Lucene search
K

48765 matches found

RedhatCVE
RedhatCVE
added 2026/06/26 12:4 a.m.7 views

CVE-2026-53057

A flaw was found in the Linux kernel, specifically within the Input/Output Memory Management Unit IOMMU for RISC-V architectures. This vulnerability occurs because the system does not properly clear out old memory translation information, known as Translation Lookaside Buffer TLB and context cach...

8.8CVSS5.9AI score0.00127EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.7 views

PT-2026-52991

Name of the Vulnerable Software and Affected Versions H.View HV-500S6 IP Camera affected versions not specified Description Certificate-related upload interfaces allow authenticated users to store arbitrary file content in fixed, persistent filesystem locations. The system fails to validate the...

8.6CVSS5.9AI score0.004EPSS
Exploits0References7
NVD
NVD
added 2026/06/25 10:17 p.m.7 views

CVE-2026-6329

PKCS12 MAC verification uses an attacker-controlled comparison length, weakening the integrity check on the MAC and allowing a mismatched MAC to be accepted. The PKCS12 verify path compared the locally computed HMAC against the MAC parsed from the PKCS12 structure using a length taken directly fr...

6.5CVSS0.0016EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 10:17 p.m.2 views

DEBIAN-CVE-2026-6329

PKCS12 MAC verification uses an attacker-controlled comparison length, weakening the integrity check on the MAC and allowing a mismatched MAC to be accepted. The PKCS12 verify path compared the locally computed HMAC against the MAC parsed from the PKCS12 structure using a length taken directly fr...

6.5CVSS5.8AI score0.0016EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 9:2 p.m.15 views

CVE-2026-6329

CVE-2026-6329 describes a vulnerability in PKCS#12 MAC verification in wolfSSL where the verification uses an attacker-controlled comparison length. The PKCS#12 verify path compares the locally computed HMAC against the MAC parsed from the PKCS#12 structure using a length taken directly from atta...

6.5CVSS5.9AI score0.0016EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/25 9:2 p.m.29 views

CVE-2026-6329 PKCS#12 MAC verification uses attacker-controlled comparison length

PKCS12 MAC verification uses an attacker-controlled comparison length, weakening the integrity check on the MAC and allowing a mismatched MAC to be accepted. The PKCS12 verify path compared the locally computed HMAC against the MAC parsed from the PKCS12 structure using a length taken directly fr...

6CVSS0.0016EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/25 9:2 p.m.6 views

CVE-2026-6329

PKCS12 MAC verification uses an attacker-controlled comparison length, weakening the integrity check on the MAC and allowing a mismatched MAC to be accepted. The PKCS12 verify path compared the locally computed HMAC against the MAC parsed from the PKCS12 structure using a length taken directly fr...

6CVSS5.9AI score0.0016EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2026/06/25 9:2 p.m.4 views

CVE-2026-6329

PKCS12 MAC verification uses an attacker-controlled comparison length, weakening the integrity check on the MAC and allowing a mismatched MAC to be accepted. The PKCS12 verify path compared the locally computed HMAC against the MAC parsed from the PKCS12 structure using a length taken directly fr...

6.5CVSS5.8AI score0.0016EPSS
Exploits0
NVD
NVD
added 2026/06/25 6:16 p.m.8 views

CVE-2026-50573

pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm install in non-frozen mode can accept new remote package content after detecting that the downloaded tarball does not match the integrity recorded in pnpm-lock.yaml. When a package is already locked with an integrity value, and the...

8.1CVSS0.00113EPSS
Exploits1References1
NVD
NVD
added 2026/06/25 6:16 p.m.9 views

CVE-2026-50021

pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm's tarball extraction worker skips integrity verification when the integrity field is absent from the lockfile resolution. If an attacker can both modify pnpm-lock.yaml to remove the integrity: field and cause the referenced registry URL...

