CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Github Security Blog•added 5 days ago•9 views

kas's late signature validation may allow unnoticed repository manipulations

Impact So far, kas checks out and processes repositories regarding configuration includes prior to validating signatures of those repositories. This may allow to replace on original repository with one under the control of an attacker under very specific conditions. First of all, the attacker mus...

5.8AI score

Exploits0References5Affected Software1

Positive Technologies•added 5 days ago•7 views

PT-2026-46879

2.1CVSS5.8AI score

Exploits0References6

RedhatCVE•added 2026/05/29 8:13 p.m.•10 views

CVE-2026-9037

A firmware update mechanism in the affected charging controller fails to validate the authenticity of firmware packages delivered through the device's management interface. Because cryptographic signatures are not verified, an attacker with the ability to interfere with or impersonate the...

9.3CVSS6AI score0.00041EPSS

OSV•added 2026/05/29 5:12 a.m.•9 views

MGASA-2026-0163 Updated bind packages fix security vulnerabilities

Updated bind package fixes security vulnerabilities: BIND 9 server memory exhaustion during GSS-API TKEY negotiation CVE-2026-3039 Amplification vulnerabilities via self-pointed glue records CVE-2026-3592 Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation CVE-2026-3593...

9.8CVSS5.8AI score0.00143EPSS

NVD•added 2026/05/28 8:16 p.m.•8 views

CVE-2026-9037

9.3CVSS0.00041EPSS

EUVD•added 2026/05/28 4:29 p.m.•6 views

EUVD-2026-32951

Casdoor versions 2.362.0 and earlier do not verify that a JWT used for token exchange is still active. The GetTokenExchangeToken function in object/tokenoauth.go validates the JWT signature and parses its claims, but never queries the Token table to verify whether the subject token has been revok...

5.7AI score0.00054EPSS

RedhatCVE•added 2026/05/21 12:21 p.m.•8 views

CVE-2026-5947

A flaw was found in BIND. A remote attacker could exploit a race condition during SIG0 signature validation of an incoming DNS message. If the "recursive-clients" limit is reached and the message is discarded, a use-after-free vulnerability may occur. This could lead to undefined behavior and...

7.5CVSS5.7AI score0.00044EPSS

OSV•added 2026/05/20 1:16 p.m.•1 views

ALPINE-CVE-2026-5947

Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming DNS message signed with SIG0, it begins work to validate that signature. If, during that validation, the "recursive-clients" limit is reached as would occur during a query...

5.9CVSS5.8AI score0.00044EPSS

NVD•added 2026/05/20 1:16 p.m.•9 views

CVE-2026-5947

7.5CVSS0.00044EPSS

CVE•added 2026/05/20 1:10 p.m.•21 views

CVE-2026-5947

CVE-2026-5947 describes an undefined behavior due to a race condition in SIG(0) validation during DNS message processing under load. Affected are BIND 9.20.0–9.20.22, 9.21.0–9.21.21, and 9.20.9-S1–9.20.22-S1; versions 9.18.28–9.18.49 and 9.18.28-S1–9.18.49-S1 are not affected. Under a query flood...

7.5CVSS5.8AI score0.00044EPSS

Exploits0References3Affected Software1

EUVD•added 2026/05/20 1:10 p.m.•7 views

EUVD-2026-31110

7.5CVSS5.8AI score0.00044EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в node-elliptic

The verify function in lib/elliptic/eddsa/index.js within the Elliptic package, as of version 6.5.6 for Node.js, omits the validation of the condition “sig.S.gtesig.eddsa.curve.n || sig.S.isNeg”...

9.1CVSS6.3AI score0.00292EPSS

OSV•added 2026/05/20 12:0 a.m.•8 views

UBUNTU-CVE-2026-5947

7.5CVSS5.8AI score0.00044EPSS

Exploits0References4

Positive Technologies•added 2026/05/19 12:0 a.m.•6 views

PT-2026-42039

Name of the Vulnerable Software and Affected Versions Coder versions prior to 2.33.3 Coder versions prior to 2.32.2 Coder versions prior to 2.31.12 Coder versions prior to 2.30.8 Coder versions prior to 2.29.13 Coder versions prior to 2.24.5 Description The azureidentity.Validate function verifie...

9.1CVSS6AI score

Exploits0References13

EUVD•added 2026/05/11 5:58 p.m.•1 views

EUVD-2026-11304

Unity Catalog has a JWT Issuer Validation Bypass tht Allows Complete User Impersonation...

9.1CVSS5.8AI score0.0003EPSS

Snyk•added 2026/05/11 2:48 p.m.•6 views

Incorrect Behavior Order: Validate Before Canonicalize

Overview Affected versions of this package are vulnerable to Incorrect Behavior Order: Validate Before Canonicalize in the parsing of Git objects with malformed or ambiguous commit or tag objects. An attacker can cause inconsistent interpretation of object metadata or signature validation by...

7.5CVSS5.8AI score0.00006EPSS

CVE•added 2026/05/07 3:0 a.m.•4 views

CVE-2026-41669

Admidio prior to version 5.0.9 suffers a SAML signature validation bypass: validateSignature() can return an error message or false, but its return value is discarded by both handleSSORequest() and handleSLORequest(), so unsigned or invalidly signed AuthnRequests/LogoutRequests are processed like...

8.2CVSS5.7AI score0.00009EPSS

Vulnrichment•added 2026/05/07 3:0 a.m.•4 views

CVE-2026-41669 Admidio: SAML Signature Validation Result Ignored — Forged AuthnRequests and LogoutRequests Processed

8.2CVSS5.7AI score0.00009EPSS