Gitsign 输入验证错误漏洞

Gitsign is a tool developed by Gitsign’s developers that allows for signing Git commits without the need for a key. Versions of Gitsign from 0.4.0 to 0.15.0 contained a vulnerability related to input validation errors. This vulnerability stemmed from the CertVerifier.Verify method, which...

CVE-2026-42246

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause Net::IMAPstarttls to return "successfully", without starting TLS. This issue has been patched in versions 0.3.10,...

CVE-2026-31491

A flaw was found in the Linux kernel's RDMA/irdma component. A local attacker could exploit an integer overflow and truncation vulnerability when the operating system passes a maximum unsigned 32-bit integer U32MAX for SQ/RQ/SRQ size. This can lead to the system incorrectly reporting a successful...

CVE-2026-35339

The recursive mode -R of the chmod utility in uutils coreutils incorrectly handles exit codes when processing multiple files. The final return value is determined solely by the success or failure of the last file processed. This allows the command to return an exit code of 0 success even if error...

CVE-2026-40069

BSV Ruby SDK is the Ruby SDK for the BSV blockchain. From 0.1.0 to before 0.8.2, BSV::Network::ARC's failure detection only recognises REJECTED and DOUBLESPENDATTEMPTED. ARC responses with txStatus values of INVALID, MALFORMED, MINEDINSTALEBLOCK, or any ORPHAN-containing extraInfo / txStatus are...

CVE-2026-31830 sigstore-ruby verifier returns success for DSSE bundles with mismatched in-toto subject digest

sigstore-ruby is a pure Ruby implementation of the sigstore verify command from the sigstore/cosign project. Prior to 0.2.3, Sigstore::Verifierverify does not propagate the VerificationFailure returned by verifyintoto when the artifact digest does not match the digest in the in-toto attestation...

UBUNTU-CVE-2025-15469

Issue summary: The 'openssl dgst' command-line tool silently truncates input data to 16MB when using one-shot signing algorithms and reports success instead of an error. Impact summary: A user signing or verifying files larger than 16MB with one-shot algorithms such as Ed25519, Ed448, or ML-DSA m...

EUVD-2007-0008

Malware in sbrugna...

SUSE CVE-2006-5170

pamldap in nssldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other distributions does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pamauthenticate function to return a success cod...

executing instruction outside code can lead to failing transfer

Handle Omik Vulnerability details Impact in the , is handling transfer and transferfrom, and checking the return value of the transfer and transferfrom, but the checking is happening outside the code, therefore if the transfer successfull it will still return false Proof of Concept 1. deploy this...

CVE-2007-0004

The NFS client implementation in the kernel in Red Hat Enterprise Linux RHEL 3, when a filesystem is mounted with the noacl option, checks permissions for the open system call via vfspermission mode bits data rather than an NFS ACCESS call to the server, which allows local client processes to...