Lucene search
+L

3313 matches found

nuclei
nuclei
added 9 hours ago83 views

DataEase v2.10.2 - JWT Signature Verification Bypass

DataEase is an open source data visualization analysis tool that helps users quickly analyze data and gain insights into business trends. In affected versions, the lack of signature verification of JWT tokens allows attackers to forge JWTs, which then allow access to any interface. The...

9.3CVSS6.1AI score0.01223EPSS
Exploits1References1
cvelist
cvelist
added 18 hours ago11 views

CVE-2026-48863 Libsolv: stack-based buffer overflow in libsolv eddsa pgp signature verification allows denial of service

A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP verification component due to incorrect length handling when copying EdDSA 's' MPI into a stack buffer. A remote attacker could craft a malicious Ed25519 PGP signature with mismatched MPI lengths. Processin...

7.5CVSS
Exploits0References3
nvd
nvd
added yesterday4 views

CVE-2026-59955

Apollo is a reliable configuration management system suitable for microservice configuration management scenarios. Prior to 2.5.2, Apollo ConfigService may allow unauthorized access to raw configuration data when AccessKey or management key authentication is enabled because requests under...

7.5CVSS
Exploits0References3
cvelist
cvelist
added yesterday27 views

CVE-2026-59955 Apollo ConfigService access key authentication bypass via raw config file appId parsing

Apollo is a reliable configuration management system suitable for microservice configuration management scenarios. Prior to 2.5.2, Apollo ConfigService may allow unauthorized access to raw configuration data when AccessKey or management key authentication is enabled because requests under...

7.5CVSS
Exploits0References3
cvelist
cvelist
added yesterday23 views

CVE-2026-61436 PraisonAI before 4.6.78 Missing Webhook Signature Verification

PraisonAI before 4.6.78 fails to verify Svix webhook signatures in AgentMail webhook mode, allowing unauthenticated attackers to forge message.received events. Attackers can send crafted JSON payloads to the webhook endpoint to invoke configured agents with arbitrary sender addresses and message...

8.8CVSS
Exploits0References4
euvd
euvd
added yesterday7 views

EUVD-2026-44642

PraisonAI before 4.6.78 fails to verify Svix webhook signatures in AgentMail webhook mode, allowing unauthenticated attackers to forge message.received events. Attackers can send crafted JSON payloads to the webhook endpoint to invoke configured agents with arbitrary sender addresses and message...

8.8CVSS6.2AI score
Exploits0References4
nvd
nvd
added 2 days ago4 views

CVE-2026-47304

Improper verification of cryptographic signature in .NET allows an unauthorized attacker to bypass a security feature over a network...

8.1CVSS0.00201EPSS
Exploits0References1
cve
cve
added 2 days ago25 views

CVE-2026-47212

Symfony’s Twilio Notifier Bridge contains a vulnerability in TwilioRequestParser::doParse() where the configured webhook secret is read but the X-Twilio-Signature verification is ignored, allowing unauthenticated POSTs to inject forged Twilio status payloads. Affected releases: Symfony before 6.4...

6.9CVSS6.1AI score0.00303EPSS
Exploits0References5Affected Software1
osv
osv
added 3 days ago7 views

RLSA-2026:36215 Important: compat-openssl10 security update

The OpenSSL toolkit provides support for secure communications between machines. This version of OpenSSL package contains only the libraries and is provided for compatibility with previous releases and software that does not support compilation with OpenSSL-1.1. Security Fixes: openssl: Heap...

8.1CVSS7AI score0.02719EPSS
Exploits0References2
ptsecurity
ptsecurity
added 3 days ago4 views

PT-2026-60109

Summary Apollo ConfigService may allow unauthorized access to configuration data when AccessKey / management key authentication is enabled and ConfigService accepts a non-canonical appId variant during authentication while downstream request handling resolves it to the protected app. Details...

