CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

73 matches found

NVD•added 2026/05/07 3:16 p.m.•8 views

CVE-2026-32686

Uncontrolled Resource Consumption vulnerability in ericmj decimal allows unauthenticated remote Denial of Service. The decimal library does not bound the exponent on parsed input. Storing a decimal with a very large exponent e.g. Decimal.new"1e1000000000" is accepted without error. Subsequent cal...

6.9CVSS0.00029EPSS

Exploits0References4

CNNVD•added 2026/05/07 12:0 a.m.•3 views

Decimal 资源管理错误漏洞

Decimal is a arbitrary-precision decimal arithmetic library developed by Eric Meadows-Jönsson. In versions 0.1.0 to 3.0.0 of Decimal, there was a resource management vulnerability. This vulnerability stemmed from the lack of restrictions on the parsed exponents, which could lead to unauthorized...

6.9CVSS5.8AI score0.00029EPSS

Exploits0References2

Positive Technologies•added 2026/05/07 12:0 a.m.•7 views

PT-2026-38441

Name of the Vulnerable Software and Affected Versions ericmj decimal versions 0.1.0 through 2.x Description Uncontrolled Resource Consumption allows unauthenticated remote Denial of Service. The library does not bound the exponent on parsed input, meaning a decimal with an excessively large...

6.9CVSS5.8AI score0.00029EPSS

Exploits0References10

OSV•added 2026/03/23 6:30 a.m.•4 views

GHSA-8QWJ-4JXW-M8JW jsrsasign: Negative Exponent Handling Leads to Signature Verification Bypass

Versions of the package jsrsasign before 11.1.1 are vulnerable to Incorrect Conversion between Numeric Types due to handling negative exponents in ext/jsbn2.js. An attacker can force the computation of incorrect modular inverses and break signature verification by calling modPow with a negative...

8.7CVSS5.9AI score0.00078EPSS

Exploits1References6

EUVD•added 2026/03/23 6:30 a.m.•4 views

EUVD-2026-14379

8.7CVSS5.8AI score0.00078EPSS

Exploits1References5

Github Security Blog•added 2026/03/23 6:30 a.m.•3 views

jsrsasign: Negative Exponent Handling Leads to Signature Verification Bypass

8.7CVSS5.9AI score0.00078EPSS

Exploits1References6Affected Software1

OSV•added 2026/03/23 6:16 a.m.•1 views

CVE-2026-4602

8.7CVSS5.9AI score

Exploits0References4

NVD•added 2026/03/23 6:16 a.m.•1 views

CVE-2026-4602

8.7CVSS0.00078EPSS

Exploits1References4

ATTACKERKB•added 2026/03/23 5:0 a.m.•1 views

CVE-2026-4602

8.7CVSS5.8AI score0.00078EPSS

Exploits1References5

Cvelist•added 2026/03/23 5:0 a.m.•22 views

CVE-2026-4602

8.7CVSS0.00078EPSS

Exploits1References4

CVE•added 2026/03/23 5:0 a.m.•9 views

CVE-2026-4602

CVE-2026-4602 affects the npm package jsrsasign prior to 11.1.1. The root cause is incorrect conversion between numeric types due to handling negative exponents in ext/jsbn2.js, which can cause modPow with a negative exponent and lead to incorrect modular inverses and broken signature verificatio...

8.7CVSS5.8AI score0.00078EPSS

Exploits1References4Affected Software1

Vulnrichment•added 2026/03/23 5:0 a.m.•2 views

CVE-2026-4602

8.7CVSS5.8AI score0.00078EPSS

Exploits1References4

Positive Technologies•added 2026/03/23 12:0 a.m.•2 views

PT-2026-27058

8.7CVSS5.8AI score0.00078EPSS

Exploits1References5

CNNVD•added 2026/03/23 12:0 a.m.•3 views

jsrsasign 安全漏洞

jsrsasign is a signature verification library developed by Kenji Urushima. Versions of jsrsasign prior to 11.1.1 contained security vulnerabilities. These vulnerabilities stemmed from numerical type conversion errors during the handling of negative exponents in the ext/jsbn2.js file, which could...

8.7CVSS5.8AI score0.00078EPSS

Exploits1References5

Snyk•added 2026/02/21 2:3 a.m.•1 views

Incorrect Conversion between Numeric Types

Overview jsrsasign is a free pure JavaScript cryptographic library. Affected versions of this package are vulnerable to Incorrect Conversion between Numeric Types due to handling negative exponents in ext/jsbn2.js. An attacker can force the computation of incorrect modular inverses and break...

8.7CVSS5.8AI score0.00078EPSS

Exploits1References2

Snyk•added 2026/02/21 2:3 a.m.•1 views

Incorrect Conversion between Numeric Types

Overview org.webjars.npm:jsrsasign is a free pure JavaScript cryptographic library. Affected versions of this package are vulnerable to Incorrect Conversion between Numeric Types due to handling negative exponents in ext/jsbn2.js. An attacker can force the computation of incorrect modular inverse...

8.7CVSS5.9AI score0.00078EPSS

Exploits1References2

Packet Storm News•added 2026/01/30 12:0 a.m.•2 views

Secure Integrated Sensing and Communication against Communication and Sensing Eavesdropping

Sensing privacy and communication confidentiality play fundamentally different but interconnected roles in adversarial wireless environments. Capturing this interplay within a single physical-layer framework is particularly challenging in integrated sensing and communication ISAC systems, where t...

5.4AI score

Exploits0

Tenable Nessus•added 2026/01/16 12:0 a.m.•4 views

openSUSE 16 Security Update : haproxy (openSUSE-SU-2026:20032-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20032-1 advisory. - CVE-2025-11230: issue in the mjson JSON decoder leads to excessive resource consumption when processing numbers with large exponents bsc1250983. Tenab...

7.5CVSS7.1AI score0.00468EPSS

Exploits0References3

OSV•added 2026/01/14 10:57 a.m.•1 views

SUSE-SU-2026:20092-1 Security update for haproxy

This update for haproxy fixes the following issues: - CVE-2025-11230: issue in the mjson JSON decoder leads to excessive resource consumption when processing numbers with large exponents bsc1250983...

7.5CVSS5.8AI score0.00468EPSS

Exploits0References3

OSV•added 2026/01/14 10:55 a.m.•2 views

SUSE-SU-2026:20094-1 Security update for haproxy

7.5CVSS5.8AI score0.00468EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by