Lucene search
K

326 matches found

NVD
NVD
added 4 days ago4 views

CVE-2026-55879

OpenReplay is a self-hosted session replay suite. From 1.24.0 before 1.25.0, the OpenReplay tracking SDK accepts custom event names and captured page URLs from any visitor using a public project key, stores them in ClickHouse without output encoding, and later renders them in the authenticated...

9.3CVSS0.00274EPSS
Exploits0References3
NVD
NVD
added 5 days ago6 views

CVE-2026-31983

A Missing Authentication vulnerability was discovered in the SSH keys synchronization endpoint. An unauthenticated attacker can send a request to the SSH keys synchronization endpoint and obtain the list of users that have uploaded their public SSH keys, their groups, and the uploaded public SSH...

6.9CVSS0.00235EPSS
Exploits0References1
CVE
CVE
added 5 days ago12 views

CVE-2026-31983

CVE-2026-31983 describes a missing authentication vulnerability in the SSH keys synchronization endpoint. An unauthenticated attacker can query the SSH keys sync endpoint and obtain the list of users who uploaded public SSH keys, their groups, and the uploaded keys. Reported impacts include expos...

6.9CVSS6AI score0.00235EPSS
Exploits0References1Affected Software2
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-31983

A Missing Authentication vulnerability was discovered in the SSH keys synchronization endpoint. An unauthenticated attacker can send a request to the SSH keys synchronization endpoint and obtain the list of users that have uploaded their public SSH keys, their groups, and the uploaded public SSH...

6.9CVSS6AI score0.00235EPSS
Exploits0References2
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42533

A Missing Authentication vulnerability was discovered in the SSH keys synchronization endpoint. An unauthenticated attacker can send a request to the SSH keys synchronization endpoint and obtain the list of users that have uploaded their public SSH keys, their groups, and the uploaded public SSH...

6.9CVSS6AI score0.00235EPSS
Exploits0References1
NOZOMI
NOZOMI
added 2026/07/07 12:0 a.m.4 views

Missing authentication in SSH keys synchronization endpoint in Guardian/CMC before 26.2.0

Summary A Missing Authentication vulnerability was discovered in the SSH keys synchronization endpoint. Impact An unauthenticated attacker can send a request to the SSH keys synchronization endpoint and obtain the list of users that have uploaded their public SSH keys, their groups, and the...

6.9CVSS6AI score0.00235EPSS
Exploits0Affected Software2
RedHat Linux
RedHat Linux
added 2026/07/06 5:18 a.m.6 views

golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters

A flaw was found in golang.org/x/crypto/ssh. The RSA and DSA public key parsers in the affected component did not enforce size limits on key parameters. This vulnerability allows an unauthenticated client to provide a crafted public key with an excessively large modulus or DSA parameter during...

7.5CVSS6.4AI score0.00415EPSS
Exploits0References9
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/30 2:2 a.m.11 views

Malicious code in anthropic-toolkit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 90ec82c6478e3a82eac71597b1c1fffc17d1b138e11e1a2aeadec7c00344c65e [email protected] is a typosquat against the @anthropic-ai/sdk ecosystem. The package ships no library code — its declared main dist/index.js i...

6.1AI score
Exploits0References23
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-55960

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Un-negotiated Raw Public Key RFC 7250 accepted in place of an X.509 certificate, bypassing chain validation. A raw public key has no chain, so ParseCertRelative...

8.2CVSS6AI score0.00145EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 5:51 a.m.9 views

Malicious code in ollama-helpers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 52323ef2a3908b7db1565ae149128d053363ab2612c7bc3a938c3f2d63c285cf scripts/postinstall.js executes automatically on npm install and performs a bulk harvest of installer-side identity and configuration data: OS hostna...

5.9AI score
Exploits0References24
OSV
OSV
added 2026/06/13 6:51 a.m.12 views

MAL-2026-5731 Malicious code in houzidawang807 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7568d90e7a8d940b5618fa36bccfc2b7fa02ceaa814f0a416d2cc989c685e489 Package advertises itself as 'a simple date formatting utility' but ships an SSH-key-stealing C2 client. postinstall.js enumerates /.ssh for .pub...

5.4AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/13 4:37 a.m.12 views

Malicious code in houzidawang806 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2dbf603db6d0a3434c6c417dd460f26d08b9e230c03926f05987bb3841d3c72b Package self-describes as 'A simple date formatting utility' but ships two distinct attacker primitives. 1 postinstall.js enumerates /.ssh/ for .pub...

5.4AI score
Exploits0References23
RedhatCVE
RedhatCVE
added 2026/06/03 7:32 p.m.11 views

CVE-2026-45614

A flaw was found in OP-TEE Trusted Execution Environment. This vulnerability allows a local attacker to reconstruct the private key by providing approximately 30-40 specially crafted public keys during the Elliptic Curve Diffie-Hellman ECDH shared secret generation. The system fails to verify if...

4.7CVSS5.7AI score0.00096EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/06/03 5:53 p.m.11 views

CVE-2026-45614 OP-TEE vulnerable to ECDH private key recovery

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Prior to version 4.11.0, on many of the ECDH shared secret paths, the public key isn't verified to be a point on the correct curve. By...

4.7CVSS5.8AI score0.00096EPSS
Exploits1References1
CVE
CVE
added 2026/06/03 5:53 p.m.25 views

CVE-2026-45614

OP-TEE up to version 4.10.x is vulnerable in ECDH shared secret paths where the public key isn’t verified as a valid curve point. An attacker with local access can inject ~30–40 crafted public keys to force key derivation (TEE_DeriveKey) and leak d mod r across calls, enabling recovery of the pri...

4.7CVSS5.8AI score0.00096EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2026/06/03 5:53 p.m.15 views

EUVD-2026-34159

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Prior to version 4.11.0, on many of the ECDH shared secret paths, the public key isn't verified to be a point on the correct curve. By...

4.7CVSS5.8AI score0.00096EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-45614

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology...

4.7CVSS5.8AI score0.00096EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.13 views

PT-2026-42670

Name of the Vulnerable Software and Affected Versions Nimiq versions prior to 1.4.0 Description A denial-of-service issue exists in the Ed25519 multisig delinearization code path. The function Ed25519PublicKey::delinearize in keys/src/multisig/mod.rs uses .unwrap during curve point decompression,...

4.3CVSS5.6AI score0.00231EPSS
Exploits0References7
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Golang-1.19

Extremely large RSA keys in certificate chains can cause clients and servers to spend significant CPU time verifying signatures. With this fix, the size of RSA keys transmitted during handshake operations is limited to 8192 bits or less. Based on a survey of publicly trusted RSA keys, there are...

5.3CVSS6.7AI score0.01328EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/11 5:36 p.m.37 views

CVE-2026-42859 Neat VNC: Buffer overflow due to oversized RSA public keys

Neat VNC is a VNC server library. Prior to 0.9.6, a pre-authentication stack buffer overflow exists in neatvnc in the RSA-AES security type handler. An unauthenticated remote attacker who can reach the VNC listening socket can send a crafted security type 5 RSA-AES or security type 129 RSA-AES-25...

9.3CVSS0.0055EPSS
Exploits0References2
Rows per page
Query Builder