CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/05/08 3:16 p.m.•4 views

CVE-2026-41584

9.2CVSS0.00055EPSS

Cvelist•added 2026/05/08 3:5 p.m.•23 views

CVE-2026-41584 ZEBRA: rk Identity Point Panic in Transaction Verification

9.2CVSS0.00055EPSS

ATTACKERKB•added 2026/05/08 3:5 p.m.•3 views

CVE-2026-41584

Exploits0References2Affected Software1

EUVD•added 2026/05/08 3:5 p.m.•4 views

EUVD-2026-28654

Vulnrichment•added 2026/05/08 3:5 p.m.•5 views

CVE-2026-41584 ZEBRA: rk Identity Point Panic in Transaction Verification

CVE•added 2026/05/08 3:5 p.m.•7 views

CVE-2026-41584

ZEBRA (the Zebra node implementation for Zcash) is affected by CVE-2026-41584 due to the rk field in Orchard transactions. Prior to zebrad 4.3.1 and zebra-chain 6.0.2, an identity value for rk (the randomized validating key and elliptic-curve point) could trigger a panic in the orchard crate used...

Exploits0References1Affected Software2

CNNVD•added 2026/05/08 12:0 a.m.•6 views

zebra 安全漏洞

Zebra is an open-source Zcash implementation built using Rust by the Zcash Foundation. Versions of Zebra prior to 4.3.1 contained a security vulnerability. This vulnerability occurred when the rk field in Orchard transactions was set to an identity value, causing the Orchard crate to crash and...

9.2CVSS5.8AI score0.00055EPSS

OSV•added 2026/04/18 1:14 a.m.•0 views

GHSA-452V-W3GX-72WG Zebra has rk Identity Point Panic in Transaction Verification

rk Identity Point Panic in Transaction Verification Summary Orchard transactions contain a rk field which is a randomized validating key and also an elliptic curve point. The Zcash specification allows the field to be the identity a "zero" value, however, the orchard crate which is used to verify...

Github Security Blog•added 2026/04/18 1:14 a.m.•7 views

Exploits0References3

Zebra has rk Identity Point Panic in Transaction Verification

Exploits0References3Affected Software2

Positive Technologies•added 2026/04/18 12:0 a.m.•11 views

PT-2026-37130

9.2CVSS5.8AI score0.00055EPSS

Exploits0References4

OSV•added 2026/01/30 5:16 p.m.•2 views

CVE-2020-37019

Orchard Core RC1 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts through blog post creation. Attackers can create blog posts with embedded JavaScript in the MarkdownBodyPart.Source parameter to execute arbitrary scripts in victim...

6.4CVSS6AI score

NVD•added 2026/01/30 5:16 p.m.•3 views

CVE-2020-37019

6.4CVSS0.00131EPSS

ATTACKERKB•added 2026/01/30 4:16 p.m.•2 views

CVE-2020-37019

Exploits0References5Affected Software1

Vulnrichment•added 2026/01/30 4:16 p.m.•1 views

CVE-2020-37019 Orchard Core RC1 - Persistent Cross-Site Scripting

EUVD•added 2026/01/30 4:16 p.m.•1 views

EUVD-2020-30959

CVE•added 2026/01/30 4:16 p.m.•5 views

CVE-2020-37019

Orchard Core RC1 contains a persistent cross-site scripting (XSS) vulnerability that lets an attacker inject malicious JavaScript via blog posts. The flaw is triggered when embedded JavaScript is placed in the MarkdownBodyPart.Source parameter during blog-post creation, allowing code execution in...

Cvelist•added 2026/01/30 4:16 p.m.•23 views

CVE-2020-37019 Orchard Core RC1 - Persistent Cross-Site Scripting

6.4CVSS0.00131EPSS

Positive Technologies•added 2026/01/30 12:0 a.m.•2 views

PT-2026-5416

CNNVD•added 2026/01/30 12:0 a.m.•1 views

Exploits0References6

Orchard Core cross-site scripting vulnerabilities

Orchard Core is an open-source modularized and multi-tenant application framework built using Asp.Net Core by the US-based Orchard Core company. It also includes a content management system Cms built on top of this framework. The Orchard Core RC1 version contained a cross-site scripting...

6.4CVSS5.7AI score0.00131EPSS