Lucene search
K

149 matches found

NVD
NVD
added 2026/06/24 1:16 p.m.9 views

CVE-2026-56232

Capgo before 12.128.2 fails to enforce limitedtoorgs and limitedtoapps constraints on subkeys provided via x-limited-key-id header in middlewareKey function. Attackers can bypass subkey scope restrictions by referencing their own subkeys, causing all downstream route handlers to use the...

8.8CVSS0.00266EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/24 11:53 a.m.5 views

CVE-2026-56232

Capgo before 12.128.2 fails to enforce limitedtoorgs and limitedtoapps constraints on subkeys provided via x-limited-key-id header in middlewareKey function. Attackers can bypass subkey scope restrictions by referencing their own subkeys, causing all downstream route handlers to use the...

8.8CVSS5.9AI score0.00266EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/24 11:53 a.m.7 views

EUVD-2026-38739

Capgo before 12.128.2 fails to enforce limitedtoorgs and limitedtoapps constraints on subkeys provided via x-limited-key-id header in middlewareKey function. Attackers can bypass subkey scope restrictions by referencing their own subkeys, causing all downstream route handlers to use the...

8.8CVSS5.9AI score0.00266EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 11:53 a.m.7 views

CVE-2026-56232

Capgo is affected: before version 12.128.2, the system does not enforce limited_to_orgs and limited_to_apps on subkeys supplied via the x-limited-key-id header in the middlewareKey function. This allows attackers to reference their own subkeys and bypass subkey scope restrictions, causing downstr...

8.8CVSS5.9AI score0.00266EPSS
Exploits0References2
NVD
NVD
added 2026/06/22 10:16 p.m.8 views

CVE-2026-56306

Capgo before 12.128.2 contains a weak parsing vulnerability in the x-limited-key-id header that allows attackers to bypass subkey enforcement by submitting malformed values, zero, or duplicate headers that result in NaN or falsy values. Remote attackers can manipulate the x-limited-key-id header ...

6.4CVSS0.00251EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/22 9:4 p.m.5 views

CVE-2026-56306

Capgo before 12.128.2 contains a weak parsing vulnerability in the x-limited-key-id header that allows attackers to bypass subkey enforcement by submitting malformed values, zero, or duplicate headers that result in NaN or falsy values. Remote attackers can manipulate the x-limited-key-id header ...

6.4CVSS5.9AI score0.00251EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/22 9:4 p.m.7 views

EUVD-2026-38369

Capgo before 12.128.2 contains a weak parsing vulnerability in the x-limited-key-id header that allows attackers to bypass subkey enforcement by submitting malformed values, zero, or duplicate headers that result in NaN or falsy values. Remote attackers can manipulate the x-limited-key-id header ...

6.4CVSS5.9AI score0.00251EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/22 9:4 p.m.18 views

CVE-2026-56306 Capgo - Subkey Enforcement Bypass via x-limited-key-id Header Parsing

Capgo before 12.128.2 contains a weak parsing vulnerability in the x-limited-key-id header that allows attackers to bypass subkey enforcement by submitting malformed values, zero, or duplicate headers that result in NaN or falsy values. Remote attackers can manipulate the x-limited-key-id header ...

6.4CVSS0.00251EPSS
Exploits0References2
CVE
CVE
added 2026/06/22 9:4 p.m.11 views

CVE-2026-56306

Capgo before 12.128.2 contains a parsing vulnerability in the x-limited-key-id header that can bypass subkey enforcement and let attackers make requests under the main API key context instead of restricted subkey permissions. The issue arises from malformed, zero, or duplicate header values produ...

6.4CVSS5.9AI score0.00251EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.18 views

PT-2026-51407

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description A weak parsing issue exists in the x-limited-key-id header. Remote attackers can bypass subkey enforcement by submitting duplicate headers, zero, or malformed values that result in falsy values or N...

6.4CVSS5.9AI score0.00251EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Thunderbird

An attacker may carry out a DoS attack to prevent a user from sending encrypted emails to a correspondent. If an attacker creates a crafted OpenPGP key with a subkey that has an invalid self-signature, and the Thunderbird user imports the crafted key, then Thunderbird may attempt to use the inval...

6.5CVSS6.8AI score0.00427EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Thunderbird

If a Thunderbird user has previously imported Alice’s OpenPGP key, and Alice has extended the validity period of her key, but Alice’s updated key has not yet been imported, an attacker may send an email containing a crafted version of Alice’s key with an invalid subkey. In this case, Thunderbird...

6.8CVSS6.6AI score0.01035EPSS
Exploits1References1
OSV
OSV
added 2026/05/02 1:16 a.m.14 views

CLSA-2026-1777545003 rpm: Fix of CVE-2021-3521

CVE-2021-3521: validate and require subkey binding signatures on PGP public keys...

4.7CVSS6.7AI score0.00302EPSS
Exploits0References1
OSV
OSV
added 2026/04/30 8:56 a.m.6 views

CLSA-2026-1777539405 rpm: Fix of CVE-2021-3521

CVE-2021-3521: validate and require subkey binding signatures on PGP public keys...

4.7CVSS6.7AI score0.00302EPSS
Exploits0References1
OSV
OSV
added 2026/04/30 8:51 a.m.8 views

CLSA-2026-1777539108 rpm: Fix of CVE-2021-3521

CVE-2021-3521: validate and require subkey binding signatures on PGP public keys...

4.7CVSS5.8AI score0.00302EPSS
Exploits0References1
OSV
OSV
added 2026/04/14 9:31 a.m.5 views

CLSA-2026-1776159098 Fix CVE(s): CVE-2025-30258

SECURITY UPDATE: signature verification DoS via malicious subkey - debian/patches/CVE-2025-30258.patch: require signing usage when looking up public key for signature verification, filtering out subkeys without valid backsig. Include upstream regression fixes to preserve verification of signature...

4.7CVSS5.8AI score0.00179EPSS
Exploits1References1
OSV
OSV
added 2026/04/02 7:42 p.m.6 views

CLSA-2026-1775119189 gnupg2: Fix of CVE-2025-30258

CVE-2025-30258: fix verification DoS due to a malicious subkey in the keyring...

4.7CVSS5.8AI score0.00179EPSS
Exploits1References1
OSV
OSV
added 2026/03/27 11:57 a.m.12 views

CLSA-2026-1774612633 gnupg2: Fix of CVE-2025-30258

CVE-2025-30258: fix verification DoS due to a malicious subkey in the keyring...

4.7CVSS5.8AI score0.00179EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/03/17 12:0 a.m.8 views

EulerOS Virtualization 2.12.1 : gnupg2 (EulerOS-SA-2026-1427)

According to the versions of the gnupg2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In GnuPG before 2.4.9, armorfilter in g10/armor.c has two increments of an index variable where one is intended, leading to an...

7.8CVSS5.9AI score0.00179EPSS
Exploits2References3
OSV
OSV
added 2026/03/03 9:3 p.m.7 views

CLSA-2026-1772571803 munge: Fix of CVE-2026-25506

CVE-2026-25506: fix buffer overflow in message parsing and add bounds checks and input validation for address length; prevent leak of cryptographic MAC subkey and forging of arbitrary credentials...

7.8CVSS7.6AI score0.00302EPSS
Exploits0References1
Rows per page
Query Builder