Lucene search
K

6 matches found

Snyk
Snyk
added 2026/06/19 8:47 p.m.6 views

Insufficient Verification of Data Authenticity

Overview CoreWCF.Primitives is a port of the service side of Windows Communication Foundation WCF to .NET Core. The goal of this project is to enable existing WCF services to move to .NET Core. Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity...

9.1CVSS5.9AI score
Exploits0References3
NVD
NVD
added 2026/05/26 6:16 p.m.13 views

CVE-2026-41164

nuts-node is the reference implementation of the Nuts specification. Prior to 6.2.3 and 5.4.31, the v1 access token introspection endpoint /auth/v1/introspectaccesstoken accepts any JWT signed by a key present on the node, without validating the JWT type, issuer-to-key binding, or required claims...

4.4CVSS0.00076EPSS
Exploits0References1
OSV
OSV
added 2026/05/08 5:43 p.m.47 views

GHSA-HFCF-V2F8-X9PC bitcoinj has a ScriptExecution P2PKH/P2WPKH Verification Bypass

Summary ScriptExecution.correctlySpends contains two fast-path verification bugs for standard P2PKH and native P2WPKH spends in core/src/main/java/org/bitcoinj/script/ScriptExecution.java. In both branches, bitcoinj verifies an attacker-controlled signature/public-key pair but fails to verify tha...

7.5CVSS5.9AI score0.0027EPSS
Exploits0References6
OSV
OSV
added 2022/08/22 3:15 p.m.2 views

UBUNTU-CVE-2021-3521

There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a "binding signature." RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey to...

4.7CVSS7.1AI score0.00302EPSS
Exploits0References3
OSV
OSV
added 2017/11/22 6:29 p.m.4 views

CVE-2017-15528

Prior to v 7.6, the Install Norton Security INS product can be susceptible to a certificate spoofing vulnerability, which is a type of attack whereby a maliciously procured certificate binds the public key of an attacker to the domain name of the target...

3.7CVSS5.7AI score0.00614EPSS
Exploits0References3
OSV
OSV
added 2005/01/10 5:0 a.m.3 views

DEBIAN-CVE-2004-1224

Off-by-one error in the mtrcurseskeyaction function for mtr 0.55 through 0.65 allows local users to hijack raw sockets, as demonstrated using the "s" keybinding, which leaves a buffer without a NULL terminator...

4.6CVSS6.8AI score0.00333EPSS
Exploits0References1
Rows per page
Query Builder