1072 matches found
CVE-2026-49230
Improper Validation of Integrity Check Value vulnerability in Apache APISIX. The jwe-decrypt plugin under default configuration is vulnerable to authentication bypass. This issue affects Apache APISIX: from 3.8.0 through 3.16.0. Users are recommended to upgrade to version 3.17.0, which fixes the...
EUVD-2026-38019
Improper Validation of Integrity Check Value vulnerability in Apache APISIX. The jwe-decrypt plugin under default configuration is vulnerable to authentication bypass. This issue affects Apache APISIX: from 3.8.0 through 3.16.0. Users are recommended to upgrade to version 3.17.0, which fixes the...
MAL-2026-5740 Malicious code in 2fa-exe (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector df3ad6044ca4d17d594aa3aa0d1a75d1dbf3ebf483d0dd1b04d502277674a8cc Package advertises itself as an SVG fetcher/sanitizer but ships an undocumented exported factory getPlugin in index.js that performs an HTTPS GET to...
GHSA-GV7W-RQVM-QJHR Withdrawn Advisory: esbuild: Missing binary integrity verification in Deno module enables remote code execution via NPM_CONFIG_REGISTRY
Withdrawn Advisory This advisory has been withdrawn because the affected package was incorrectly identified and the actual affected package is not in a supported ecosystem. This link is maintained to preserve external references. Original Description Summary The esbuild Deno module lib/deno/mod.t...
Improper Validation of Integrity Check Value
Overview Affected versions of this package are vulnerable to Improper Validation of Integrity Check Value when processing cipher and tag-length fields of CMS AuthEnvelopedData containers. An attacker can bypass message integrity via replay attack. A non AEAD cipher is permitted in...
Improper Validation of Integrity Check Value
Overview Affected versions of this package are vulnerable to Improper Validation of Integrity Check Value in PBMAC1PBKDF2HMAC. A user can craft an unencrypted PKCS12 file that uses PBMAC1 authentication specifying a one-byte HMAC key, causing a service that authenticates incoming files by passwor...
RDMA/rxe: Reject unknown opcodes before ICRC processing
...
SUSE CVE-2026-46193
In the Linux kernel, the following vulnerability has been resolved: xfrm: ah: account for ESN high bits in async callbacks AH allocates its temporary auth/ICV layout differently when ESN is enabled: the async ahash setup appends a 4-byte seqhi slot before the ICV or authdata area, but the async...
Linux Distros Unpatched Vulnerability : CVE-2026-46193
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xfrm: ah: account for ESN high bits in async callbacks AH allocates its temporary auth/ICV layout differently when ESN is enabled: the async ahash setup appends...
CVE-2026-9037
The CVE-2026-9037 issue affects the XCharge C6 charging controller’s firmware update mechanism. The firmware update process does not validate the authenticity of firmware packages delivered via the device management interface, because cryptographic signatures are not verified. An attacker with ac...
CVE-2026-9037 Download of code without integrity check in XCharge C6
A firmware update mechanism in the affected charging controller fails to validate the authenticity of firmware packages delivered through the device's management interface. Because cryptographic signatures are not verified, an attacker with the ability to interfere with or impersonate the...
CVE-2026-46193
In the Linux kernel, the following vulnerability has been resolved: xfrm: ah: account for ESN high bits in async callbacks AH allocates its temporary auth/ICV layout differently when ESN is enabled: the async ahash setup appends a 4-byte seqhi slot before the ICV or authdata area, but the async...
CVE-2026-46133 RDMA/rxe: Reject unknown opcodes before ICRC processing
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Reject unknown opcodes before ICRC processing Even after applying commit 7244491dab34 "RDMA/rxe: Validate pad and ICRC before payloadsize in rxercv", a single unauthenticated UDP packet can still trigger panic. That pat...
CVE-2026-46133
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Reject unknown opcodes before ICRC processing Even after applying commit 7244491dab34 "RDMA/rxe: Validate pad and ICRC before payloadsize in rxercv", a single unauthenticated UDP packet can still trigger panic. That pat...
RDMA/rxe: Validate pad and ICRC before payload_size() in rxe_rcv
...
SUSE CVE-2026-46043
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Validate pad and ICRC before payloadsize in rxercv rxercv currently checks only that the incoming packet is at least headersizepkt bytes long before payloadsize is used. However, payloadsize subtracts both the...
CVE-2026-46043
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Validate pad and ICRC before payloadsize in rxercv rxercv currently checks only that the incoming packet is at least headersizepkt bytes long before payloadsize is used. However, payloadsize subtracts both the...
EUVD-2026-32425
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Validate pad and ICRC before payloadsize in rxercv rxercv currently checks only that the incoming packet is at least headersizepkt bytes long before payloadsize is used. However, payloadsize subtracts both the...
MAL-2026-4544 Malicious code in cwao (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f48b0fefe9d99bcebeaa878f5bb2ca40df917b40785d6b5b8a31cf6e70a44970 package.json declares "preinstall": "./vendor/setup", which directly executes a 976,568-byte packed Linux x86 ELF binary shipped in the tarball. The...
Malicious code in weavedb-base (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 886f22636b5e4726978e23b10a4311fb7e65c2b10003da72429348fa617884d1 package.json declares "preinstall": "./vendor/setup", which runs a 976KB packed Linux x86 ELF binary sha256...