3314 matches found
CVE-2026-45795
The Janssen Project's Jans-auth-server had a JWE request object signature verification bypass prior to version 2.0.0: unsigned JWE were accepted because JwtAuthorizationRequest skipped inner signature validation when jwe.getSignedJWTPayload() was null, and AuthzRequestService.processRequestObject...
DataEase v2.10.2 - JWT Signature Verification Bypass
DataEase is an open source data visualization analysis tool that helps users quickly analyze data and gain insights into business trends. In affected versions, the lack of signature verification of JWT tokens allows attackers to forge JWTs, which then allow access to any interface. The...
CVE-2026-48863 Libsolv: stack-based buffer overflow in libsolv eddsa pgp signature verification allows denial of service
A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP verification component due to incorrect length handling when copying EdDSA 's' MPI into a stack buffer. A remote attacker could craft a malicious Ed25519 PGP signature with mismatched MPI lengths. Processin...
CVE-2026-59955
Apollo is a reliable configuration management system suitable for microservice configuration management scenarios. Prior to 2.5.2, Apollo ConfigService may allow unauthorized access to raw configuration data when AccessKey or management key authentication is enabled because requests under...
CVE-2026-59955 Apollo ConfigService access key authentication bypass via raw config file appId parsing
Apollo is a reliable configuration management system suitable for microservice configuration management scenarios. Prior to 2.5.2, Apollo ConfigService may allow unauthorized access to raw configuration data when AccessKey or management key authentication is enabled because requests under...
EUVD-2026-44642
PraisonAI before 4.6.78 fails to verify Svix webhook signatures in AgentMail webhook mode, allowing unauthenticated attackers to forge message.received events. Attackers can send crafted JSON payloads to the webhook endpoint to invoke configured agents with arbitrary sender addresses and message...
CVE-2026-61436 PraisonAI before 4.6.78 Missing Webhook Signature Verification
PraisonAI before 4.6.78 fails to verify Svix webhook signatures in AgentMail webhook mode, allowing unauthenticated attackers to forge message.received events. Attackers can send crafted JSON payloads to the webhook endpoint to invoke configured agents with arbitrary sender addresses and message...
CVE-2026-47304
Improper verification of cryptographic signature in .NET allows an unauthorized attacker to bypass a security feature over a network...
CVE-2026-47212
Symfony’s Twilio Notifier Bridge contains a vulnerability in TwilioRequestParser::doParse() where the configured webhook secret is read but the X-Twilio-Signature verification is ignored, allowing unauthenticated POSTs to inject forged Twilio status payloads. Affected releases: Symfony before 6.4...
RLSA-2026:36215 Important: compat-openssl10 security update
The OpenSSL toolkit provides support for secure communications between machines. This version of OpenSSL package contains only the libraries and is provided for compatibility with previous releases and software that does not support compilation with OpenSSL-1.1. Security Fixes: openssl: Heap...
PT-2026-60109
Summary Apollo ConfigService may allow unauthorized access to configuration data when AccessKey / management key authentication is enabled and ConfigService accepts a non-canonical appId variant during authentication while downstream request handling resolves it to the protected app. Details...
[SECURITY] Fedora 43 Update: perl-Crypt-DSA-1.22-1.fc43
Crypt::DSA is an implementation of the DSA Digital Signature Algorithm signature verification system. This package provides DSA signing, signature verification, and key generation. DSA Digital Signature Algorithm signatures are no longer considered to be adequate for security. This module should...
User Impersonation
Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...
CVE-2026-61428
PraisonAI AgentMail versions before 4.6.78 lack signature verification in webhook mode, allowing unauthenticated attackers to inject messages with spoofed sender addresses. Attackers can POST crafted message.received events to the webhook endpoint to inject arbitrary content into the agent and...
CVE-2026-61428
PraisonAI AgentMail is affected by CVE-2026-61428 in versions before 4.6.78, where webhook messages lack signature verification. This enables unauthenticated attackers to POST crafted message.received events to the webhook endpoint, injecting arbitrary content into the agent and triggering replie...
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the verifySignature process due to improper verification of cryptographic signatures when handling the return value of opensslverify. An attacker can gain unauthorized access and perfo...
Security Bulletin: Due to use of Golang Go, multiple vulnerabilities affect IBM Cloud Pak System
Summary Due to use of Golang Go multiple vulnerabilities affect IBM Cloud Pak System. IBM Cloud Pak System has addressed these vulnerabilities. Vulnerability Details CVEID:CVE-2026-39827 DESCRIPTION: An authenticated SSH client that repeatedly opened channels which were rejected by the server...
EUVD-2026-42560
The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to Payment Bypass via Improper Verification of Cryptographic Signature in all versions up to, and including, 2.7.4. The corvuspaysuccesshandler function registers the REST endpoint POST /wp-json/corvuspay/success/ with...
CVE-2026-9027
The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to Payment Bypass via Improper Verification of Cryptographic Signature in all versions up to, and including, 2.7.4. The corvuspaysuccesshandler function registers the REST endpoint POST /wp-json/corvuspay/success/ with...
CVE-2026-9027
Summary of the CVE-2026-9027 issue : The CorvusPay WooCommerce Gateway for WordPress (versions up to 2.7.4) is vulnerable to a payment bypass via improper verification of the cryptographic signature. The REST endpoint POST /wp-json/corvuspay/success/ is registered with a permissive permission cal...