Lucene search
K

17 matches found

OSV
OSV
added 2026/06/25 6:43 p.m.5 views

GO-2026-5298 Go-Attestation: Hash injection into trusted measurement list via unskipped SignatureHeaderSize vendor bytes in parseEfiSignatureList() in github.com/google/go-attestation

Go-Attestation: Hash injection into trusted measurement list via unskipped SignatureHeaderSize vendor bytes in parseEfiSignatureList in github.com/google/go-attestation...

5.8AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/15 5:32 p.m.6 views

Symfony: Mailomat Mailer Webhook Parser Reads the HMAC Algorithm from the Request: Signature Algorithm Downgrade

Description Symfony\Component\Mailer\Bridge\Mailomat\Webhook\MailomatRequestParser::validateSignature parses the X-MOM-Webhook-Signature request header as algo=signature and passes the wire-supplied $algo directly to hashhmac when verifying the request against the configured webhook secret. The...

5.5AI score0.00018EPSS
Exploits0References6Affected Software2
OSV
OSV
added 2026/06/12 3:4 p.m.7 views

GHSA-9R4W-JG96-92MV Go-Attestation: Hash injection into trusted measurement list via unskipped SignatureHeaderSize vendor bytes in parseEfiSignatureList()

Summary parseEfiSignatureList in attest/internal/events.go does not skip SignatureHeaderSize vendor bytes before reading EFISIGNATURELIST signature entries, violating UEFI specification section 31.4.1. Impact For hashSHA256SigGUID lists, attacker-controlled vendor header bytes are appended direct...

6.8CVSS5.6AI score
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/06/12 3:4 p.m.11 views

Go-Attestation: Hash injection into trusted measurement list via unskipped SignatureHeaderSize vendor bytes in parseEfiSignatureList()

Summary parseEfiSignatureList in attest/internal/events.go does not skip SignatureHeaderSize vendor bytes before reading EFISIGNATURELIST signature entries, violating UEFI specification section 31.4.1. Impact For hashSHA256SigGUID lists, attacker-controlled vendor header bytes are appended direct...

5.5AI score
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 11:15 p.m.7 views

axonflow-sdk-go: Webhook signing-key (HMAC-SHA256) not exposed by SDK type, preventing signature verification

Summary The AxonFlow SDK's WebhookSubscription or equivalent type did not expose the HMAC-SHA256 signing key returned by the platform's CreateWebhook endpoint. Without access to the secret through the typed SDK API, callers had no path to verify the X-AxonFlow-Signature header on incoming webhook...

5.8AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 11:14 p.m.6 views

axonflow-sdk-python: Webhook signing-key (HMAC-SHA256) not exposed by SDK type, preventing signature verification

Summary The AxonFlow SDK's WebhookSubscription or equivalent type did not expose the HMAC-SHA256 signing key returned by the platform's CreateWebhook endpoint. Without access to the secret through the typed SDK API, callers had no path to verify the X-AxonFlow-Signature header on incoming webhook...

5.8AI score
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 3:0 p.m.7 views

CVE-2026-33143

OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.34, the WhatsApp POST webhook handler /notification/whatsapp/webhook processes incoming status update events without verifying the Meta/WhatsApp X-Hub-Signature-256 HMAC signature, allowing any...

8.7CVSS5.8AI score0.00182EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/02/27 9:23 a.m.6 views

CVE-2026-1305

The Japanized for WooCommerce plugin for WordPress is vulnerable to Improper Authentication in versions up to, and including, 2.8.4. This is due to a flawed permission check in the paidywebhookpermissioncheck function that unconditionally returns true when the webhook signature header is omitted...

5.3CVSS6AI score0.00407EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.12 views

PT-2026-23561

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.14 Description The software contains a webhook signature-verification bypass in the voice-call extension. This allows unauthenticated requests when the tunnel.allowNgrokFreeTierLoopbackBypass option is enabled...

6.5CVSS5.8AI score0.0029EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2021/07/20 10:25 p.m.7 views

rpm: unsigned signature header leads to string injection into an rpm database

A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity...

5.5CVSS7.3AI score0.00701EPSS
Exploits0References4
Oracle linux
Oracle linux
added 2021/06/30 12:0 a.m.45 views

rpm security update

4.14.3-14 - Be more careful about copying data from signature header 1958477 - Fixes CVE-2021-20271...

7CVSS1.1AI score0.00827EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2021/06/29 4:45 p.m.3 views

rpm: unsigned signature header leads to string injection into an rpm database

A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity...

5.5CVSS7.3AI score0.00701EPSS
Exploits0References4
CNVD
CNVD
added 2021/05/07 12:0 a.m.12 views

Exim Out-of-Bounds Read Vulnerability

Exim was developed at Cambridge University as a Message Transfer Agent MTA for Unix systems connected to the Internet. Exim suffers from an out-of-bounds read vulnerability that stems from pdkimfinishbodyhash not validating the relationship between sig-bodyhash.len and b-bh.len, which can be...

7.5CVSS6.2AI score0.02712EPSS
Exploits1References1
OSV
OSV
added 2021/03/26 5:15 p.m.2 views

UBUNTU-CVE-2021-20271

A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from th...

7CVSS7.1AI score0.00827EPSS
Exploits0References4
Veracode
Veracode
added 2021/03/23 5:19 p.m.29 views

Arbitrary Code Execution

rpm is vulnerable to arbitrary code execution. An attacker who successfully convinces a victim to install a verifiable package with malicious signature header is able to cause RPM database corruption and execute code...

7CVSS4.1AI score0.00827EPSS
Exploits0References18Affected Software1
Hacker One
Hacker One
added 2018/12/12 3:31 p.m.38 views

Nextcloud: Remote attacker can impersonate Social users via ActivityPub API

Hi there! First up I want to acknowledge that Social may not be in scope. I emailed [email protected], which pointed me here, and I wasn't sure whether to just put it in a GitHub issue. In any case I hope I'm not wasting your time. When an HTTP request arrives at the shared inbox endpoint...

0.7AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2018/01/04 6:29 a.m.5 views

CVE-2018-0114

A vulnerability in the Cisco node-jose open source library before 0.11.0 could allow an unauthenticated, remote attacker to re-sign tokens using a key that is embedded within the token. The vulnerability is due to node-jose following the JSON Web Signature JWS standard for JSON Web Tokens JWTs...

7.5CVSS5.8AI score0.42651EPSS
Exploits6References6
Rows per page
Query Builder