GHSA-25CW-98HG-G3CG Admidio Ignores SAML Signature Validation Result, Processes Forged AuthnRequests and LogoutRequests

Summary The Admidio SAML Identity Provider implementation discards the return value of its validateSignature method at both call sites handleSSORequest line 418 and handleSLORequest line 613. The method returns error strings on failure rather than throwing exceptions, but the developer believed i...

CVE-2026-42248

Ollama for Windows does not perform integrity or authenticity verification of downloaded update executables. Unlike other platforms, the Windows implementation of the update verification routine unconditionally returns success so no digital signature or trust validation is performed before stagin...

CVE-2026-42248

Ollama for Windows does not perform integrity or authenticity verification of downloaded update executables. Unlike other platforms, the Windows implementation of the update verification routine unconditionally returns success so no digital signature or trust validation is performed before stagin...

CVE-2026-42248 Missing Signature Verification for Updates in Ollama

Ollama for Windows does not perform integrity or authenticity verification of downloaded update executables. Unlike other platforms, the Windows implementation of the update verification routine unconditionally returns success so no digital signature or trust validation is performed before stagin...

Ollama 安全漏洞

Ollama is an open-source tool developed by Ollama that can be run locally, used for managing and customizing large language models. Versions of Ollama from 0.12.10 to 0.17.5 have security vulnerabilities. These vulnerabilities stem from the lack of integrity or authenticity verification when...

Wazuh 安全漏洞

Wazuh is an open-source application developed by Wazuh. It is used for collecting, summarizing, indexing, and analyzing security data, helping organizations detect intrusions, threats, and abnormal behaviors. Versions of Wazuh from 4.0.0 to 4.14.4 contained security vulnerabilities. These...

PT-2026-36106

Name of the Vulnerable Software and Affected Versions Admidio versions prior to 5.0.9 Description The SAML Identity Provider implementation fails to properly handle the return value of the validateSignature function. This function returns error strings upon failure instead of throwing exceptions,...

modsecurity3 -- multiple vulnerabilities

ModSecurity is an open source web application firewall engine. According to the upstream changelog, multiple vulnerabilities have been fixed. CVE-2026-42268: unsigned integer underflow in verify operators CVE-2026-30923: buffer overflow in hexdecode...

Foxit PDF Reader和Foxit PDF Editor 输入验证错误漏洞

Foxit PDF Reader and Foxit PDF Editor are products of Foxit Corporation, a Chinese company. Foxit PDF Reader is a PDF reader. Foxit PDF Editor is a PDF editor. There is a vulnerability in input validation between Foxit PDF Editor and Foxit PDF Reader. This vulnerability stems from parsing logic...

Unity Linux 20.1060a Security Update: kernel (UTSA-2026-014344)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014344 advisory. In the Linux kernel, the following vulnerability has been resolved: gpio: gpio-xilinx: Fix integer overflow Current implementation is not able to configure more than...

Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Packagekit_Project Packagekit

Pack2TheRoot Lab — CVE-2026-41651 A Dockerised, CTF-style loc...

GHSA-H829-5CG7-6HFF gitverify has improper tag signature verification

gitverify is still a prototype. Impact The bug is related to requireSignedTags which is on by default: an unsigned annotated tag would pass the verification. The commit pointed to by the tag would still have to be signed by a maintainer or a contributor. Patches Since the initial commit, fixed in...

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the requireSignedTags process. An attacker can bypass signature verification by creating an unsigned annotated tag, which would be incorrectly accepted as valid. Remediation A fix was...

gitverify has improper tag signature verification

gitverify is still a prototype. Impact The bug is related to requireSignedTags which is on by default: an unsigned annotated tag would pass the verification. The commit pointed to by the tag would still have to be signed by a maintainer or a contributor. Patches Since the initial commit, fixed in...

BIT-MINIO-2026-41145 MinIO has an Unauthenticated Object Write via Query-String Credential Signature Bypass in Unsigned-Trailer Uploads

MinIO is a high-performance object storage system. Starting in 2023.05.18 and prior to 2026.04.11, an authentication bypass vulnerability in MinIO's STREAMING-UNSIGNED-PAYLOAD-TRAILER code path allows any user who knows a valid access key to write arbitrary objects to any bucket without knowing t...

BIT-MINIO-2026-40344 MinIO has an Unauthenticated Object Write via Missing Signature Verification in Unsigned-Trailer Uploads

MinIO is a high-performance object storage system. Starting in 2023.05.18 and prior to 2026.04.11, an authentication bypass vulnerability in MinIO's Snowball auto-extract handler PutObjectExtractHandler allows any user who knows a valid access key to write arbitrary objects to any bucket without...

CVE-2026-31590

In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Drop WARN on large size for KVMMEMORYENCRYPTREGREGION Drop the WARN in sevpinmemory on npages overflowing an int, as the WARN is comically trivially to trigger from userspace, e.g. by doing: struct kvmencregion range =...

SUSE CVE-2017-20230

Storable versions before 3.05 for Perl has a stack overflow. The retrievehook function stored the length of the class name into a signed integer but in read operations treated the length as unsigned. This allowed an attacker to craft data that could trigger the overflow...

CVE-2026-31491

A flaw was found in the Linux kernel's RDMA/irdma component. A local attacker could exploit an integer overflow and truncation vulnerability when the operating system passes a maximum unsigned 32-bit integer U32MAX for SQ/RQ/SRQ size. This can lead to the system incorrectly reporting a successful...

EUVD-2026-25054

nimiq-block has skip block quorum bypass via out-of-range BitSet indices & u16 truncation...