60 matches found
CVE-2026-27137
When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered...
CVE-2026-26275 httpsig-hyper has Improper Digest Verification that May Allow Message Integrity Bypass
httpsig-hyper is a hyper extension for http message signatures. An issue was discovered in httpsig-hyper prior to version 0.0.23 where Digest header verification could incorrectly succeed due to misuse of Rust's matches! macro. Specifically, the comparison if matches!digest, expecteddigest treate...
openssl: OpenSSL: Denial of Service via malformed TimeStamp Response
A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies...
CVE-2026-24850
The ML-DSA crate is a Rust implementation of the Module-Lattice-Based Digital Signature Standard ML-DSA. Starting in version 0.0.4 and prior to version 0.1.0-rc.4, the ML-DSA signature verification implementation in the RustCrypto ml-dsa crate incorrectly accepts signatures with repeated duplicat...
EUVD-2026-4910
The ML-DSA crate is a Rust implementation of the Module-Lattice-Based Digital Signature Standard ML-DSA. Starting in version 0.0.4 and prior to version 0.1.0-rc.4, the ML-DSA signature verification implementation in the RustCrypto ml-dsa crate incorrectly accepts signatures with repeated duplicat...
PT-2026-5048
The ML-DSA crate is a Rust implementation of the Module-Lattice-Based Digital Signature Standard ML-DSA. Starting in version 0.0.4 and prior to version 0.1.0-rc.4, the ML-DSA signature verification implementation in the RustCrypto ml-dsa crate incorrectly accepts signatures with repeated duplicat...
MiracleLinux 7 : nettle-2.7.1-9.el7 (AXSA:2021-1651:01)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1651:01 advisory. nettle: Out of bounds memory access in signature verification CVE-2021-20305 Tenable has extracted the preceding description block directly from the...
CVE-2026-22703
Cosign provides code signing and transparency for containers and binaries. Prior to versions 2.6.2 and 3.0.4, Cosign bundle can be crafted to successfully verify an artifact even if the embedded Rekor entry does not reference the artifact's digest, signature or public key. When verifying a Rekor...
CVE-2025-66559 Taiko Alethia Pacaya inbox verification pointer corruption
Taiko Alethia is an Ethereum-equivalent, permissionless, based rollup designed to scale Ethereum without compromising its fundamental properties. In 2.3.1 and earlier, TaikoInbox.verifyBatches packages/protocol/contracts/layer1/based/TaikoInbox.sol:627-678 advanced the local tid to whatever...
Linux Distros Unpatched Vulnerability : CVE-2025-13086
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper validation of source IP addresses in OpenVPN version 2.6.0 through 2.6.15 and 2.7alpha1 through 2.7rc1 allows an attacker to open a session from a...
CVE-2025-40167 ext4: detect invalid INLINE_DATA + EXTENTS flag combination
In the Linux kernel, the following vulnerability has been resolved: ext4: detect invalid INLINEDATA + EXTENTS flag combination syzbot reported a BUGON in ext4escacheextent when opening a verity file on a corrupted ext4 filesystem mounted without a journal. The issue is that the filesystem has an...
CVE-2025-12815
An ownership verification issue in the Virtual Desktop preview page in the Research and Engineering Studio RES on AWS before version 2025.09 may allow an authenticated remote user to view another user's active desktop session metadata, including periodical desktop preview screenshots. To mitigate...
Access of Resource Using Incompatible Type ('Type Confusion')
Overview Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' in the exsltFuncResultComp function during the verification of EXSLT . An attacker can cause application crashes or instability by submitting a specially crafted XSL stylesheet...
Linux Distros Unpatched Vulnerability : CVE-2024-53846
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang, and a set of design...
Linux Distros Unpatched Vulnerability : CVE-2019-19271
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in tlsverifycrl in ProFTPD before 1.3.6. A wrong iteration variable, used when checking a client certificate against CRL entries install...
Linux Distros Unpatched Vulnerability : CVE-2025-27498
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - aes-gcm is a pure Rust implementation of the AES-GCM. In decryptinplacedetached, the decrypted ciphertext which is the correct ciphertext is exposed even if the...
BIT-LIBPHP-2024-3096 PHP function password_verify can erroneously return true when argument contains NUL
In PHP version 8.1. before 8.1.28, 8.2. before 8.2.18, 8.3. before 8.3.5, if a password stored with passwordhash starts with a null byte \x00, testing a blank string as the password via passwordverify will incorrectly return true...
UBUNTU-CVE-2025-48057
Icinga 2 is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. Prior to versions 2.12.12, 2.13.12, and 2.14.6, the VerifyCertificate function can be tricked into incorrectly treating certificates as vali...
Medium: python3-requests
Issue Overview: Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made with verify=False to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to th...
CVE-2025-25204
The CVE-2025-25204 issue affects GitHub CLI (gh) where, in versions 2.49.0 through 2.66.x, a bug in the Artifact Attestation tool gh attestation verify causes a zero exit status when no attestations are present. This incorrect exit code can enable attackers to deploy malicious artifacts in enviro...