Lucene search
K

13921 matches found

EUVD
EUVD
added 2 hours ago6 views

EUVD-2026-42206

When dealing with abnormally constructed objects, there is a lack of argument validation; JavaScript triggers signature verification, but the signature plugin does not perform validation when copying the abnormal string, causing the application to crash...

7.8CVSS6AI score
Exploits0References2
CVE
CVE
added 4 hours ago6 views

CVE-2026-57246

Technical details are not publicly available in the provided documents. Monitor for updates.

7.8CVSS6AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 4 hours ago2 views

CVE-2026-57246

When dealing with abnormally constructed objects, there is a lack of argument validation; JavaScript triggers signature verification, but the signature plugin does not perform validation when copying the abnormal string, causing the application to crash...

7.8CVSS6AI score
Exploits0References2Affected Software2
Nuclei
Nuclei
added 6 hours ago51 views

DataEase v2.10.2 - JWT Signature Verification Bypass

DataEase is an open source data visualization analysis tool that helps users quickly analyze data and gain insights into business trends. In affected versions, the lack of signature verification of JWT tokens allows attackers to forge JWTs, which then allow access to any interface. The...

9.3CVSS5.9AI score0.01223EPSS
Exploits1References1
Nuclei
Nuclei
added 6 hours ago156 views

MinIO - Incomplete Signature Validation for Unsigned-Trailer Uploads

MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. The signature component of the authorization may be invalid, which would mean that as a client you can use any arbitrary secret to upload objects given the user already has prior WRITE permissions on...

8.7CVSS7.2AI score0.02421EPSS
Exploits0References2
Nuclei
Nuclei
added 6 hours ago76 views

Keycloak - SAML Core Package Signature Validation Flaw

A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather than the Referen...

7.7CVSS6.7AI score0.0203EPSS
Exploits0References5
CVE
CVE
added yesterday30 views

CVE-2026-46354

Summary: A PKCS#7 signature bypass in Coder (Coder v2 before patches) allows unauthenticated token theft via Azure instance identity. The issue stems from azureidentity.Validate() validating only the signer certificate chain, not the signature itself, enabling forged PKCS#7 envelopes containing a...

9.1CVSS6.1AI score0.0003EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-57172

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, ShareSecretManage uses a hardcoded default share link signature key, allowing an attacker who can obtain a passwordless share for a resource and user to use the known key link-pwd-fit2cloud to forge linkToken JWTs,...

8.3CVSS5.9AI score
Exploits0References3Affected Software1
CVE
CVE
added yesterday7 views

CVE-2026-11348

The CVE-2026-11348 vulnerability affects HAVELSAN Liman MYS (before release.Master.1107) and is caused by improper verification of a cryptographic signature. The entry indicates a remote attack vector (Network) with high impact across confidentiality, integrity, and availability (CVSS v3.1: 8.1, ...

8.1CVSS5.9AI score
Exploits0References1
EUVD
EUVD
added yesterday5 views

EUVD-2026-42034

Improper verification of cryptographic signature vulnerability in HAVELSAN Inc. Liman MYS allows Fake the Source of Data. This issue affects Liman MYS: before release.Master.1107...

8.1CVSS5.9AI score
Exploits0References1
Cvelist
Cvelist
added yesterday17 views

CVE-2026-11348 Authentication Bypass in HAVELSAN's Open Source Project Liman MYS

Improper verification of cryptographic signature vulnerability in HAVELSAN Inc. Liman MYS allows Fake the Source of Data. This issue affects Liman MYS: before release.Master.1107...

8.1CVSS
Exploits0References1
RedHat Linux
RedHat Linux
added yesterday3 views

kernel: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr

In the Linux kernel, the following vulnerability has been resolved: ima: don't clear IMADIGSIG flag when setting or removing non-IMA xattr Currently when both IMA and EVM are in fix mode, the IMA signature will be reset to IMA hash if a program first stores IMA signature in security.ima and then...

5.8AI score0.00168EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added yesterday6 views

Important: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

9.8CVSS6.3AI score0.00353EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2 days ago4 views

CVE-2026-44362

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.20.0 and prior to version 4.11.0, a vulnerability in OP-TEE’s subkey rollback protection allows the use of revoked ...

5.5CVSS6AI score0.0013EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-54291 Silent channel-binding authentication downgrade via unsupported certificate algorithms

pgjdbc is an open source postgresql JDBC Driver. In releases 42.7.4 through 42.7.11, channelBinding=require connections can be silently downgraded from SCRAM-SHA-256-PLUS with channel binding to plain SCRAM-SHA-256 without it, losing the man-in-the-middle protection the setting is meant to...

8.2CVSS0.00251EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2 days ago4 views

kernel: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr

In the Linux kernel, the following vulnerability has been resolved: ima: don't clear IMADIGSIG flag when setting or removing non-IMA xattr Currently when both IMA and EVM are in fix mode, the IMA signature will be reset to IMA hash if a program first stores IMA signature in security.ima and then...

5.8AI score0.00168EPSS
Exploits0References5
NVD
NVD
added 2 days ago5 views

CVE-2026-11855

The Simple Membership WordPress plugin before 4.7.5 does not verify the authenticity of Stripe webhook requests when no signing secret is configured, nor escape a value taken from them before outputting it in an administrator notice, allowing unauthenticated attackers to inject arbitrary web...

8.8CVSS0.00301EPSS
Exploits0References1
OSV
OSV
added 2 days ago3 views

BIT-MASTODON-2026-48028 Mastodon: Removal of integrity-protected JSON entries from signed activities

Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, Mastodon's normalization of incoming activities signed with Linked-Data Signatures does not sufficiently protect the activities from a certain class of spoofing, allowing threat actors...

6.5CVSS6AI score0.00124EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2 days ago4 views

golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/crypto/ssh/knownhosts: Revocation bypass via unchecked SignatureKey

A flaw was found in golang.org/x/crypto/ssh/knownhosts. This vulnerability occurs because the system did not correctly check for the revocation status of a SignatureKey belonging to a Certificate Authority CA. A remote attacker could potentially exploit this by presenting a revoked key, leading t...

9.1CVSS6AI score0.00469EPSS
Exploits0References8
OSV
OSV
added 3 days ago3 views

DEBIAN-CVE-2026-14570

Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery. "Crypt::DSA::Util::makerandom forces the high bit of every value it returns to obtain an exactly N-bit integer for prime search. The signing nonce a...

7.5CVSS5.9AI score0.00508EPSS
Exploits0References1
Rows per page
Query Builder