Lucene search
K

100 matches found

OSV
OSV
added 2026/06/25 6:43 p.m.4 views

GO-2026-5298 Go-Attestation: Hash injection into trusted measurement list via unskipped SignatureHeaderSize vendor bytes in parseEfiSignatureList() in github.com/google/go-attestation

Go-Attestation: Hash injection into trusted measurement list via unskipped SignatureHeaderSize vendor bytes in parseEfiSignatureList in github.com/google/go-attestation...

5.8AI score
Exploits0References4
Cvelist
Cvelist
added 2026/06/24 12:49 a.m.30 views

CVE-2026-12681

Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Google go-attestation. parseEfiSignatureList does not advance the buffer past vendor bytes before reading entries. For hashSHA256SigGUID lists, this allows attacker-controlled vendor header bytes to be appended ...

8.9CVSS0.00191EPSS
Exploits0References3
CVE
CVE
added 2026/06/24 12:49 a.m.17 views

CVE-2026-12681

Summary: CVE-2026-12681 affects Google go-attestation prior to 0.6.1. The issue arises in parseEfiSignatureList(): the buffer is not advanced past vendor bytes before reading entries, enabling attacker-controlled vendor header bytes to be appended to the trusted SHA256 hash list. A crafted TPM ev...

8.9CVSS6.2AI score0.00191EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/18 11:47 p.m.7 views

CVE-2026-50034

An attacker within BLE communication range can passively intercept wireless traffic and obtain sensitive health-related information, including glucose measurement values...

7.1CVSS5.2AI score0.00145EPSS
Exploits0References5
CVE
CVE
added 2026/05/13 8:18 p.m.21 views

CVE-2026-44368

CVE-2026-44368 affects PyQuorum prior to 0.2.1, where the mul_mod function uses a binary expansion loop whose runtime depends on the Hamming weight of the exponent. An attacker who can measure secret-sharing operation timing could progressively recover share values, potentially reconstruing the s...

6.9CVSS6AI score0.00314EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/03/10 12:0 a.m.1 views

Enhanced Security in Quantum Token Protocols Using Hybrid Spin-Photon Interfaces

Quantum token protocols enable unforgeable quantum tokens promising unconditional security beyond classical cryptographic assumptions. We show here that the three stages of the Quantum token protocols involving the preparation, storage and verification can be made more secure when involving...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/07 1:44 a.m.3 views

CVE-2026-28464

OpenClaw versions prior to 2026.2.12 use non-constant-time string comparison for hook token validation, allowing attackers to infer tokens through timing measurements. Remote attackers with network access to the hooks endpoint can exploit timing side-channels across multiple requests to gradually...

8.2CVSS5.8AI score0.00386EPSS
Exploits0References1
Snyk
Snyk
added 2026/02/04 8:43 p.m.4 views

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials due to the use of SHA1 PCRs when sealing and unsealing the vault key. An attacker can bypass integrity checks and modify configuration files undetected by measured boot and remote attestation by...

8.8CVSS8AI score0.00107EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2026/01/23 12:0 a.m.5 views

Eclipse Attacks on Ethereum'S Peer-To-Peer Network

Eclipse attacks isolate blockchain nodes by monopolizing their peer-to-peer connections. The attacks were extensively studied in Bitcoin SP'15, SP'20, CCS'21, SP'23 and Monero NDSS'25, but their practicality against Ethereum nodes remains underexplored, particularly in the post-Merge settings. We...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/07 12:0 a.m.8 views

Large Language Models for Detecting Cyberattacks on Smart Grid Protective Relays

This paper presents a large language model LLM-based framework for detecting cyberattacks on transformer current differential relays TCDRs, which, if undetected, may trigger false tripping of critical transformers. The proposed approach adapts and fine-tunes compact LLMs such as DistilBERT to...

6.9AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2025/12/24 12:9 p.m.8 views

CVE-2025-68740

In the Linux kernel, the following vulnerability has been resolved: ima: Handle error code returned by imafilterrulematch In imamatchrules, if imafilterrulematch returns -ENOENT due to the rule being NULL, the function incorrectly skips the 'if !rc' check and sets 'result = true'. The LSM rule is...

5.3AI score0.00189EPSS
Exploits0References9Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/21 12:0 a.m.4 views

PT-2025-53006

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the Integrity Measurement Architecture IMA subsystem. Specifically, the ima match rules function incorrectly handles error codes returned by ima...

4.6CVSS6.4AI score0.00189EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/11/03 10:46 p.m.4 views

CVE-2025-12357

By manipulating the Signal Level Attenuation Characterization SLAC protocol with spoofed measurements, an attacker can stage a man-in-the-middle attack between an electric vehicle and chargers that comply with the ISO 15118-2 part. This vulnerability may be exploitable wirelessly, within close...

6.3CVSS6.8AI score0.00234EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/31 6:31 p.m.2 views

EUVD-2025-37371

By manipulating the Signal Level Attenuation Characterization SLAC protocol with spoofed measurements, an attacker can stage a man-in-the-middle attack between an electric vehicle and chargers that comply with the ISO 15118-2 part. This vulnerability may be exploitable wirelessly, within close...

8.3CVSS6.4AI score0.00234EPSS
Exploits0References4
NVD
NVD
added 2025/10/31 4:15 p.m.5 views

CVE-2025-12357

By manipulating the Signal Level Attenuation Characterization SLAC protocol with spoofed measurements, an attacker can stage a man-in-the-middle attack between an electric vehicle and chargers that comply with the ISO 15118-2 part. This vulnerability may be exploitable wirelessly, within close...

6.3CVSS0.00234EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/31 3:33 p.m.2 views

CVE-2025-12357 International Standards Organization ISO 15118-2 Improper Restriction of Communication Channel to Intended Endpoints

By manipulating the Signal Level Attenuation Characterization SLAC protocol with spoofed measurements, an attacker can stage a man-in-the-middle attack between an electric vehicle and chargers that comply with the ISO 15118-2 part. This vulnerability may be exploitable wirelessly, within close...

6.3CVSS6.5AI score0.00234EPSS
Exploits0References3
CVE
CVE
added 2025/10/31 3:33 p.m.11 views

CVE-2025-12357

CVE-2025-12357 concerns the SLAC protocol used in ISO 15118-2-compliant EV charging systems. The Red Hat/NVD/EUVD entries describe that an attacker can manipulate SLAC measurements to perform a man-in-the-middle between an electric vehicle and the charging station, potentially enabling wireless M...

6.3CVSS6.5AI score0.00234EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/10/31 3:33 p.m.9 views

CVE-2025-12357 International Standards Organization ISO 15118-2 Improper Restriction of Communication Channel to Intended Endpoints

By manipulating the Signal Level Attenuation Characterization SLAC protocol with spoofed measurements, an attacker can stage a man-in-the-middle attack between an electric vehicle and chargers that comply with the ISO 15118-2 part. This vulnerability may be exploitable wirelessly, within close...

6.3CVSS0.00234EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2025/10/12 12:0 a.m.4 views

Post-Quantum Cryptography and Quantum-Safe Security: A Comprehensive Survey

Post-quantum cryptography PQC is moving from evaluation to deployment as NIST finalizes standards for ML-KEM, ML-DSA, and SLH-DSA. This survey maps the space from foundations to practice. We first develop a taxonomy across lattice-, code-, hash-, multivariate-, isogeny-, and MPC-in-the-Head...

6.8AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2015-8899

Malware in sbrugna...

10CVSS9.5AI score0.00836EPSS
Exploits0References3
Rows per page
Query Builder