55 matches found
CVE-2026-53302
A flaw was found in the Linux kernel's cryptographic module, specifically within the EIP93 hardware accelerator driver. An error in how the system allocates resources for HMAC Keyed-Hash Message Authentication Code operations can lead to a critical system failure. When certain cryptographic...
PT-2026-52604
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An issue exists in the EVP DigestVerifyFinal function where a zero-length tag could be accepted as valid during HMAC Hash-based Message Authentication Code...
CVE-2026-46545 nimiq-primitives: Panic DoS in trie chunk processing via ROOT-keyed item
Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.5.0, a remote, unauthenticated denial-of-service vulnerability in MerkleRadixTrie::putchunk allows any state-sync peer to crash any node performing state...
CVE-2026-46545
Summary: CVE-2026-46545 affects the Nimiq core-rs-albatross project (MerkleRadixTrie::put_chunk) and causes a remote, unauthenticated denial-of-service by a malicious state-sync peer sending a ROOT-keyed item in a ResponseChunk; upon put_raw attempting to store at the root, it panics with RootCan...
CVE-2026-46545 nimiq-primitives: Panic DoS in trie chunk processing via ROOT-keyed item
Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.5.0, a remote, unauthenticated denial-of-service vulnerability in MerkleRadixTrie::putchunk allows any state-sync peer to crash any node performing state...
CVE-2026-46444
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, all CRUD endpoints for OpenAI Assistants Vector Store have no authentication middleware and the route path /api/v1/openai-assistants-vector-store is not in WHITELISTURLS. However, it i...
GHSA-G8WJ-3CR3-6W7V Nuxt: `__nuxt_island` endpoint does not bind responses to request props, enabling shared-cache poisoning
Summary The /nuxtisland/ endpoint accepts attacker-controlled props query/body parameters and renders any island component without verifying that the URL-resident hash .json was actually issued for those inputs by . The hash is computed and embedded client-side but never validated server-side, so...
[SECURITY] Fedora 43 Update: fontforge-20230101-20.fc43
FontForge former PfaEdit is a font editor for outline and bitmap fonts. It supports a range of font formats, including PostScript ASCII and binary Type 1, some Type 3 and Type 0, TrueType, OpenType Type2 and CID-keyed fonts...
[SECURITY] Fedora 42 Update: fontforge-20230101-19.fc42
FontForge former PfaEdit is a font editor for outline and bitmap fonts. It supports a range of font formats, including PostScript ASCII and binary Type 1, some Type 3 and Type 0, TrueType, OpenType Type2 and CID-keyed fonts...
CVE-2026-3119
Under certain conditions, named may crash when processing a correctly signed query containing a TKEY record. The affected code can only be reached if an incoming request has a valid transaction signature TSIG from a key declared in the named configuration. This issue affects BIND 9 versions 9.20....
Malicious Package
Overview @rexxtheproject/keyed-db is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
MAL-2026-2165 Malicious code in @rexxtheproject/keyed-db (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa8d0778ab610c5b6e2320997c2427bf9e6295b93fe16ae478096953c1de9b34 The package @rexxtheproject/keyed-db was found to contain malicious code. Source: ghsa-malware...
Malicious code in @rexxtheproject/keyed-db (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa8d0778ab610c5b6e2320997c2427bf9e6295b93fe16ae478096953c1de9b34 The package @rexxtheproject/keyed-db was found to contain malicious code. Source: ghsa-malware...
[SECURITY] Fedora 42 Update: fontforge-20230101-17.fc42
FontForge former PfaEdit is a font editor for outline and bitmap fonts. It supports a range of font formats, including PostScript ASCII and binary Type 1, some Type 3 and Type 0, TrueType, OpenType Type2 and CID-keyed fonts...
CVE-2017-5378
creationtimestamp| type| source ---|---|--- 2025-09-26 05:00:00+00:00| seen| https://projectzero.google/2025/09/pointer-leaks-through-pointer-keyed.html 2025-09-26 15:00:00+00:00| seen| https://googleprojectzero.blogspot.com/2025/09/pointer-leaks-through-pointer-keyed.html...
CVE-2016-9904
creationtimestamp| type| source ---|---|--- 2025-09-26 05:00:00+00:00| seen| https://projectzero.google/2025/09/pointer-leaks-through-pointer-keyed.html 2025-09-26 15:00:00+00:00| seen| https://googleprojectzero.blogspot.com/2025/09/pointer-leaks-through-pointer-keyed.html...
Malicious code in test-mlw2-keyed-egers (npm)
The package test-mlw2-keyed-egers was found to contain malicious code...
MAL-2025-35617 Malicious code in test-mlw2-keyed-egers (npm)
The package test-mlw2-keyed-egers was found to contain malicious code...
Malleability-Resistant Encrypted Control System with Disturbance Compensation and Real-Time Attack Detection
This study proposes an encrypted PID control system with a disturbance observer DOB using a keyed-homomorphic encryption KHE scheme, aiming to achieve control performance while providing resistance to malleability-based attacks. The controller integrates a DOB with a PID structure to compensate f...
DEBIAN-CVE-2024-3049
A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcrymdgetalgodlen, it may allow an invalid HMAC to be accepted by the Booth server...