PT-2026-45553

A vulnerability was identified in code-projects Hotel and Tourism Reservation System 1.0. This issue affects the function password verify of the file /admin/login.php of the component Admin Login. Such manipulation of the argument Password leads to improper authentication. It is possible to launc...

EUVD-2026-30564

Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. From 0.4.0 to before 0.15.0, CertVerifier.Verify in pkg/git/verifier.go unconditionally dereferences certs0 after sd.GetCertificates without checking the slice length. A CMS/PKCS7 signed message with...

Linux Distros Unpatched Vulnerability : CVE-2026-8463

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Crypt::Argon2 versions from 0.017 before 0.031 for Perl perform a heap out-of-bounds read in argon2verify on empty encoded input. The auto-detect form of...

EUVD-2026-27832

A vulnerability was detected in FlowiseAI Flowise up to 3.0.12. This affects the function verify of the file packages/server/src/enterprise/services/account.service.ts of the component Endpoint. Performing a manipulation results in information disclosure. Remote exploitation of the attack is...

CVE-2026-8028

A vulnerability was detected in FlowiseAI Flowise up to 3.0.12. This affects the function verify of the file packages/server/src/enterprise/services/account.service.ts of the component Endpoint. Performing a manipulation results in information disclosure. Remote exploitation of the attack is...

CVE-2026-8028

FlowiseAI Flowise Endpoint vulnerability CVE-2026-8028 affects the verify function in packages/server/src/enterprise/services/account.service.ts (Endpoint component). A manipulation can cause information disclosure with remote exploitation possible. The exploit complexity is high, and current rep...

Flowise 信息泄露漏洞

Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Versions of Flowise 3.0.12 and earlier contained a vulnerability related to information leakage, caused by a problem with the verify function in the Endpoint component, which could lead to...

PT-2026-37641

A vulnerability was detected in FlowiseAI Flowise up to 3.0.12. This affects the function verify of the file packages/server/src/enterprise/services/account.service.ts of the component Endpoint. Performing a manipulation results in information disclosure. Remote exploitation of the attack is...

Astra Linux – Vulnerability in Node-Elliptic

The verify function in lib/elliptic/eddsa/index.js within the Elliptic package, as of version 6.5.6 for Node.js, omits the validation of the condition “sig.S.gtesig.eddsa.curve.n || sig.S.isNeg”...

staging: rtl8723bs: initialize le_tmp64 in rtw_BIP_verify()

...

CVE-2026-31626

CVE-2026-31626 affects the Linux kernel’s rtl8723bs staging driver, specifically the rtw_BIP_verify() function. A u64 variable (le_tmp64) was not fully initialized, which Smatch warned could leave the last two bytes uninitialized (only 6 of 8 bytes copied). The issue is resolved by initializing l...

Buffer Over-read

Overview @trustwallet/wallet-core is a mobile-focused library implementing low-level cryptographic wallet functionality for a high number of blockchains Affected versions of this package are vulnerable to Buffer Over-read via the verify function. An attacker can cause the application to crash or...

Buffer Over-read

Overview trustwallet/wallet-core is a mobile-focused library implementing low-level cryptographic wallet functionality for a high number of blockchains Affected versions of this package are vulnerable to Buffer Over-read via the verify function. An attacker can cause the application to crash or...

Use of a Broken or Risky Cryptographic Algorithm

Overview beatt83/jose-swift is a comprehensive support for the Jose suite of standards, including JWA JSON Web Algorithms, JWK JSON Web Key, JWE JSON Web Encryption, JWS JSON Web Signature, and JWT JSON Web Token. Affected versions of this package are vulnerable to Use of a Broken or Risky...

CVE-2023-45292

When using the default implementation of Verify to check a Captcha, verification can be bypassed. For example, if the first parameter is a non-existent id, the second parameter is an empty string, and the third parameter is true, the function will always consider the Captcha to be correct...

EUVD-2007-2578

Malware in sbrugna...

CVE-2025-57801

gnark is a zero-knowledge proof system framework. In versions prior to 0.14.0, the Verify function in eddsa.go and ecdsa.go used the S value from a signature without asserting that 0 ≤ S order, leading to a signature malleability vulnerability. Because gnark’s native EdDSA and ECDSA circuits lack...

gnark is vulnerable to signature malleability in EdDSA and ECDSA due to missing scalar checks

In version before, sig.s used without asserting 0 ≤ S order in Verify function in eddsa.go and ecdsa.go, which will lead to signature malleability vulnerability. Impact Since gnark’s native EdDSA and ECDSA circuits lack essential constraints, multiple distinct witnesses can satisfy the same publi...

CVE-2025-57801 gnark is vulnerable to signature malleability in EdDSA and ECDSA due to missing scalar checks

gnark is a zero-knowledge proof system framework. In versions prior to 0.14.0, the Verify function in eddsa.go and ecdsa.go used the S value from a signature without asserting that 0 ≤ S order, leading to a signature malleability vulnerability. Because gnark’s native EdDSA and ECDSA circuits lack...

CVE-2024-49365

tiny-secp256k1 is a tiny secp256k1 native/JS wrapper. Prior to version 1.1.7, a malicious JSON-stringifyable message can be made passing on verify, when global Buffer is the buffer package. This affects only environments where require'buffer' is the NPM buffer package. Buffer.isBuffer check can b...