Lucene search
+L

181 matches found

Vulnrichment
Vulnrichment
added 2026/04/30 8:17 p.m.10 views

CVE-2026-28532 FRRouting < 10.5.3 Integer Overflow in OSPF TLV Parser Functions

FRRouting before 10.5.3 contains an integer overflow vulnerability in seven OSPF Traffic Engineering and Segment Routing TLV parser functions where a uint16t accumulator variable truncates uint32t values returned by the TLVSIZE macro, causing the loop termination condition to fail while pointer...

6.5CVSS5.9AI score0.00225EPSS
Exploits0References4
CVE
CVE
added 2026/04/30 8:17 p.m.24 views

CVE-2026-28532

FRRouting before 10.5.3 is affected by an integer overflow in seven OSPF Traffic Engineering and Segment Routing TLV parser functions. A uint16_t accumulator truncates uint32_t values returned by TLV_SIZE(), causing the loop termination condition to fail while pointer advancement continues. An at...

6.5CVSS5.3AI score0.00225EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/04/30 8:17 p.m.9 views

EUVD-2026-26418

FRRouting before 10.5.3 contains an integer overflow vulnerability in seven OSPF Traffic Engineering and Segment Routing TLV parser functions where a uint16t accumulator variable truncates uint32t values returned by the TLVSIZE macro, causing the loop termination condition to fail while pointer...

6.5CVSS5.3AI score0.00225EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/04/30 8:17 p.m.26 views

CVE-2026-28532

FRRouting before 10.5.3 contains an integer overflow vulnerability in seven OSPF Traffic Engineering and Segment Routing TLV parser functions where a uint16t accumulator variable truncates uint32t values returned by the TLVSIZE macro, causing the loop termination condition to fail while pointer...

6.5CVSS5.9AI score0.00225EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/04/30 8:17 p.m.6 views

CVE-2026-28532

FRRouting before 10.5.3 contains an integer overflow vulnerability in seven OSPF Traffic Engineering and Segment Routing TLV parser functions where a uint16t accumulator variable truncates uint32t values returned by the TLVSIZE macro, causing the loop termination condition to fail while pointer...

6.5CVSS5.4AI score0.00225EPSS
Exploits0References5
OSV
OSV
added 2026/04/30 8:17 p.m.4 views

CVE-2026-28532 FRRouting < 10.5.3 Integer Overflow in OSPF TLV Parser Functions

FRRouting before 10.5.3 contains an integer overflow vulnerability in seven OSPF Traffic Engineering and Segment Routing TLV parser functions where a uint16t accumulator variable truncates uint32t values returned by the TLVSIZE macro, causing the loop termination condition to fail while pointer...

6CVSS6AI score0.00225EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.21 views

PT-2026-36172

Name of the Vulnerable Software and Affected Versions FRRouting versions prior to 10.5.3 Description An integer overflow exists in seven OSPF Traffic Engineering and Segment Routing TLV parser functions. A uint16 t accumulator variable truncates uint32 t values returned by the TLV SIZE macro, whi...

7.5CVSS5.9AI score0.00371EPSS
Exploits0References40
Github Security Blog
Github Security Blog
added 2026/04/17 10:16 p.m.27 views

OpenClaw: busybox and toybox applet execution weakened exec approval binding

Summary busybox and toybox applet execution weakened exec approval binding. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.2.23 = 2026.4.12 Impact Opaque multi-call binaries such as busybox and toybox could obscure which applet or script-like behavio...

8.8CVSS5.9AI score0.00356EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/04/17 10:16 p.m.2 views

GHSA-2CQ5-MF3V-MX44 OpenClaw: busybox and toybox applet execution weakened exec approval binding

Summary busybox and toybox applet execution weakened exec approval binding. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.2.23 = 2026.4.12 Impact Opaque multi-call binaries such as busybox and toybox could obscure which applet or script-like behavio...

8.8CVSS5.9AI score0.00356EPSS
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/24 2:2 p.m.8 views

Malicious code in privaton-beacon-img-8f3603448690bdde-png (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: oracle-using-macaron be565465ab48d5cf9d07625d2414c21814f63826ea9325c35dca838e40aa24e9 This package is an install-time-executable sdist that uses setup.py paired with an opaque data.bin payload and a beacon name...

