EUVD-2026-18146

SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to upload PGP keys with UIDs that do not match their email address...

CVE-2026-25641 SandboxJS has a sandbox escape via TOCTOU bug on keys in property accesses

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, there is a sandbox escape vulnerability due to a mismatch between the key on which the validation is performed and the key used for accessing properties. Even though the key used in property accesses is annotated as string, this is...

DEBIAN-CVE-2024-26130

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if pkcs12.serializekeyandcertificates is called with both a certificate whose public key did not match the provided private key and an...

PT-2024-3052

Name of the Vulnerable Software and Affected Versions cryptography versions 38.0.0 through 42.0.3 Description The issue is related to the pkcs12.serialize key and certificates function in the cryptography package for Python. If this function is called with a certificate whose public key does not...

Input validation

Keylime does not enforce that the agent registrar data is the same when the tenant uses it for validation of the EK and identity quote and the verifier for validating the integrity quote. This allows an attacker to use one AK, EK pair from a real TPM to pass EK validation and give the verifier an...