Lucene search
K

6 matches found

CVE
CVE
added 2026/06/25 4:51 p.m.18 views

CVE-2026-55961

The CVE describes a flaw in wolfSSL where wolfSSL_PKCS7_verify() incorrectly reported success for a degenerate PKCS#7 object that contains no signer. In such objects, signerInfos is empty, so underlying signed-data verification could succeed without authenticating any content. The fix enforces th...

8.2CVSS5.8AI score0.00095EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.24 views

PT-2026-50796

Name of the Vulnerable Software and Affected Versions Relyra versions 1.0.0 through 1.1.0 Description Relyra is a SAML 2.0 Service Provider library for Elixir and Phoenix that accepts forged SAML signatures. This occurs because the SignatureValue is not cryptographically verified before the libra...

9.1CVSS5.8AI score0.00135EPSS
Exploits0References9
CNVD
CNVD
added 2026/04/10 12:0 a.m.4 views

OpenClaw has an unspecified vulnerability (CNVD-2026-17184)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that can be exploited by an attacker to write bytes under the attacker's control outside of the expected verification path before the final protected replacement step is...

7.5CVSS5.7AI score0.0008EPSS
Exploits0
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.10 views

OpenClaw 安全漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that can be exploited by an attacker to write bytes under the attacker's control outside of the expected verification path before the final protected replacement step is...

7.5CVSS5.8AI score0.0008EPSS
Exploits0References2
CloudLinux
CloudLinux
added 2025/06/28 6:23 p.m.8 views

rsync: Fix of CVE-2024-12088

CVE-2024-12088: fix improper verification of symbolic link destinations to prevent path traversal vulnerability...

7.5CVSS7.6AI score0.04575EPSS
Exploits0
Mageia
Mageia
added 2025/06/25 5:31 a.m.11 views

Updated yarnpkg packages fix security vulnerabilities

CVE-2024-37890 yarnpkg: denial of service when handling a request with many HTTP headers. CVE-2024-48949 yarnpkg: Missing Validation in Elliptic's EDDSA Signature Verification. CVE-2024-12905 yarnpkg: link following and path traversal via maliciously crafted tar file And other vulnerabilities in...

9.8CVSS7.5AI score0.03346EPSS
Exploits7References3
Rows per page
Query Builder