5.8AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/02/27 9:22 p.m.10 views

ZITADEL's truncated opaque tokens are still valid

Summary Opaque OIDC access tokens in v2 format, truncated to 80 characters are still considered valid. ZITADEL uses a symmetric AES encryption for opaque tokens. The cleartext payload is a concatenation of a couple of identifiers, such as a token ID and user ID. Internally Zitadel has 2 different...

4.3CVSS5.8AI score0.00142EPSS
Exploits0References7Affected Software1
EUVD
EUVD
added 2026/02/27 9:22 p.m.7 views

EUVD-2026-8789

ZITADEL's truncated opaque tokens are still valid...

4.3CVSS5.9AI score0.00142EPSS
Exploits0References6
OSV
OSV
added 2026/02/27 9:22 p.m.5 views

GHSA-6MQ3-XMGP-PJM5 ZITADEL's truncated opaque tokens are still valid

Summary Opaque OIDC access tokens in v2 format, truncated to 80 characters are still considered valid. ZITADEL uses a symmetric AES encryption for opaque tokens. The cleartext payload is a concatenation of a couple of identifiers, such as a token ID and user ID. Internally Zitadel has 2 different...

4.3CVSS5.8AI score0.00142EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/02/27 4:13 a.m.8 views

CVE-2026-27840

ZITADEL is an open source identity management platform. Starting in version 2.31.0 and prior to versions 3.4.7 and 4.11.0, opaque OIDC access tokens in the v2 format truncated to 80 characters are still considered valid. Zitadel uses a symmetric AES encryption for opaque tokens. The cleartext...

4.3CVSS5.5AI score0.00142EPSS
Exploits0References1
NVD
NVD
added 2026/02/26 1:16 a.m.15 views

CVE-2026-27840

ZITADEL is an open source identity management platform. Starting in version 2.31.0 and prior to versions 3.4.7 and 4.11.0, opaque OIDC access tokens in the v2 format truncated to 80 characters are still considered valid. Zitadel uses a symmetric AES encryption for opaque tokens. The cleartext...

4.3CVSS0.00142EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/26 12:27 a.m.5 views

CVE-2026-27840

ZITADEL is an open source identity management platform. Starting in version 2.31.0 and prior to versions 3.4.7 and 4.11.0, opaque OIDC access tokens in the v2 format truncated to 80 characters are still considered valid. Zitadel uses a symmetric AES encryption for opaque tokens. The cleartext...

4.3CVSS5.5AI score0.00142EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/02/26 12:27 a.m.36 views

CVE-2026-27840 ZITADEL's truncated opaque tokens are still valid

ZITADEL is an open source identity management platform. Starting in version 2.31.0 and prior to versions 3.4.7 and 4.11.0, opaque OIDC access tokens in the v2 format truncated to 80 characters are still considered valid. Zitadel uses a symmetric AES encryption for opaque tokens. The cleartext...

4.3CVSS0.00142EPSS
Exploits0References3
CVE
CVE
added 2026/02/26 12:27 a.m.27 views

CVE-2026-27840

Technical details for CVE-2026-27840 are not provided in the supplied documents. Monitor for updates and vendor advisories for Zitadel versions and remediation.

4.3CVSS5.5AI score0.00142EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/02/26 12:27 a.m.10 views

CVE-2026-27840 ZITADEL's truncated opaque tokens are still valid

ZITADEL is an open source identity management platform. Starting in version 2.31.0 and prior to versions 3.4.7 and 4.11.0, opaque OIDC access tokens in the v2 format truncated to 80 characters are still considered valid. Zitadel uses a symmetric AES encryption for opaque tokens. The cleartext...

4.3CVSS5.6AI score0.00142EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/26 12:0 a.m.12 views

PT-2026-22066

Name of the Vulnerable Software and Affected Versions ZITADEL versions 2.31.0 through 3.4.6 ZITADEL versions 2.31.0 through 4.10.9 Description ZITADEL is an open source identity management platform. Starting in version 2.31.0 and prior to versions 3.4.7 and 4.11.0, opaque OIDC access tokens in th...

9.9CVSS5.9AI score0.22162EPSS
Exploits70References139
Rows per page
Query Builder