Lucene search
K

1530 matches found

RedHat Linux
RedHat Linux
added 9 hours ago3 views

python-pyjwt: PyJWT: Authentication bypass due to forged JSON Web Tokens

A flaw was found in PyJWT, a Python library for JSON Web Token JWT implementation. When decoding JWTs, the library fails to validate the use of JSON Web Keys JWK in the HMAC algorithm while also supporting asymmetric algorithms. This allows a remote attacker to use the issuer's public key as the...

7.4CVSS5.8AI score0.00379EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added yesterday3 views

Linux Distros Unpatched Vulnerability : CVE-2026-8720

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wcBlake2bHmacFinal and wcBlake2sHmacFinal discard the message when the key length exceeds the block size, producing a MAC that is independent of the input. When...

7.5CVSS5.8AI score0.00111EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added yesterday4 views

Linux Distros Unpatched Vulnerability : CVE-2026-6331

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HMAC zero-length tag forgery in EVPDigestVerifyFinal, where a zero-length tag could be accepted as valid during HMAC verification. In the OpenSSL-compatibility...

7.5CVSS5.8AI score0.00147EPSS
Exploits0References3
NVD
NVD
added 2 days ago7 views

CVE-2026-41896

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, the HMAC key is the application's manualwebhooksecretgithub field, which is used by Coolify's webhook endpoints to validate incoming requests, is nullable with no default —...

7.5CVSS0.00231EPSS
Exploits0References1
CVE
CVE
added 2 days ago8 views

CVE-2026-41896

CVE-2026-41896 affects Coolify prior to 4.0.0-beta.474. The HMAC key used to validate webhook requests (manual_webhook_secret_github) is nullable with no default, so new apps have a null secret. PHP’s hash_hmac() coerces a null key to an empty string, causing the server to compute hash_hmac('sha2...

7.5CVSS5.8AI score0.00231EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago21 views

CVE-2026-41896 Coolify: Unauthenticated Deployment Trigger via Webhook HMAC Bypass with Null Secret

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, the HMAC key is the application's manualwebhooksecretgithub field, which is used by Coolify's webhook endpoints to validate incoming requests, is nullable with no default —...

7.5CVSS0.00231EPSS
Exploits0References1
NVD
NVD
added 5 days ago7 views

CVE-2026-52885

Notepad++ is a free and open-source source code editor. Prior to 8.9.6.4, NppCommands.cpp checks the HMAC of the on-disk shortcuts.xml at the moment a user command fires Time-of-Check. However, the command payload is taken from the in-memory userCommands vector, which is populated at application...

7.5CVSS0.00129EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-52885

Notepad++ is a free and open-source source code editor. Prior to 8.9.6.4, NppCommands.cpp checks the HMAC of the on-disk shortcuts.xml at the moment a user command fires Time-of-Check. However, the command payload is taken from the in-memory userCommands vector, which is populated at application...

7.5CVSS6AI score0.00129EPSS
Exploits2References3Affected Software1
Cvelist
Cvelist
added 5 days ago30 views

CVE-2026-52885 Notepad++ TOCTOU: HMAC Checks Disk, Executes from Memory

Notepad++ is a free and open-source source code editor. Prior to 8.9.6.4, NppCommands.cpp checks the HMAC of the on-disk shortcuts.xml at the moment a user command fires Time-of-Check. However, the command payload is taken from the in-memory userCommands vector, which is populated at application...

7.5CVSS0.00129EPSS
Exploits2References2
NVD
NVD
added 5 days ago5 views

CVE-2026-53302

In the Linux kernel, the following vulnerability has been resolved: crypto: eip93 - fix hmac setkey algo selection eip93hmacsetkey allocates a temporary ahash transform for computing HMAC ipad/opad key material. The allocation uses the driver-specific cradrivername e.g. "sha256-eip93" but passes...

