Lucene search
+L

60 matches found

AlpineLinux
AlpineLinux
added 2026/03/06 9:28 p.m.2 views

CVE-2026-27137

When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered...

7.5CVSS5.8AI score0.00606EPSS
Exploits0
OSV
OSV
added 2026/02/19 9:25 p.m.6 views

CVE-2026-26275 httpsig-hyper has Improper Digest Verification that May Allow Message Integrity Bypass

httpsig-hyper is a hyper extension for http message signatures. An issue was discovered in httpsig-hyper prior to version 0.0.23 where Digest header verification could incorrectly succeed due to misuse of Rust's matches! macro. Specifically, the comparison if matches!digest, expecteddigest treate...

7.5CVSS5.7AI score0.00162EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/01/28 10:8 a.m.4 views

openssl: OpenSSL: Denial of Service via malformed TimeStamp Response

A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies...

7.5CVSS5.8AI score0.00768EPSS
Exploits1References4
NVD
NVD
added 2026/01/28 1:16 a.m.10 views

CVE-2026-24850

The ML-DSA crate is a Rust implementation of the Module-Lattice-Based Digital Signature Standard ML-DSA. Starting in version 0.0.4 and prior to version 0.1.0-rc.4, the ML-DSA signature verification implementation in the RustCrypto ml-dsa crate incorrectly accepts signatures with repeated duplicat...

5.3CVSS0.00299EPSS
Exploits0References11
EUVD
EUVD
added 2026/01/28 12:24 a.m.6 views

EUVD-2026-4910

The ML-DSA crate is a Rust implementation of the Module-Lattice-Based Digital Signature Standard ML-DSA. Starting in version 0.0.4 and prior to version 0.1.0-rc.4, the ML-DSA signature verification implementation in the RustCrypto ml-dsa crate incorrectly accepts signatures with repeated duplicat...

5.3CVSS5.9AI score0.00299EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/01/28 12:0 a.m.14 views

PT-2026-5048

The ML-DSA crate is a Rust implementation of the Module-Lattice-Based Digital Signature Standard ML-DSA. Starting in version 0.0.4 and prior to version 0.1.0-rc.4, the ML-DSA signature verification implementation in the RustCrypto ml-dsa crate incorrectly accepts signatures with repeated duplicat...

5.3CVSS5.9AI score0.00299EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.3 views

MiracleLinux 7 : nettle-2.7.1-9.el7 (AXSA:2021-1651:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1651:01 advisory. nettle: Out of bounds memory access in signature verification CVE-2021-20305 Tenable has extracted the preceding description block directly from the...

8.1CVSS6.8AI score0.01607EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/01/10 7:16 a.m.8 views

CVE-2026-22703

Cosign provides code signing and transparency for containers and binaries. Prior to versions 2.6.2 and 3.0.4, Cosign bundle can be crafted to successfully verify an artifact even if the embedded Rekor entry does not reference the artifact's digest, signature or public key. When verifying a Rekor...

5.5CVSS5.9AI score0.00077EPSS
Exploits1References4
OSV
OSV
added 2025/12/04 10:23 p.m.7 views

CVE-2025-66559 Taiko Alethia Pacaya inbox verification pointer corruption

Taiko Alethia is an Ethereum-equivalent, permissionless, based rollup designed to scale Ethereum without compromising its fundamental properties. In 2.3.1 and earlier, TaikoInbox.verifyBatches packages/protocol/contracts/layer1/based/TaikoInbox.sol:627-678 advanced the local tid to whatever...

9.3CVSS6.5AI score0.00273EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/11/19 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-13086

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper validation of source IP addresses in OpenVPN version 2.6.0 through 2.6.15 and 2.7alpha1 through 2.7rc1 allows an attacker to open a session from a...

8.2CVSS7.8AI score0.00621EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/12 10:26 a.m.13 views

CVE-2025-40167 ext4: detect invalid INLINE_DATA + EXTENTS flag combination

In the Linux kernel, the following vulnerability has been resolved: ext4: detect invalid INLINEDATA + EXTENTS flag combination syzbot reported a BUGON in ext4escacheextent when opening a verity file on a corrupted ext4 filesystem mounted without a journal. The issue is that the filesystem has an...

0.00193EPSS
Exploits0References8
Cvelist
Cvelist
added 2025/11/06 5:10 p.m.10 views

CVE-2025-12815

An ownership verification issue in the Virtual Desktop preview page in the Research and Engineering Studio RES on AWS before version 2025.09 may allow an authenticated remote user to view another user's active desktop session metadata, including periodical desktop preview screenshots. To mitigate...

5.3CVSS0.00282EPSS
Exploits0References3
Snyk
Snyk
added 2025/10/14 12:0 a.m.5 views

Access of Resource Using Incompatible Type ('Type Confusion')

Overview Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' in the exsltFuncResultComp function during the verification of EXSLT . An attacker can cause application crashes or instability by submitting a specially crafted XSL stylesheet...

7.5CVSS5.8AI score0.00264EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/09/25 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2024-53846

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang, and a set of design...

5.5CVSS5.5AI score0.00251EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2019-19271

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in tlsverifycrl in ProFTPD before 1.3.6. A wrong iteration variable, used when checking a client certificate against CRL entries install...

7.5CVSS6.7AI score0.01122EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-27498

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - aes-gcm is a pure Rust implementation of the AES-GCM. In decryptinplacedetached, the decrypted ciphertext which is the correct ciphertext is exposed even if the...

5.6CVSS6.1AI score0.00117EPSS
Exploits0References2
OSV
OSV
added 2025/08/11 1:54 p.m.7 views

BIT-LIBPHP-2024-3096 PHP function password_verify can erroneously return true when argument contains NUL

In PHP version 8.1. before 8.1.28, 8.2. before 8.2.18, 8.3. before 8.3.5, if a password stored with passwordhash starts with a null byte \x00, testing a blank string as the password via passwordverify will incorrectly return true...

6.5CVSS6.7AI score0.0148EPSS
Exploits1References7
OSV
OSV
added 2025/05/27 5:15 p.m.9 views

UBUNTU-CVE-2025-48057

Icinga 2 is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. Prior to versions 2.12.12, 2.13.12, and 2.14.6, the VerifyCertificate function can be tricked into incorrectly treating certificates as vali...

9.8CVSS7.2AI score0.00429EPSS
Exploits0References8
Amazon
Amazon
added 2025/04/30 12:0 a.m.8 views

Medium: python3-requests

Issue Overview: Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made with verify=False to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to th...

5.6CVSS6.9AI score0.0034EPSS
Exploits0
CVE
CVE
added 2025/02/14 4:38 p.m.301 views

CVE-2025-25204

The CVE-2025-25204 issue affects GitHub CLI (gh) where, in versions 2.49.0 through 2.66.x, a bug in the Artifact Attestation tool gh attestation verify causes a zero exit status when no attestations are present. This incorrect exit code can enable attackers to deploy malicious artifacts in enviro...

6.3CVSS7AI score0.00392EPSS
Exploits0References3
Rows per page
Query Builder