Lucene search
+L

508 matches found

NVD
NVD
added 2026/05/20 4:16 p.m.16 views

CVE-2023-7346

Ledger Bitcoin app versions 2.1.0 and 2.1.1 contain an address derivation vulnerability that allows attackers to cause incorrect Bitcoin addresses to be displayed by exploiting improper handling of miniscript policies containing the a: fragment. Attackers can craft malicious miniscript policies...

4.1CVSS0.0014EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/20 2:13 p.m.6 views

CVE-2023-7346 Ledger Bitcoin App 2.1.0 Address Derivation Error via Miniscript

Ledger Bitcoin app versions 2.1.0 and 2.1.1 contain an address derivation vulnerability that allows attackers to cause incorrect Bitcoin addresses to be displayed by exploiting improper handling of miniscript policies containing the a: fragment. Attackers can craft malicious miniscript policies...

4.1CVSS5.8AI score0.0014EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/20 2:13 p.m.10 views

CVE-2023-7346

Ledger Bitcoin app versions 2.1.0 and 2.1.1 contain an address derivation vulnerability that allows attackers to cause incorrect Bitcoin addresses to be displayed by exploiting improper handling of miniscript policies containing the a: fragment. Attackers can craft malicious miniscript policies...

4.1CVSS5.8AI score0.0014EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/05/20 2:13 p.m.10 views

EUVD-2023-60577

Ledger Bitcoin app versions 2.1.0 and 2.1.1 contain an address derivation vulnerability that allows attackers to cause incorrect Bitcoin addresses to be displayed by exploiting improper handling of miniscript policies containing the a: fragment. Attackers can craft malicious miniscript policies...

4.1CVSS5.8AI score0.0014EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/20 2:13 p.m.41 views

CVE-2023-7346 Ledger Bitcoin App 2.1.0 Address Derivation Error via Miniscript

Ledger Bitcoin app versions 2.1.0 and 2.1.1 contain an address derivation vulnerability that allows attackers to cause incorrect Bitcoin addresses to be displayed by exploiting improper handling of miniscript policies containing the a: fragment. Attackers can craft malicious miniscript policies...

4.1CVSS0.0014EPSS
Exploits0References2
CVE
CVE
added 2026/05/20 2:13 p.m.24 views

CVE-2023-7346

Technical details (affected versions, exploit methods, mitigations) are not publicly provided in the supplied documents. Monitor for updates from official sources.

4.1CVSS5.8AI score0.0014EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/20 12:47 p.m.13 views

jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication

A flaw was found in pgjdbc, an open-source PostgreSQL JDBC Driver. A malicious server can exploit this vulnerability by instructing the driver to perform SCRAM-SHA-256 Salted Challenge Response Authentication Mechanism Secure Hash Algorithm 256 authentication with an excessively large iteration...

7.5CVSS5.7AI score0.0077EPSS
Exploits0References6
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in mbedtls

There is a denial-of-service vulnerability in mbed TLS 3.0.0 and earlier versions, specifically in the mbedtlspkcs12derivation function, when the length of the input password is 0...

7.5CVSS6.3AI score0.02214EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: NFS: Fixed an error in nfsdautomount When mounting from an NFSv4 reference, path-dentry may end up being a negative dentry. Therefore, the struct nfsserver structure is derived from the dentry itself instead...

5.5CVSS5.9AI score0.00146EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.19 views

PT-2026-42182

Ledger Bitcoin app versions 2.1.0 and 2.1.1 contain an address derivation vulnerability that allows attackers to cause incorrect Bitcoin addresses to be displayed by exploiting improper handling of miniscript policies containing the a: fragment. Attackers can craft malicious miniscript policies...

4.1CVSS5.8AI score0.0014EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/05/19 9:6 a.m.53 views

Moderate: Red Hat Security Advisory: p11-kit security update

An update for p11-kit is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

7.5CVSS5.8AI score0.0116EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/12 3:9 p.m.13 views

sealed-env: TOTP secret embedded in unseal token payload (enterprise mode)

In sealed-env enterprise mode, versions 0.1.0-alpha.1 through 0.1.0-alpha.3 embedded the operator's literal TOTP secret in the JWS payload of every minted unseal token. JWS payload is base64-encoded JSON, NOT encrypted. Any party who could observe a minted token CI build logs, container env dumps...

