UBUNTU-CVE-2026-10028

A flaw was found in glib-networking. A remote attacker can exploit this vulnerability by presenting a specially crafted certificate chain to an application that uses glib-networking with the GnuTLS backend enabled and performs certificate verification. This crafted chain, which contains circular...

Automatic Teller Machines for Offline E-Cash

Electronic cash e-cash is a digital alternative to physical currency that allows anonymous transactions between users and merchants. Typically, coins in an e-cash scheme are only dispensed through a central bank. A drawback of this approach is that the bank is always on the critical path during...

OpenClaw: Google Chat app-url webhook auth accepted non-deployment add-on principals

Summary Google Chat app-url webhook verification accepted add-on principals outside the intended deployment binding. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2 630f1479c44f78484dfa21bb407cbe6f171dac87 - Latest published...

PT-2026-26788

Name of the Vulnerable Software and Affected Versions Ory Hydra affected versions not specified Description The Admin APIs – listOAuth2Clients, listOAuth2ConsentSessions, and listTrustedOAuth2JwtGrantIssuers – in Ory Hydra are susceptible to SQL injection due to flaws in the pagination...

Malicious code in mastercard_ezaccess_for_issuers_api (npm)

The package mastercardezaccessforissuersapi was found to contain malicious code...

CVE-2025-46647

A vulnerability of plugin openid-connect in Apache APISIX. This vulnerability will only have an impact if all of the following conditions are met: 1. Use the openid-connect plugin with introspection mode 2. The auth service connected to openid-connect provides services to multiple issuers 3...

CVE-2022-31021 Unlinkability broken in ursa when verifiers use malicious keys

Ursa is a cryptographic library for use with blockchains. A weakness in the Hyperledger AnonCreds specification that is not mitigated in the Ursa and AnonCreds implementations is that the Issuer does not publish a key correctness proof demonstrating that a generated private key is sufficient to...

CVE-2021-3601

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. OpenSSL does not class this issue as a security vulnerability. The trusted CA store should not contain anything that the user does not trust to issue other certificates. Notes:...

The CMS Allows Health Plans to Host Their Own Enrollment Applications for Improved Consumer Experience

As part of the ongoing implementation of the Affordable Care Act ACA, the Centers for Medicare and Medicaid Services CMS recently began permitting direct enrollment entities qualified health plan issuers and web-brokers to host their own enrollment applications on their websites instead of proxyi...

Keeping Positive – Obtaining Arbitrary Wildcard SSL Certificates from Comodo via Dangling Markup Injection

I recently decided to investigate the security of various certificate authority’s online certificate issuing systems. These online issuers allow certificate authorities to verify that someone owns a specific domain, such as thehackerblog.com and get a signed certificate so they can enable SSL/TLS...