Lucene search
K

110 matches found

Cvelist
Cvelist
added 6 days ago20 views

CVE-2026-6412 Continued acceptance of SHA-1/MD5 digests in certificate processing

Certificate policy and RFC 8446 compliance concerns regarding the continued acceptance of SHA-1/MD5 in certificate processing...

2.3CVSS0.00074EPSS
Exploits0References2
CVE
CVE
added 6 days ago11 views

CVE-2026-6412

Technical details about CVE-2026-6412 are not publicly available in the provided documents. Monitor for updates from the cited sources (WolfSSL, NVD, Debian tracker, CVE List, OSV, EUVD, etc.).

4.3CVSS5.8AI score0.00074EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.11 views

Squid < 7.6 Heap-based Buffer Overflow

The version of Squid on the remote host is prior to 7.6. It is, therefore, affected by a heap-based buffer overflow vulnerability: - Due to an Improper Input Validation bug, Squid is vulnerable to a Heap-based Buffer Overflow attack against cache digests. This problem allows a trusted server to...

6AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.17 views

PT-2026-49606

Name of the Vulnerable Software and Affected Versions squid-cache Squid affected versions not specified Description A heap-based buffer overflow occurs during the processing of cache digests. A heap-based buffer overflow is a memory corruption issue where a program writes more data to a buffer...

6.4AI score
Exploits0References11
Microsoft CVE
Microsoft CVE
added 2026/05/28 8:6 a.m.6 views

crypto: authencesn - reject short ahash digests during instance creation

...

7.3CVSS5.4AI score0.00129EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/28 12:0 a.m.11 views

Strengthening Polymorphic Prompt Assembling: Dynamic Separator Generation against Emerging Prompt Injection Attacks

Polymorphic Prompt Assembling PPA defends LLM agents against prompt injections by randomly selecting separator pairs from a fixed pool to isolate user input from system instructions. Although effective, static pool reuse exposes a blast-radius vulnerability: once a separator leaks, it can be...

5.8AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/27 12:56 p.m.6 views

CVE-2026-46033

In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - reject short ahash digests during instance creation authencesn requires either a zero authsize or an authsize of at least 4 bytes because the ESN encrypt/decrypt paths always move 4 bytes of high-order sequen...

5.7AI score0.00129EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2026/05/27 12:56 p.m.31 views

CVE-2026-46033

The CVE-2026-46033 issue in the Linux kernel crypto/authencesn was fixed: authenc ESN paths require either a zero authsize or an authsize of at least 4 bytes, but a later path could copy digestsize into inst-&gt;alg.maxauthsize without validation, allowing ahash digests of 1–3 bytes (e.g., cbcmac...

7.1CVSS5.8AI score0.00129EPSS
Exploits0References11Affected Software1
UbuntuCve
UbuntuCve
added 2026/05/27 12:0 a.m.12 views

CVE-2026-46033

crypto: authencesn - reject short ahash digests during instance creation...

5.8AI score0.00129EPSS
Exploits0References2
OSV
OSV
added 2026/05/22 1:45 p.m.9 views

MAL-2026-4677 Malicious code in swift-optimizer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c54f35da6df5cef65715d49fb7942aff442ee9a0cb486862031e5009277db3a On npm install, [email protected] runs scripts/install-binary.js as a postinstall hook. The script is a hand-rolled JavaScript bytecode VM 123 KB...

5.9AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/07 9:40 a.m.31 views

CVE-2026-43859

A flaw was found in mutt, an email client, where it mishandles cryptographic digests used for IMAP Internet Message Access Protocol authentication. This incorrect handling could lead to a low integrity impact, potentially allowing a remote attacker to subtly affect the authentication process...

3.7CVSS5.8AI score0.00162EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.9 views

PT-2026-49605

Name of the Vulnerable Software and Affected Versions Squid versions prior to 7.6 Description A memory leak issue known as Squidbleed exists in the Squid web proxy. The flaw originates from a 1997 code change in the FTP directory-listing parser, where a misunderstanding of how the strchr function...

6.8CVSS5.9AI score
Exploits1References71
Tenable Nessus
Tenable Nessus
added 2026/04/10 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-5194

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Missing hash/digest size and OID checks allow digests smaller than allowed when verifying ECDSA certificates, or smaller than is appropriate for the relevant ke...

9.3CVSS7AI score0.00468EPSS
Exploits1References3
Snyk
Snyk
added 2026/04/09 9:7 p.m.4 views

Improper Certificate Validation

Overview wolfssl is a None Affected versions of this package are vulnerable to Improper Certificate Validation. due to missing hash/digest size and OID checks in the certificate verification process. An attacker can bypass signature verification by providing digests smaller than allowed when...

9.9CVSS6.6AI score0.00468EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/09 7:30 p.m.24 views

CVE-2026-5194 wolfSSL ECDSA Certificate Verification

Missing hash/digest size and OID checks allow digests smaller than allowed when verifying ECDSA certificates, or smaller than is appropriate for the relevant key type, to be accepted by signature verification functions. This could lead to reduced security of ECDSA certificate-based authentication...

9.3CVSS0.00468EPSS
Exploits1References1
Snyk
Snyk
added 2026/04/05 2:10 a.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the verifyBlob in the Model Pull API that improperly verifies manifest containing both config and layer digests. An attacker can access internal resources or services by sending crafted requests...

6.5CVSS6.6AI score0.00288EPSS
Exploits2References2
OSV
OSV
added 2025/12/04 5:24 p.m.11 views

GHSA-2CGV-28VR-RV6J libcrux incorrectly calculates on aarch64

On platforms without the core::arch::aarch64::vxarqu64 intrinsic, an unverified fallback in libcrux-intrinsics v0.0.3 passed incorrect arguments and produced wrong results. This corrupted SHA-3 digests and caused libcrux-ml-kem and libcrux-ml-dsa to sample incorrectly, yielding incorrect shared...

8.8CVSS5.8AI score
Exploits0References5
RustSec
RustSec
added 2025/12/04 12:0 p.m.8 views

Incorrect calculation on aarch64

On platforms without the core::arch::aarch64::vxarqu64 intrinsic, an unverified fallback in libcrux-intrinsics v0.0.3 passed incorrect arguments and produced wrong results. This corrupted SHA-3 digests and caused libcrux-ml-kem and libcrux-ml-dsa to sample incorrectly, yielding incorrect shared...

7AI score
Exploits0Affected Software1
OSV
OSV
added 2025/11/22 12:15 a.m.4 views

DEBIAN-CVE-2025-12889

With TLS 1.2 connections a client can use any digest, specifically a weaker digest that is supported, rather than those in the CertificateRequest...

5.4CVSS5.2AI score0.00127EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2025/11/21 11:6 p.m.4 views

CVE-2025-12889

With TLS 1.2 connections a client can use any digest, specifically a weaker digest that is supported, rather than those in the CertificateRequest...

5.4CVSS6.8AI score0.00127EPSS
Exploits0
Rows per page
Query Builder