7.5CVSS6.1AI score
Exploits0References6
fedora
fedora
added 4 days ago7 views

[SECURITY] Fedora 43 Update: perl-Crypt-DSA-1.22-1.fc43

Crypt::DSA is an implementation of the DSA Digital Signature Algorithm signature verification system. This package provides DSA signing, signature verification, and key generation. DSA Digital Signature Algorithm signatures are no longer considered to be adequate for security. This module should...

7.5CVSS6.1AI score0.00508EPSS
Exploits0
snyk
snyk
added 5 days ago5 views

User Impersonation

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

7.3CVSS6.2AI score0.00246EPSS
Exploits0References2
nvd
nvd
added 5 days ago10 views

CVE-2026-61428

PraisonAI AgentMail versions before 4.6.78 lack signature verification in webhook mode, allowing unauthenticated attackers to inject messages with spoofed sender addresses. Attackers can POST crafted message.received events to the webhook endpoint to inject arbitrary content into the agent and...

7.3CVSS0.00246EPSS
Exploits0References2
cve
cve
added 5 days ago21 views

CVE-2026-61428

PraisonAI AgentMail is affected by CVE-2026-61428 in versions before 4.6.78, where webhook messages lack signature verification. This enables unauthenticated attackers to POST crafted message.received events to the webhook endpoint, injecting arbitrary content into the agent and triggering replie...

7.3CVSS6.2AI score0.00246EPSS
Exploits0References2
snyk
snyk
added last week4 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the verifySignature process due to improper verification of cryptographic signatures when handling the return value of opensslverify. An attacker can gain unauthorized access and perfo...

8.8CVSS6.1AI score0.00022EPSS
Exploits0References2
ibm
ibm
added last week4 views

Security Bulletin: Due to use of Golang Go, multiple vulnerabilities affect IBM Cloud Pak System

Summary Due to use of Golang Go multiple vulnerabilities affect IBM Cloud Pak System. IBM Cloud Pak System has addressed these vulnerabilities. Vulnerability Details CVEID:CVE-2026-39827 DESCRIPTION: An authenticated SSH client that repeatedly opened channels which were rejected by the server...

9.1CVSS6.7AI score0.00533EPSS
Exploits0Affected Software2
euvd
euvd
added 2026/07/09 9:31 a.m.9 views

EUVD-2026-42560

The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to Payment Bypass via Improper Verification of Cryptographic Signature in all versions up to, and including, 2.7.4. The corvuspaysuccesshandler function registers the REST endpoint POST /wp-json/corvuspay/success/ with...

5.3CVSS6.2AI score0.00222EPSS
Exploits0References8
attackerkb
attackerkb
added 2026/07/09 9:31 a.m.6 views

CVE-2026-9027

The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to Payment Bypass via Improper Verification of Cryptographic Signature in all versions up to, and including, 2.7.4. The corvuspaysuccesshandler function registers the REST endpoint POST /wp-json/corvuspay/success/ with...

5.3CVSS6.2AI score0.00222EPSS
Exploits0References9
cve
cve
added 2026/07/09 9:31 a.m.10 views

CVE-2026-9027

Summary of the CVE-2026-9027 issue : The CorvusPay WooCommerce Gateway for WordPress (versions up to 2.7.4) is vulnerable to a payment bypass via improper verification of the cryptographic signature. The REST endpoint POST /wp-json/corvuspay/success/ is registered with a permissive permission cal...

5.3CVSS6.2AI score0.00222EPSS
Exploits0References8
redhat
redhat
added 2026/07/09 7:38 a.m.7 views

golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters

A flaw was found in golang.org/x/crypto/ssh. The RSA and DSA public key parsers in the affected component did not enforce size limits on key parameters. This vulnerability allows an unauthenticated client to provide a crafted public key with an excessively large modulus or DSA parameter during...

7.5CVSS7AI score0.00415EPSS
Exploits0References9
Rows per page
Query Builder