Lucene search
+L

1462 matches found

Vulnrichment
Vulnrichment
added 2026/04/03 1:32 a.m.2 views

CVE-2026-28815

A remote attacker can supply a short X-Wing HPKE encapsulated key and trigger an out-of-bounds read in the C decapsulation path, potentially causing a crash or memory disclosure depending on runtime protections. This issue is fixed in swift-crypto version 4.3.1...

5.9AI score0.00472EPSS
Exploits1References1
CVE
CVE
added 2026/04/03 1:32 a.m.15 views

CVE-2026-28815

CVE-2026-28815 concerns Swift Crypto’s X-Wing HPKE decapsulation path. The issue arises when an attacker-supplied encapsulatedKey is shorter than the required 1120 bytes; the implementation forwards the data to a C API without runtime length validation, enabling an out-of-bounds read in the decap...

7.5CVSS5.9AI score0.00472EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/04/03 1:32 a.m.18 views

CVE-2026-28815

A remote attacker can supply a short X-Wing HPKE encapsulated key and trigger an out-of-bounds read in the C decapsulation path, potentially causing a crash or memory disclosure depending on runtime protections. This issue is fixed in swift-crypto version 4.3.1...

0.00472EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.5 views

PT-2026-29972

A remote attacker can supply a short X-Wing HPKE encapsulated key and trigger an out-of-bounds read in the C decapsulation path, potentially causing a crash or memory disclosure depending on runtime protections. This issue is fixed in swift-crypto version 4.3.1...

5.9AI score0.00472EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/03 12:0 a.m.8 views

Swift Crypto 安全漏洞

Swift Crypto is an open-source cross-platform encryption library developed by Apple. Versions of Swift Crypto prior to 4.3.1 contained a security vulnerability. This vulnerability was caused by remote attackers who could provide short X-Wing HPKE encapsulation keys and trigger out-of-bound reads ...

7.5CVSS5.8AI score0.00472EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2026/03/26 3:20 p.m.164 views

XNUTest

xnutesting Research & Education Only — Proof-of-concept...

5.9AI score
Exploits0
Snyk
Snyk
added 2026/03/20 8:46 p.m.3 views

Improper Cleanup on Thrown Exception

Overview Affected versions of this package are vulnerable to Improper Cleanup on Thrown Exception when cleaning up tmp files. Temporary storage can be exhausted during the scanning process by an attacker providing large or highly compressed artifacts, leading to the accumulation of temporary file...

6.9CVSS5.8AI score0.00408EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/02/27 5:10 p.m.224 views

Exploit for CVE-2025-70342

CVE-2025-70342: Credential Interception via Named Pipe in eras...

5.9AI score0.00241EPSS
Exploits2
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.10 views

leafkit 安全漏洞

Leafkit is an open-source application developed by Vapor. It uses Swift to create modular server-side software. Versions of Leafkit prior to 1.4.1 contained security vulnerabilities. These vulnerabilities stemmed from the fact that htmlEscaped only matched extended character clusters, which could...

6.1CVSS5.7AI score0.0023EPSS
Exploits1References2
OSV
OSV
added 2026/02/19 7:40 p.m.4 views

GHSA-4HFH-FCH3-5Q7P Leaf-kit html escaping does not work on characters that are part of extended grapheme cluster

Summary htmlEscaped in leaf-kit will only escape html special characters if the extended grapheme clusters match, which allows bypassing escaping by using an extended grapheme cluster containing both the special html character and some additional characters. In the case of html attributes, this c...

6.1CVSS5.6AI score0.0023EPSS
Exploits1References4
Packet Storm News
Packet Storm News
added 2026/01/28 12:0 a.m.5 views

Supply Chain Insecurity: Exposing Vulnerabilities in IOS Dependency Management Systems

Dependency management systems are a critical component in software development, enabling projects to incorporate existing functionality efficiently. However, misconfigurations and malicious actors in these systems pose severe security risks, leading to supply chain attacks. Despite the widespread...

