PT-2026-37824

A security issue was found in Sparkle before version 2.6.4. An attacker can replace an existing signed update with another payload, bypassing Sparkle’s EdDSA signing checks...

Astra Linux - уязвимость в node-elliptic

The verify function in lib/elliptic/eddsa/index.js within the Elliptic package, as of version 6.5.6 for Node.js, omits the validation of the condition “sig.S.gtesig.eddsa.curve.n || sig.S.isNeg”...

Improper Certificate Validation

Overview wolfssl is a None Affected versions of this package are vulnerable to Improper Certificate Validation. due to missing hash/digest size and OID checks in the certificate verification process. An attacker can bypass signature verification by providing digests smaller than allowed when...

UBUNTU-CVE-2026-5194

Missing hash/digest size and OID checks allow digests smaller than allowed when verifying ECDSA certificates, or smaller than is appropriate for the relevant key type, to be accepted by signature verification functions. This could lead to reduced security of ECDSA certificate-based authentication...

CVE-2026-5194

Missing hash/digest size and OID checks allow digests smaller than allowed when verifying ECDSA certificates, or smaller than is appropriate for the relevant key type, to be accepted by signature verification functions. This could lead to reduced security of ECDSA certificate-based authentication...

CVE-2026-5194

The CVE-2026-5194 issue concerns wolfSSL’s ECDSA certificate verification: missing hash/digest size and OID checks may allow digests smaller than allowed for the given key type to pass verification when EdDSA or ML-DSA is enabled. This could reduce security of ECDSA certificate-based authenticati...

CVE-2026-4115

A vulnerability was detected in PuTTY 0.83. Affected is the function eddsaverify of the file crypto/ecc-ssh.c of the component Ed25519 Signature Handler. The manipulation results in improper verification of cryptographic signature. The attack may be performed from remote. The attack requires a hi...

UBUNTU-CVE-2026-4115

A vulnerability was detected in PuTTY 0.83. Affected is the function eddsaverify of the file crypto/ecc-ssh.c of the component Ed25519 Signature Handler. The manipulation results in improper verification of cryptographic signature. The attack may be performed from remote. The attack requires a hi...

CVE-2026-4115

PuTTY 0.83 is affected by CVE-2026-4115 in the Ed25519 Signature Handler (eddsa_verify in crypto/ecc-ssh.c). The vulnerability causes improper verification of cryptographic signatures. Exploitation may be performed remotely, but the attack is described as high complexity with low exploitability. ...

CVE-2026-4115 PuTTY Ed25519 Signature ecc-ssh.c eddsa_verify signature verification

A vulnerability was detected in PuTTY 0.83. Affected is the function eddsaverify of the file crypto/ecc-ssh.c of the component Ed25519 Signature Handler. The manipulation results in improper verification of cryptographic signature. The attack may be performed from remote. The attack requires a hi...

CVE-2026-4115

A vulnerability was detected in PuTTY 0.83. Affected is the function eddsaverify of the file crypto/ecc-ssh.c of the component Ed25519 Signature Handler. The manipulation results in improper verification of cryptographic signature. The attack may be performed from remote. The attack requires a hi...

MiracleLinux 9 : bind-9.16.23-1.el9.1 (AXSA:2022-4081:05)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-4081:05 advisory. bind: BIND 9 resolvers configured to answer from cache with zero stale-answer-timeout may terminate unexpectedly CVE-2022-3080 bind: memory leak in...

MiracleLinux 8 : bind-9.11.36-3.el8.1 (AXSA:2022-3874:03)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3874:03 advisory. bind: memory leak in ECDSA DNSSEC verification code CVE-2022-38177 bind: memory leaks in EdDSA DNSSEC verification code CVE-2022-38178 Tenable has...

GO-2025-4027 Gnark-crypto doesn't range check input values during ECDSA and EdDSA deserialization in github.com/consensys/gnark-crypto

Gnark-crypto doesn't range check input values during ECDSA and EdDSA deserialization in github.com/consensys/gnark-crypto...

GHSA-FR8M-434R-G3XP gnark-crypto doesn't range check input values during ECDSA and EdDSA signature deserialization

Impact During deserialization of ECDSA and EdDSA signatures gnark-crypto did not check that the values are in the range 1, n-1 with n being the corresponding modulus either base field modulus in case of R in EdDSA, and scalar field modulus in case of s,r in ECDSA and s in EdDSA. As this also...

gnark-crypto doesn't range check input values during ECDSA and EdDSA signature deserialization

During deserialization of ECDSA and EdDSA signatures gnark-crypto did not check that the values are in the range 1, n-1 with n being the corresponding modulus either base field modulus in case of R in EdDSA, and scalar field modulus in case of s,r in ECDSA and s in EdDSA. As this also allowed zer...

EUVD-2017-18457

Malware in sbrugna...

EUVD-2025-15063

Malicious code in bioql PyPI...

EUVD-2022-40774

Malicious code in bioql PyPI...

EUVD-2023-2485

Malicious code in bioql PyPI...