9.1CVSS5.8AI score0.00326EPSS
Exploits1References3Affected Software2
NVD
NVD
added 2026/05/12 10:16 a.m.22 views

CVE-2025-40946

A vulnerability has been identified in blueplanet 100 NX3 M8 All versions, blueplanet 100 TL3 GEN2 All versions V6.1.4.9, blueplanet 105 TL3 All versions, blueplanet 105 TL3 GEN2 All versions V6.1.4.9, blueplanet 110 TL3 All versions, blueplanet 125 NX3 M10 All versions, blueplanet 125 TL3 All...

8.3CVSS0.00186EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/12 8:20 a.m.6 views

CVE-2025-40946

A vulnerability has been identified in blueplanet 100 NX3 M8 All versions, blueplanet 100 TL3 GEN2 All versions V6.1.4.9, blueplanet 105 TL3 All versions, blueplanet 105 TL3 GEN2 All versions V6.1.4.9, blueplanet 110 TL3 All versions, blueplanet 125 NX3 M10 All versions, blueplanet 125 TL3 All...

8.3CVSS7.2AI score0.00186EPSS
Exploits0References2
CVE
CVE
added 2026/05/12 8:20 a.m.32 views

CVE-2025-40946

CVE-2025-40946 affects a wide range of blueplanet devices (NX3/TL3/TL3-S/TL3-GEN2, gridsafe, hybrid) across many models and versions. The root cause is a CRC16-based algorithm used to generate Technical Service credentials, which could enable an attacker to derive credentials from a device serial...

8.3CVSS7.2AI score0.00186EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 8:20 a.m.13 views

CVE-2025-40946

A vulnerability has been identified in blueplanet 100 NX3 M8 All versions, blueplanet 100 TL3 GEN2 All versions V6.1.4.9, blueplanet 105 TL3 All versions, blueplanet 105 TL3 GEN2 All versions V6.1.4.9, blueplanet 110 TL3 All versions, blueplanet 125 NX3 M11 All versions, blueplanet 125 TL3 All...

8.3CVSS5.7AI score0.00186EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/05/12 3:31 a.m.44 views

SUSE CVE-2026-43289

In the Linux kernel, the following vulnerability has been resolved: kexec: derive purgatory entry from symbol kexecloadpurgatory derives image-start by locating eentry inside an SHFEXECINSTR section. If the purgatory object contains multiple executable sections with overlapping shaddr, the...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.15 views

PT-2026-39979

A vulnerability has been identified in blueplanet 100 NX3 M8 All versions, blueplanet 100 TL3 GEN2 All versions V6.1.4.9, blueplanet 105 TL3 All versions, blueplanet 105 TL3 GEN2 All versions V6.1.4.9, blueplanet 110 TL3 All versions, blueplanet 125 NX3 M11 All versions, blueplanet 125 TL3 All...

8.3CVSS5.7AI score0.00186EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/11 6:31 p.m.9 views

EUVD-2026-29105

In Meari IoT SDK image handling libmrplayer.so as observed in CloudEdge 5.5.0 build 220, Arenti 1.8.1 build 220, and related white-label apps = 1.8.x, baby monitor ".jpgx3" files use reversible XOR over only the first 1024 bytes with a predictable key derivation model...

7.5CVSS5.8AI score0.00167EPSS
Exploits0References3
NVD
NVD
added 2026/05/11 5:16 p.m.14 views

CVE-2026-33361

In Meari IoT SDK image handling libmrplayer.so as observed in CloudEdge 5.5.0 build 220, Arenti 1.8.1 build 220, and related white-label apps = 1.8.x, baby monitor ".jpgx3" files use reversible XOR over only the first 1024 bytes with a predictable key derivation model...

7.5CVSS0.00167EPSS
Exploits0References2
Rows per page
Query Builder