6.5AI score
Exploits0
Fedora
Fedora
added 2026/01/23 1:16 a.m.9 views

[SECURITY] Fedora 42 Update: rclone-1.72.1-1.fc42

"rsync for cloud storage" - Google Drive, S3, Dropbox, Backblaze B2, One Driv e, Swift, Hubic, Wasabi, Google Cloud Storage, Azure Blob, Azure Files, Yandex Files...

7.5CVSS6.9AI score0.00632EPSS
Exploits1
Fedora
Fedora
added 2026/01/22 1:8 a.m.10 views

[SECURITY] Fedora 43 Update: rclone-1.72.1-1.fc43

"rsync for cloud storage" - Google Drive, S3, Dropbox, Backblaze B2, One Driv e, Swift, Hubic, Wasabi, Google Cloud Storage, Azure Blob, Azure Files, Yandex Files...

7.5CVSS6.8AI score0.00632EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2026/01/21 1:5 a.m.15 views

Swift W3C TraceContext vulnerable to a malformed HTTP header causing a crash

Impact A denial-of-service vulnerability due to improper input validation allows a remote attacker to crash the service via a malformed HTTP header. Allows crashing the process with data coming from the network when used with, for example, an HTTP server. Most common way of using Swift W3C Trace...

5.3CVSS5.7AI score0.00392EPSS
Exploits0References6Affected Software2
Snyk
Snyk
added 2026/01/21 1:5 a.m.5 views

Allocation of Resources Without Limits or Throttling

Overview swift-otel/swift-w3c-trace-context is a Micro-library exposing the W3C Trace-Context as a Swift struct Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to improper input validation. An attacker can cause a crash of the service b...

6.9CVSS5.8AI score0.00392EPSS
Exploits0References2
OSV
OSV
added 2026/01/21 1:5 a.m.4 views

GHSA-MVPQ-2V8X-WW6G Swift W3C TraceContext vulnerable to a malformed HTTP header causing a crash

Impact A denial-of-service vulnerability due to improper input validation allows a remote attacker to crash the service via a malformed HTTP header. Allows crashing the process with data coming from the network when used with, for example, an HTTP server. Most common way of using Swift W3C Trace...

5.3CVSS5.8AI score0.00392EPSS
Exploits0References6
GitLab Advisory Database
GitLab Advisory Database
added 2026/01/21 12:0 a.m.11 views

Swift W3C TraceContext vulnerable to a malformed HTTP header causing a crash

A denial-of-service vulnerability due to improper input validation allows a remote attacker to crash the service via a malformed HTTP header. Allows crashing the process with data coming from the network when used with, for example, an HTTP server. Most common way of using Swift W3C Trace Context...

5.3CVSS5.6AI score0.00392EPSS
Exploits0References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/01/21 12:0 a.m.11 views

Swift W3C TraceContext vulnerable to a malformed HTTP header causing a crash

A denial-of-service vulnerability due to improper input validation allows a remote attacker to crash the service via a malformed HTTP header. Allows crashing the process with data coming from the network when used with, for example, an HTTP server. Most common way of using Swift W3C Trace Context...

5.3CVSS5.6AI score0.00392EPSS
Exploits0References7Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/20 9:22 p.m.5 views

CVE-2026-23886

Swift W3C TraceContext is a Swift implementation of the W3C Trace Context standard, and Swift OTel is an OpenTelemetry Protocol OTLP backend for Swift Log, Swift Metrics, and Swift Distributed Tracing. Prior to Swift W3C TraceContext version 1.0.0-beta.5 and Swift OTel version 1.0.4, a...

5.3CVSS5.7AI score0.00392EPSS
Exploits0References1
NVD
NVD
added 2026/01/19 9:15 p.m.9 views

CVE-2026-23886

Swift W3C TraceContext is a Swift implementation of the W3C Trace Context standard, and Swift OTel is an OpenTelemetry Protocol OTLP backend for Swift Log, Swift Metrics, and Swift Distributed Tracing. Prior to Swift W3C TraceContext version 1.0.0-beta.5 and Swift OTel version 1.0.4, a...

5.3CVSS0.00392EPSS
Exploits0References4
Rows per page
Query Builder