Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

70 matches found

CVE
CVEadded yesterday4 views

CVE-2026-56232

Capgo is affected: before version 12.128.2, the system does not enforce limited_to_orgs and limited_to_apps on subkeys supplied via the x-limited-key-id header in the middlewareKey function. This allows attackers to reference their own subkeys and bypass subkey scope restrictions, causing downstr...

8.8CVSS5.9AI score
Exploits0References2
NVD
NVDadded 3 days ago6 views

CVE-2026-56306

Capgo before 12.128.2 contains a weak parsing vulnerability in the x-limited-key-id header that allows attackers to bypass subkey enforcement by submitting malformed values, zero, or duplicate headers that result in NaN or falsy values. Remote attackers can manipulate the x-limited-key-id header ...

6.4CVSS0.00251EPSS
Exploits0References2
CVE
CVEadded 3 days ago7 views

CVE-2026-56306

Capgo before 12.128.2 contains a parsing vulnerability in the x-limited-key-id header that can bypass subkey enforcement and let attackers make requests under the main API key context instead of restricted subkey permissions. The issue arises from malformed, zero, or duplicate header values produ...

6.4CVSS5.9AI score0.00251EPSS
Exploits0References2
EUVD
EUVDadded 3 days ago6 views

EUVD-2026-38369

Capgo before 12.128.2 contains a weak parsing vulnerability in the x-limited-key-id header that allows attackers to bypass subkey enforcement by submitting malformed values, zero, or duplicate headers that result in NaN or falsy values. Remote attackers can manipulate the x-limited-key-id header ...

6.4CVSS5.9AI score0.00251EPSS
Exploits0References2
Cvelist
Cvelistadded 3 days ago17 views

CVE-2026-56306 Capgo - Subkey Enforcement Bypass via x-limited-key-id Header Parsing

Capgo before 12.128.2 contains a weak parsing vulnerability in the x-limited-key-id header that allows attackers to bypass subkey enforcement by submitting malformed values, zero, or duplicate headers that result in NaN or falsy values. Remote attackers can manipulate the x-limited-key-id header ...

6.4CVSS0.00251EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 3 days ago3 views

CVE-2026-56306

Capgo before 12.128.2 contains a weak parsing vulnerability in the x-limited-key-id header that allows attackers to bypass subkey enforcement by submitting malformed values, zero, or duplicate headers that result in NaN or falsy values. Remote attackers can manipulate the x-limited-key-id header ...

6.4CVSS5.9AI score0.00251EPSS
Exploits0References3
AstraLinux
AstraLinuxadded 6 days ago5 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: crypto: asymmetrickeys – prevented overflow in asymmetrickeygenerateid. Use checkaddoverflow to prevent potential integer overflows when adding the lengths of binary blobs and the size of an asymmetrickeyid structure. Return...

6.1AI score0.00154EPSS
Exploits0References2
RedHat Linux
RedHat Linuxadded 2026/06/17 6:53 a.m.4 views

kernel: crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id

In the Linux kernel, the following vulnerability has been resolved: crypto: asymmetrickeys - prevent overflow in asymmetrickeygenerateid Use checkaddoverflow to guard against potential integer overflows when adding the binary blob lengths and the size of an asymmetrickeyid structure and return...

5.7AI score0.00154EPSS
Exploits0References5
RedHat Linux
RedHat Linuxadded 2026/06/11 11:46 a.m.6 views

kernel: crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id

In the Linux kernel, the following vulnerability has been resolved: crypto: asymmetrickeys - prevent overflow in asymmetrickeygenerateid Use checkaddoverflow to guard against potential integer overflows when adding the binary blob lengths and the size of an asymmetrickeyid structure and return...

5.6AI score0.00154EPSS
Exploits0References5
CNNVD
CNNVDadded 2026/05/28 12:0 a.m.8 views

pyjwt 安全漏洞

pyjwt is a Python library developed by José Padilla from the United States. It allows for the encoding and decoding of JSON Web Tokens JWTs. Prior to version 2.13.0, pyjwt had a security vulnerability. This vulnerability stemmed from the function PyJWKClient.getsigningkey, which forced each JWT...

3.7CVSS5.8AI score0.00222EPSS
Exploits0References1
OSV
OSVadded 2026/05/06 12:0 p.m.12 views

RLSA-2026:13577 Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: nvme: avoid double free special payload CVE-2024-41073 kernel: net: qlogic/qede: fix potential out-of-bounds read in qedetpacont and qedetpaend CVE-2025-40252 kernel: crypto: asymmetricke...

8.1CVSS5.9AI score0.96775EPSS
Exploits228References7
OSV
OSVadded 2026/03/20 6:19 p.m.4 views

CVE-2026-32310 Cryptomator: Unverified masterkeyfile key IDs can access arbitrary local or UNC paths

Cryptomator encrypts data being stored on cloud infrastructure. From version 1.6.0 to before version 1.19.1, vault configuration is parsed before its integrity is verified, and the masterkeyfile loader uses the unverified keyId as a filesystem path. The loader resolves keyId.getSchemeSpecificPart...

4.1CVSS5.8AI score0.00248EPSS
Exploits0References6
Snyk
Snykadded 2026/03/20 8:43 a.m.6 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the deleteapikeyroute endpoint. An attacker can delete API keys belonging to other users by providing the apikeyid of a key they do not own. Remediation Upgrade langflow-base to versio...

9.6CVSS5.8AI score0.0039EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2026/01/09 12:40 p.m.3 views

CVE-2023-43784

Plesk Onyx 17.8.11 has accessKeyId and secretAccessKey fields that are related to an Amazon AWS Firehose component. NOTE: the vendor's position is that there is no security threat...

7.5CVSS6.9AI score0.00473EPSS
Exploits0References1
Microsoft CVE
Microsoft CVEadded 2025/12/25 9:5 a.m.3 views

crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id

...

5.5CVSS5.4AI score0.00154EPSS
Exploits0
OSV
OSVadded 2025/12/24 11:16 a.m.2 views

UBUNTU-CVE-2025-68724

In the Linux kernel, the following vulnerability has been resolved: crypto: asymmetrickeys - prevent overflow in asymmetrickeygenerateid Use checkaddoverflow to guard against potential integer overflows when adding the binary blob lengths and the size of an asymmetrickeyid structure and return...

6.1AI score0.00154EPSS
Exploits0References36
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2015-0851

Malware in sbrugna...

8.1CVSS7.9AI score0.06296EPSS
Exploits0References11
EUVD
EUVDadded 2025/10/07 12:30 a.m.4 views

EUVD-2007-3193

Malware in sbrugna...

7.1CVSS6.4AI score0.02712EPSS
Exploits1References7
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2022-55509

Malicious code in bioql PyPI...

6.3AI score0.0015EPSS
Exploits0References8
EUVD
EUVDadded 2025/10/03 8:7 p.m.7 views

EUVD-2022-1387

Malicious code in bioql PyPI...

9.1CVSS8.9AI score0.00777EPSS
Exploits1References5
Rows per page
Query Builder