0.00166EPSS
Exploits0References3
OSV
OSV
added 5 days ago2 views

UBUNTU-CVE-2026-53302

In the Linux kernel, the following vulnerability has been resolved: crypto: eip93 - fix hmac setkey algo selection eip93hmacsetkey allocates a temporary ahash transform for computing HMAC ipad/opad key material. The allocation uses the driver-specific cradrivername e.g. "sha256-eip93" but passes...

5.8AI score0.00166EPSS
Exploits0References6
EUVD
EUVD
added 5 days ago5 views

EUVD-2026-39837

In the Linux kernel, the following vulnerability has been resolved: crypto: eip93 - fix hmac setkey algo selection eip93hmacsetkey allocates a temporary ahash transform for computing HMAC ipad/opad key material. The allocation uses the driver-specific cradrivername e.g. "sha256-eip93" but passes...

5.9AI score0.00166EPSS
Exploits0References3
CVE
CVE
added 5 days ago6 views

CVE-2026-53302

The CVE concerns the Linux kernel’s crypto/eip93 path. Specifically, eip93_hmac_setkey() creates a temporary ahash transform using a driver name (e.g., sha256-eip93) but passes CRYPTO_ALG_ASYNC as the mask, which excludes async algorithms. Since EIP93 hash algorithms are inherently async, the loo...

5.9AI score0.00166EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 5 days ago12 views

PT-2026-52973

Name of the Vulnerable Software and Affected Versions Notepad++ versions prior to 8.9.6.4 Description A Time-of-Check to Time-of-Use TOCTOU flaw exists in NppCommands.cpp. The application validates the HMAC of the shortcuts.xml file on disk when a user command is triggered, but it executes the...

7.5CVSS5.8AI score0.00129EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 5 days ago6 views

PT-2026-52941

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the eip93 hmac setkey function where it incorrectly uses the CRYPTO ALG ASYNC mask when allocating a temporary ahash transform. Because EIP93 hash algorithms are...

5.8AI score0.00166EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 5 days ago7 views

SUSE SLED15 / SLES15 Security Update : python-PyJWT (SUSE-SU-2026:2627-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2627-1 advisory. This update for python-PyJWT fixes the following issues - CVE-2026-48522: PyJWKClient passes URI arguments...

7.4CVSS5.9AI score0.00379EPSS
Exploits4References13
OSV
OSV
added 6 days ago2 views

DEBIAN-CVE-2026-6331

HMAC zero-length tag forgery in EVPDigestVerifyFinal, where a zero-length tag could be accepted as valid during HMAC verification. In the OpenSSL-compatibility HMAC verify path the supplied signature length was only checked as not exceeding the MAC length, so a zero-length or otherwise truncated...

7.5CVSS5.8AI score0.00147EPSS
Exploits0References1
OSV
OSV
added 6 days ago3 views

DEBIAN-CVE-2026-8720

wcBlake2bHmacFinal and wcBlake2sHmacFinal discard the message when the key length exceeds the block size, producing a MAC that is independent of the input. When the supplied key is longer than the BLAKE2 block size the key-hashing branch reinitialized the running hash state, discarding the...

7.5CVSS5.8AI score0.00111EPSS
Exploits0References1
NVD
NVD
added 6 days ago8 views

CVE-2026-8720

wcBlake2bHmacFinal and wcBlake2sHmacFinal discard the message when the key length exceeds the block size, producing a MAC that is independent of the input. When the supplied key is longer than the BLAKE2 block size the key-hashing branch reinitialized the running hash state, discarding the...

7.5CVSS0.00111EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago23 views

CVE-2026-8720 HMAC-BLAKE2 final discards message when key length exceeds block size

wcBlake2bHmacFinal and wcBlake2sHmacFinal discard the message when the key length exceeds the block size, producing a MAC that is independent of the input. When the supplied key is longer than the BLAKE2 block size the key-hashing branch reinitialized the running hash state, discarding the...

5.9CVSS0.00111EPSS
Exploits0References2
Rows per page
Query Builder