Lucene search
K

582 matches found

OSV
OSV
added 6 days ago4 views

DEBIAN-CVE-2026-50721

Libreswan, via the function RSAauthenticatehashsignaturerawrsa, did not correctly verify the length of the authentication hash when the SIG payload of an IKEv1 packet was encoded using PKCS 1 RSA Encryption as per RFC 2313. A remote attacker can use a variation on the Bleichenbacher attack to for...

8.1CVSS6.5AI score0.00367EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 6 days ago6 views

CVE-2026-50721

Libreswan, via the function RSAauthenticatehashsignaturerawrsa, did not correctly verify the length of the authentication hash when the SIG payload of an IKEv1 packet was encoded using PKCS 1 RSA Encryption as per RFC 2313. A remote attacker can use a variation on the Bleichenbacher attack to for...

8.1CVSS6.3AI score0.00367EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/29 8:16 p.m.6 views

CVE-2026-41896

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, the HMAC key is the application's manualwebhooksecretgithub field, which is used by Coolify's webhook endpoints to validate incoming requests, is nullable with no default —...

7.5CVSS5.8AI score0.00231EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.13 views

PT-2026-53739

Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.474 Description An issue exists where the manual webhook secret github field, used by webhook endpoints to validate incoming requests, is nullable and lacks a default value. For newly created applications,...

7.5CVSS5.8AI score0.00231EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/26 9:5 p.m.11 views

EUVD-2026-37950

Relyra SAML SignatureValue not cryptographically verified - authentication bypass...

9.1CVSS5.8AI score0.00135EPSS
Exploits0References4
CVE
CVE
added 2026/06/24 11:53 a.m.7 views

CVE-2026-56244

CVE-2026-56244 (Capgo) affects Capgo prior to 12.128.2. The issue arises because non-admin API keys can read webhook signing secrets via Supabase REST due to insufficient row-level security on the webhooks table. This enables attackers to retrieve the webhook secret and forge valid X-Capgo-Signat...

7.1CVSS5.9AI score0.00194EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/09 6:32 p.m.7 views

Covert Channel

Overview Affected versions of this package are vulnerable to Covert Channel information exposure from CMSdecrypt and PKCS7decrypt. An attacker who can supply CMS or S/MIME messages and observe the application's error code and/or decryption output can use the victim's process as an adaptive chosen...

6.3CVSS5.7AI score0.0035EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/09 11:19 a.m.12 views

node-forge: Forge: Signature Forgery via Weak RSASSA PKCS#1 v1.5 Verification

A flaw was found in Forge also called node-forge, a JavaScript implementation of Transport Layer Security. A remote attacker could exploit weaknesses in the RSASSA PKCS1 v1.5 signature verification process. By crafting malicious signatures that include extra data within the ASN structure and do n...

7.5CVSS5.4AI score0.00339EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/09 11:19 a.m.17 views

Important: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.5 Product Security and Bug Fix Update

An update is now available for Red Hat Ansible Automation Platform 2.5 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

9.9CVSS7.1AI score0.02907EPSS
Exploits10References19
NVD
NVD
added 2026/06/05 8:17 p.m.17 views

CVE-2026-11414

A hard-coded cryptographic key is used by Altium Enterprise Server to sign file download URLs in the Vault service. Because the key is identical across all installations, an unauthenticated network attacker who can reach the server can forge valid download signatures and retrieve files from the...

10CVSS0.00478EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/02 12:4 p.m.7 views

Security Bulletin: Due to use of node-forge-1.3.1.tgz, IBM Sterling Connect:Direct Web Services is affected by Denial of Service (DoS).

Summary node-forge-1.3.1.tgz is used by IBM Sterling Connect:Direct Web Services CVE-2026-33891, CVE-2026-33894, CVE-2026-33895, CVE-2026-33896. Vulnerability Details CVEID:CVE-2026-33891 DESCRIPTION: Forge also called node-forge is a native implementation of Transport Layer Security in JavaScrip...

9.1CVSS5.7AI score0.00596EPSS
Exploits2Affected Software1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.10 views

ExAws.SNS 安全漏洞

ExAws.SNS is an open-source AWS SNS message push service module developed by ex-aws. Versions of ExAws.SNS from 2.0.1 to 2.3.5 contained security vulnerabilities. These vulnerabilities were caused by improper certificate verification, which could lead to signature forgery...

8.7CVSS5.8AI score0.00226EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.12 views

PT-2026-44170

Name of the Vulnerable Software and Affected Versions mailomat-mailer affected versions not specified Description A Signature Algorithm Downgrade flaw exists in the mailomat-mailer component. This issue allows an attacker to perform complete Signature Forgery, which is the act of creating a...

5.1AI score0.00018EPSS
Exploits0References14
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in gnupg2

GnuPG versions up to 2.3.6 allow for signature forgery in unusual situations where an attacker possesses secret-key information from a victim’s keyring, and other constraints such as the use of GPGME are met. This can be achieved by injecting malicious data into the command line’s status line...

6.5CVSS6.8AI score0.02551EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in poppler, poppler-22

NSSCryptoSignBackend.cc in Poppler before version 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, which can lead to potential signature forgeries...

4.3CVSS6.3AI score0.00092EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in LibreOffice

LibreOffice supports digital signatures for ODF documents and macros within documents. It provides visual indicators that confirm that the document has not been altered since the last signature, and that the signature is valid. A vulnerability in certificate validation in LibreOffice allowed...

7.5CVSS7.5AI score0.00709EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in node-browserify-sign

“browserify-sign” is a package that duplicates the functionality of Node’s crypto public key functions. Much of this functionality is based on Fedor Indutny’s work on “indutny/tls.js”. There is a issue with upper-bound checks in the “dsaVerify” function, which allows attackers to create signature...

7.5CVSS6.6AI score0.00508EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/19 9:55 p.m.13 views

CVE-2023-7345

Ledger Live with vulnerable versions of ledgerhq/hw-app-eth prior to 6.34.7 contains an integer parsing vulnerability that allows attackers to manipulate EIP-712 typed data messages by exploiting incorrect hexadecimal field parsing when values contain an odd number of characters. Attackers can...

6.9CVSS5.8AI score0.00263EPSS
Exploits0References3
NVD
NVD
added 2026/05/14 8:17 p.m.12 views

CVE-2026-8596

Cleartext storage of sensitive information in the ModelBuilder/Serve component in Amazon SageMaker Python SDK before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to extract the HMAC signing key from SageMaker API responses and forge valid integrity signatures for special...

8.5CVSS0.00439EPSS
Exploits0References4
CVE
CVE
added 2026/05/14 7:35 p.m.17 views

CVE-2026-8596

CVE-2026-8596: The ModelBuilder/Serve path in the Amazon SageMaker Python SDK stores the HMAC signing key in cleartext. A remote, authenticated actor with SageMaker describe API permissions and S3 write access to the model artifact path could extract the key from API responses and forge integrity...

8.5CVSS6.2AI score0.00439EPSS
Exploits0References4
Rows per page
Query Builder