CVE-2026-22782

RustFS (RustFS) vulnerability CVE-2026-22782: an invalid RPC signature path in crates/ecstore/src/rpc/http_auth.rs logs the shared HMAC secret and the expected_signature for any invalidly signed request, exposing the secret to log readers and enabling forged RPC calls. Affected versions are 1.0.0...

MiracleLinux 7 : gnutls-3.3.29-8.el7 (AXSA:2019-3543:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-3543:01 advisory. gnutls: HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls CVE-2018-10844 gnutls: HMAC-SHA-384 vulnerable to...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001159)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001159 advisory. The HMAC implementation crypto/hmac.c in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a loc...

SUSE CVE-2025-68792

In the Linux kernel, the following vulnerability has been resolved: tpm2-sessions: Fix out of range indexing in namesize 'namesize' does not have any range checks, and it just directly indexes with TPMALGID, which could lead into memory corruption at worst. Address the issue by only processing...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003094)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003094 advisory. The evmverifyhmac function in security/integrity/evm/evmmain.c in the Linux kernel before 4.5 does not properly copy data, which makes it easier for local users to...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003406)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003406 advisory. The HMAC implementation crypto/hmac.c in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a loc...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002454)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002454 advisory. The evmverifyhmac function in security/integrity/evm/evmmain.c in the Linux kernel before 4.5 does not properly copy data, which makes it easier for local users to...

EUVD-2026-2018

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.11.4, there is a flaw in Hono’s JWK/JWKS JWT verification middleware allowed the JWT header’s alg value to influence signature verification when the selected JWK did not explicitly specify an algorith...

MiracleLinux 9 : python3.12-cryptography-41.0.7-2.el9_6.1 (AXSA:2025-10844:02)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-10844:02 advisory. python-cryptography: NULL pointer dereference with pkcs12.serializekeyandcertificates when called with a non-matching certificate and private key and an...

MiracleLinux 9 : krb5-1.21.1-8.el9_6 (AXSA:2025-10565:05)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10565:05 advisory. krb5: Kerberos RC4-HMAC-MD5 Checksum Vulnerability Enabling Message Spoofing via MD5 Collisions CVE-2025-3576 Tenable has extracted the preceding descriptio...

PT-2026-3260

Name of the Vulnerable Software and Affected Versions RustFS versions 1.0.0-alpha.1 through 1.0.0-alpha.79 Description RustFS is a distributed object storage system built in Rust. Invalid RPC signatures cause the server to log the shared HMAC secret and the expected signature. This exposes the...

CVE-2011-0910

The cookie implementation in Vanilla Forums before 2.0.17.6 makes it easier for remote attackers to spoof signed requests, and consequently obtain access to arbitrary user accounts, via HMAC timing attacks...

CVE-2021-41106

JWT is a library to work with JSON Web Token and JSON Web Signature. Prior to versions 3.4.6, 4.0.4, and 4.1.5, users of HMAC-based algorithms HS256, HS384, and HS512 combined with Lcobucci\JWT\Signer\Key\LocalFileReference as key are having their tokens issued/validated using the file path as...

CVE-2019-16143

An issue was discovered in the blake2 crate before 0.8.1 for Rust. The BLAKE2b and BLAKE2s algorithms, when used with HMAC, produce incorrect results because the block sizes are half of the required sizes...

PT-2026-28320

Name of the Vulnerable Software and Affected Versions Node.js versions 20.x through 25.x Description An incomplete fix allows bypassing of intended write restrictions when using the Permission Model with restricted --allow-fs-write. Specifically, the FileHandle.chmod and FileHandle.chown methods...

CVE-2023-53951

Ever Gauzy v0.281.9 contains a JWT authentication vulnerability that allows attackers to exploit weak HMAC secret key implementation. Attackers can leverage the exposed JWT token to authenticate and gain unauthorized access with administrative permissions...

CVE-2023-53951

Ever Gauzy v0.281.9 contains a JWT authentication vulnerability that allows attackers to exploit weak HMAC secret key implementation. Attackers can leverage the exposed JWT token to authenticate and gain unauthorized access with administrative permissions...

CVE-2023-53951

Ever Gauzy v0.281.9 contains a JWT authentication vulnerability that allows attackers to exploit weak HMAC secret key implementation. Attackers can leverage the exposed JWT token to authenticate and gain unauthorized access with administrative permissions...

CVE-2023-53951

CVE-2023-53951 concerns Ever Gauzy v0.281.9, where a weak HMAC secret in the JWT authentication implementation allows forging tokens to authenticate with administrative permissions. The vulnerability is evidenced across multiple sources (including Red Hat, NVD/CNNVD-type records, CIRCL sightings,...

EUVD-2025-204596

Ever Gauzy v0.281.9 contains a JWT authentication vulnerability that allows attackers to exploit weak HMAC secret key implementation. Attackers can leverage the exposed JWT token to authenticate and gain unauthorized access with administrative permissions...