 2026/04/01 10:13 p.m.•4 views

Improper Verification of Cryptographic Signature

Overview @stablelib/ed25519 is an Ed25519 public-key signature EdDSA with Curve25519 Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the verify function. An attacker can generate a second distinct valid signature for the same message withou...

9.1CVSS5.9AI score

Rosalinux•added 2026/03/22 9:25 p.m.•9 views

Advisory ROSA-SA-2026-3247

software: libreoffice 24.8.7.2 OS: ROSA-CHROME unaffected versions = libreoffice-24.8.7.2 affected versions libreoffice-24.8.7.2 CVE-ID: CVE-2025-2866 BDU-ID: 2025-05910 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the LibreOffice office suite is related to incorrect cryptographic signature...

5.5CVSS5.8AI score0.00096EPSS

Exploits0

EUVD•added 2026/03/20 9:32 a.m.•6 views

EUVD-2026-13602

A vulnerability was identified in Yi Technology YI Home Camera 2 2.1.120171024151200. This impacts an unknown function of the file home/web/ipc of the component HTTP Firmware Update Handler. The manipulation leads to improper verification of cryptographic signature. The attack is possible to be...

9.2CVSS6.3AI score0.00272EPSS

Exploits0References4

NVD•added 2026/03/20 7:16 a.m.•2 views

CVE-2026-4478

9.2CVSS0.00272EPSS