Lucene search
K

68 matches found

OSV
OSV
added 2026/07/02 8:32 p.m.2 views

GHSA-4J9M-H44M-2HV8 Steeltoe: OAEP setting silently selects PKCS#1 v1.5 padding

Summary Configuring encrypt:rsa:algorithm=OAEP does not enable OAEP encryption. Due to an incorrect BouncyCastle transformation string, the OAEP setting selects PKCS1 v1.5, which is the same algorithm as the DEFAULT setting. Impact Operators who configure encrypt:rsa:algorithm=OAEP to obtain...

1.9CVSS5.8AI score0.00046EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 a.m.12 views

CVE-2026-41694

Since Spring Security SAML decrypts SAML Responses as well as elements of SAML LogoutRequests and LogoutResponses without requiring a valid signature, attackers may be able to craft these SAML payloads and use the Service Provider as a decryption oracle. Affected versions: Spring Security 5.7.0...

5.3CVSS5.5AI score0.00137EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 12:31 a.m.10 views

EUVD-2026-35889

Since Spring Security SAML decrypts SAML Responses as well as elements of SAML LogoutRequests and LogoutResponses without requiring a valid signature, attackers may be able to craft these SAML payloads and use the Service Provider as a decryption oracle. Affected versions: Spring Security 5.7.0...

3.7CVSS5.5AI score0.00137EPSS
Exploits0References2
NVD
NVD
added 2026/06/10 12:16 a.m.24 views

CVE-2026-41694

Since Spring Security SAML decrypts SAML Responses as well as elements of SAML LogoutRequests and LogoutResponses without requiring a valid signature, attackers may be able to craft these SAML payloads and use the Service Provider as a decryption oracle. Affected versions: Spring Security 5.7.0...

5.3CVSS0.00137EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-42768

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: The CMSdecrypt and PKCS7decrypt functions are vulnerable to Bleichenbacher-style attack when an attacker is able to provide the CMS or S/MIME...

3.7CVSS5.7AI score0.0035EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/09 11:47 p.m.8 views

CVE-2026-41694 SAML Payloads Decrypted Without Valid Signature

Since Spring Security SAML decrypts SAML Responses as well as elements of SAML LogoutRequests and LogoutResponses without requiring a valid signature, attackers may be able to craft these SAML payloads and use the Service Provider as a decryption oracle. Affected versions: Spring Security 5.7.0...

3.7CVSS5.5AI score0.00137EPSS
Exploits0References1
OSV
OSV
added 2026/06/09 11:47 p.m.3 views

CVE-2026-41694 SAML Payloads Decrypted Without Valid Signature

Since Spring Security SAML decrypts SAML Responses as well as elements of SAML LogoutRequests and LogoutResponses without requiring a valid signature, attackers may be able to craft these SAML payloads and use the Service Provider as a decryption oracle. Affected versions: Spring Security 5.7.0...

3.7CVSS5.9AI score0.00137EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/09 11:47 p.m.38 views

CVE-2026-41694 SAML Payloads Decrypted Without Valid Signature

Since Spring Security SAML decrypts SAML Responses as well as elements of SAML LogoutRequests and LogoutResponses without requiring a valid signature, attackers may be able to craft these SAML payloads and use the Service Provider as a decryption oracle. Affected versions: Spring Security 5.7.0...

3.7CVSS0.00137EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 11:47 p.m.46 views

CVE-2026-41694

Summary: CVE-2026-41694 affects Spring Security SAML, where SAML Responses and parts of LogoutRequests/LogoutResponses are decrypted without requiring a valid signature. This enables an attacker to craft SAML payloads and use the Service Provider as a decryption oracle. Affected versions (per sou...

5.3CVSS5.5AI score0.00137EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/06/09 4:3 p.m.2 views

CVE-2026-34182 CMS AuthEnvelopedData Processing May Accept Forged Messages

Issue Summary: Cryptographic Message Services CMS processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers, leading to various potential compromises. Impact Summary: Attackers making use of these vulnerabilities may achieve...

9.1CVSS7AI score0.00237EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.20 views

PT-2026-48310

Name of the Vulnerable Software and Affected Versions Spring Security versions 5.7.0 through 5.7.23 Spring Security versions 5.8.0 through 5.8.25 Spring Security versions 6.3.0 through 6.3.16 Spring Security versions 6.4.0 through 6.4.16 Spring Security versions 6.5.0 through 6.5.10 Spring Securi...

5.3CVSS5.2AI score0.00137EPSS
Exploits0References5
Snyk
Snyk
added 2026/06/09 12:0 a.m.5 views

Information Exposure

Overview org.springframework.security:spring-security-saml2-service-provider is a security component for the Spring Framework. Affected versions of this package are vulnerable to Information Exposure via SAML message decryption prior to signature validation. An attacker can use the Service Provid...

6.3CVSS5.4AI score0.00137EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2017-4610

Malware in sbrugna...

7.8CVSS7.8AI score0.00455EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2017-4609

Malware in sbrugna...

7.8CVSS7.8AI score0.00455EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-6436

Malware in sbrugna...

6.5CVSS6.3AI score0.01476EPSS
Exploits0References16
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-28751

Malicious code in bioql PyPI...

6.8CVSS6.7AI score0.0025EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.23 views

RHEL 5 : wpa_supplicant (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - wpasupplicant: local configuration update allows privilege escalation CVE-2016-4477 - wpasupplicant:...

7.9AI score0.02388EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2023/10/21 12:0 a.m.43 views

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : wpa_supplicant and hostapd vulnerability (USN-3745-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3745-1 advisory. It was discovered that wpasupplicant and hostapd incorrectly handled certain messages. An attacker could possibly use this to access...

6.5CVSS6.6AI score0.01476EPSS
Exploits0References2
OSV
OSV
added 2023/03/09 10:13 a.m.15 views

SUSE-SU-2023:0684-1 Security update for openssl

This update for openssl fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GeneralNameFixed bsc1207533. - CVE-2023-0215: Fixed a use-after-free following BIOnewNDEF bsc1207536. - CVE-2022-4304: Fixed a timing oracle in RSA decryption bsc1207534. The following...

7.5CVSS6.9AI score0.59501EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2023/02/15 4:25 a.m.5 views

SUSE CVE-2018-14526

An issue was discovered in rsnsupp/wpa.c in wpasupplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive...

5.9CVSS6.9AI score0.01476EPSS
Exploits0References13
Rows per page
Query Builder