1215 matches found
CVE-2026-54780
CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, the CoreWCF WS-Security 1.0 receive pipeline validates ds:SignedInfo SignatureMethod against the configured SecurityAlgorithmSuite but does not validate each ds:Reference...
CVE-2026-54780 CoreWCF: WS-Security Reference DigestMethod Algorithm-Suite Bypass
CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, the CoreWCF WS-Security 1.0 receive pipeline validates ds:SignedInfo SignatureMethod against the configured SecurityAlgorithmSuite but does not validate each ds:Reference...
CVE-2026-54780
CoreWCF WS-Security 1.0 receive pipeline does not validate ds:Reference DigestMethod while validating ds:SignedInfo SignatureMethod, allowing a rejection of digest algorithms (e.g., SHA-1) to be bypassed in affected versions. Affected components include CoreWCF and CoreWCF.Primitives; fixed in Co...
Malicious code in @luminarycloudinternal/frodo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 58ed68e675b2b6cde30e6b7c8e34077eda805a4bde64ca7cd2c68c6f4370ee5f Package published under a scope shadowing internal Luminary Cloud packages @luminarycloudinternal at version 9999.0.1 — the canonical...
Linux Distros Unpatched Vulnerability : CVE-2026-40257
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology...
EUVD-2026-41891
OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.21.0 and prior to version 4.11.0, the ARM Crypto Extensions accelerated SHA-3 implementation has an off-by-one erro...
CVE-2026-40257
CVE-2026-40257 affects OP-TEE (Trusted Execution Environment) for Cortex-A with TrustZone. From versions 3.21.0 up to, but not including, 4.11.0, the ARM Crypto Extensions accelerated SHA-3 implementation has an off-by-one error that can cause a massive heap overflow, corrupting all TEE kernel me...
CVE-2026-40257
OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.21.0 and prior to version 4.11.0, the ARM Crypto Extensions accelerated SHA-3 implementation has an off-by-one erro...
CVE-2026-40257 OP-TEE has SHA-3 accelerated finalize heap overflow
OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.21.0 and prior to version 4.11.0, the ARM Crypto Extensions accelerated SHA-3 implementation has an off-by-one erro...
AlmaLinux 9 : postgresql-jdbc (ALSA-2026:22304)
The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2026:22304 advisory. jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication CVE-2026-42198 Tenable has extracted the preceding descripti...
Linux Distros Unpatched Vulnerability : CVE-2026-6412
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Certificate policy and RFC 8446 compliance concerns regarding the continued acceptance of SHA-1/MD5 in certificate processing. CVE-2026-6412 Note that Nessus...
Linux Distros Unpatched Vulnerability : CVE-2026-53266
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: bridge: make ebtsnat ARP rewrite writable The ebtables SNAT target keeps the Ethernet source address rewrite behind skbensurewritableskb, 0. This is...
CVE-2026-55069
Kestra OSS (BasicAuth) stores administrator password with SHA-512; if an attacker gains read access to PostgreSQL, offline brute-force can recover the password. In Kubernetes, cracked credentials may enable reading ServiceAccount Tokens and all K8s Secrets, enabling vertical privilege escalation....
CVE-2026-39031
Lansweeper lsrunase 2.0 and lsencrypt 2.0 use RC4 encryption with a hardcoded 142-byte static key array to encrypt credentials. An 8-character prefix is stored in cleartext alongside the ciphertext. This allows an attacker with local access to recover any encrypted password to plaintext using a...
CVE-2026-6412
Certificate policy and RFC 8446 compliance concerns regarding the continued acceptance of SHA-1/MD5 in certificate processing...
DEBIAN-CVE-2026-6412
Certificate policy and RFC 8446 compliance concerns regarding the continued acceptance of SHA-1/MD5 in certificate processing...
CVE-2026-6412
Technical details about CVE-2026-6412 are not publicly available in the provided documents. Monitor for updates from the cited sources (WolfSSL, NVD, Debian tracker, CVE List, OSV, EUVD, etc.).
CVE-2026-6412 Continued acceptance of SHA-1/MD5 digests in certificate processing
Certificate policy and RFC 8446 compliance concerns regarding the continued acceptance of SHA-1/MD5 in certificate processing...
CVE-2026-6412
Certificate policy and RFC 8446 compliance concerns regarding the continued acceptance of SHA-1/MD5 in certificate processing...
CVE-2026-6412
Certificate policy and RFC 8446 compliance concerns regarding the continued acceptance of SHA-1/MD5 in certificate processing...