CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedHat Linux•added 6 days ago•7 views

kernel: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr

In the Linux kernel, the following vulnerability has been resolved: ima: don't clear IMADIGSIG flag when setting or removing non-IMA xattr Currently when both IMA and EVM are in fix mode, the IMA signature will be reset to IMA hash if a program first stores IMA signature in security.ima and then...

5.8AI score0.00019EPSS

RedHat Linux•added 6 days ago•7 views

kernel: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr

5.8AI score0.00019EPSS

Fedora•added 2026/05/27 12:53 a.m.•6 views

[SECURITY] Fedora 44 Update: perl-Crypt-DSA-1.20-1.fc44

Crypt::DSA is an implementation of the DSA Digital Signature Algorithm signature verification system. This package provides DSA signing, signature verification, and key generation. DSA Digital Signature Algorithm signatures are no longer considered to be adequate for security. This module should...

7.3CVSS5.8AI score0.00016EPSS

Exploits0

ATTACKERKB•added 2026/05/25 8:19 p.m.•5 views

CVE-2026-48852

PuTTY 0.71 before 0.84 has an assertion failure in ECDSA signature verification...

3.7CVSS5.8AI score0.00054EPSS

Exploits0References3Affected Software1

SUSE CVE•added 2026/05/23 1:29 a.m.•10 views

SUSE CVE-2026-39829

The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public...

7.5CVSS5.8AI score0.00088EPSS

ATTACKERKB•added 2026/05/22 2:31 a.m.•3 views

CVE-2026-39829

5.8AI score0.00088EPSS

Exploits0References6

AstraLinux•added 2026/05/20 5:53 a.m.•1 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: IMA: Do not clear the IMADIGSIG flag when setting or removing non-IMA xattr. Currently, when both IMA and EVM are in “fix” mode, the IMA signature will be reset to the IMA hash if a program first stores the IMA signature in...

5.8AI score0.00019EPSS

CNNVD•added 2026/05/20 12:0 a.m.•5 views

Nimiq 安全漏洞

Nimiq is an open-source implementation of the Albatross protocol in Rust. Versions of Nimiq 1.3.0 and earlier contain security vulnerabilities. These vulnerabilities stem from malicious network peer nodes publishing specially crafted Kademlia DHT records where the length of the signature field is...

7.5CVSS5.8AI score0.00026EPSS

RedHat Linux•added 2026/05/18 12:24 p.m.•11 views

bouncycastle: BC-JAVA: PKIX draft CompositeVerifier accepts empty signature sequence as valid

A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix. The PKIX draft CompositeVerifier implementation improperly accepts an empty signature sequence as a valid cryptographic signature. This issue allows a remote attacker to bypass signature verification mechanisms, potentially...

6.3CVSS5.8AI score0.00013EPSS

EUVD•added 2026/05/16 12:31 a.m.•6 views

EUVD-2026-30668

Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified...

5.8AI score0.00012EPSS

CVE•added 2026/05/15 10:18 p.m.•11 views

CVE-2026-8704

CVE-2026-8704 affects Crypt::DSA for Perl, version up to 1.19, where the 2-argument open function can allow existing files to be modified. This is the underlying root cause described across multiple sources. A fixed version is indicated as later than 1.19 (e.g., 1.20 per release notes), with reme...

6.5CVSS5.8AI score0.00012EPSS

CVE•added 2026/05/15 10:10 p.m.•13 views

CVE-2026-8700

CVE-2026-8700 concerns Crypt::DSA for Perl, where seeds are generated with Perl’s built-in rand. The affected components are Crypt::DSA versions before 1.20. The root cause is the use of a non-cryptographically secure RNG, making seeds predictable for security-sensitive operations. This can under...

7.3CVSS5.8AI score0.00016EPSS

CNNVD•added 2026/05/15 12:0 a.m.•4 views

Crypt::DSA 安全漏洞

Crypt::DSA is a Perl cryptography module developed by TIMLEGGE’s individual developers, which supports the generation and verification of DSA digital signatures. Versions of Crypt::DSA prior to 1.19 contained security vulnerabilities; these vulnerabilities stemmed from the use of the 2-args open...

6.5CVSS5.8AI score0.00012EPSS

OSV•added 2026/05/08 5:46 a.m.•3 views

BIT-JRE-2025-0509 Signing Checks Bypass

A security issue was found in Sparkle before version 2.6.4. An attacker can replace an existing signed update with another payload, bypassing Sparkle’s EdDSA signing checks...

7.3CVSS5.8AI score0.00071EPSS

Exploits0References4

Positive Technologies•added 2026/05/06 12:0 a.m.•1 views

PT-2026-38031

A security issue was found in Sparkle before version 2.6.4. An attacker can replace an existing signed update with another payload, bypassing Sparkle’s EdDSA signing checks...

7.3CVSS7.2AI score0.00071EPSS