8.1CVSS0.00126EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2026/06/25 5:36 p.m.6 views

keycloak: Keycloak: Attacker can re-enable and take over disabled clients via Registration Access Token

A flaw was found in Keycloak's client registration service. A remote attacker, possessing a previously issued Registration Access Token RAT, could exploit this vulnerability to re-enable a client that an administrator had explicitly disabled. This bypasses security controls, allowing the attacker...

6.5CVSS5.8AI score0.00267EPSS
Exploits0References4
NVD
NVD
added 2026/06/25 5:17 p.m.9 views

CVE-2026-9705

A flaw was found in Keycloak's client registration service. A remote attacker, possessing a previously issued Registration Access Token RAT, could exploit this vulnerability to re-enable a client that an administrator had explicitly disabled. This bypasses security controls, allowing the attacker...

6.5CVSS0.00267EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/25 5:2 p.m.6 views

CVE-2026-57062

A flaw in GnuPG's gpgsm component improperly handles the Cryptographic Message Syntax CMS format for AES-GCM. By accepting an authentication tag length of 4 bytes instead of the required 12 bytes, this vulnerability allows for a low-impact data integrity issue where the cryptographic validity of...

2.9CVSS5.7AI score0.0011EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/25 4:50 p.m.29 views

CVE-2026-50573 pnpm: Unsafe default behavior breaks integrity check

pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm install in non-frozen mode can accept new remote package content after detecting that the downloaded tarball does not match the integrity recorded in pnpm-lock.yaml. When a package is already locked with an integrity value, and the...

6.8CVSS0.00113EPSS
Exploits1References1
CVE
CVE
added 2026/06/25 4:50 p.m.17 views

CVE-2026-50573

Summary: CVE-2026-50573 affects pnpm prior to 10.34.0 and 11.4.0. In non-frozen mode, when a locked package’s integrity conflicts with later registry content, pnpm may report an integrity mismatch but then perform a resolution repair, update the lockfile with the registry’s new integrity, and ins...

8.1CVSS5.9AI score0.00113EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/06/25 4:48 p.m.31 views

CVE-2026-50021 pnpm: Integrity Check Bypass via Missing Lockfile Integrity Field

pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm's tarball extraction worker skips integrity verification when the integrity field is absent from the lockfile resolution. If an attacker can both modify pnpm-lock.yaml to remove the integrity: field and cause the referenced registry URL...

6.8CVSS0.00126EPSS
Exploits1References1
CVE
CVE
added 2026/06/25 4:48 p.m.22 views

CVE-2026-50021

pnpm has an integrity check bypass when the integrity field is missing from the lockfile. Concrete details from the connected docs show that prior to versions 10.34.0 and 11.4.0, pnpm’s tarball extraction worker skips tarball hash verification if integrity is undefined, allowing an attacker who c...

8.1CVSS5.9AI score0.00126EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2026/06/25 4:17 p.m.5 views

EUVD-2026-39474

A flaw was found in Keycloak's client registration service. A remote attacker, possessing a previously issued Registration Access Token RAT, could exploit this vulnerability to re-enable a client that an administrator had explicitly disabled. This bypasses security controls, allowing the attacker...

6.5CVSS5.9AI score0.00267EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/25 4:17 p.m.37 views

CVE-2026-9705 Keycloak: keycloak: attacker can re-enable and take over disabled clients via registration access token

A flaw was found in Keycloak's client registration service. A remote attacker, possessing a previously issued Registration Access Token RAT, could exploit this vulnerability to re-enable a client that an administrator had explicitly disabled. This bypasses security controls, allowing the attacker...

6.5CVSS0.00267EPSS
Exploits0References6
NVD
NVD
added 2026/06/25 4:16 p.m.8 views

CVE-2026-9717

CWE-78 Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could allow unauthorized execution of commands with elevated privileges, impacting system integrity, confidentiality, and availability when a privileged authenticated user interacts wi...

8.6CVSS0.01191EPSS
Exploits0References1
Rows per page
Query Builder