Lucene search
K

76 matches found

SUSE CVE
SUSE CVE
added 2026/06/02 1:37 a.m.16 views

SUSE CVE-2026-46344

liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Prior to 0.16.0, an out-of-bounds read has been identified in the XMSS and XMSS^MT stateful signature verification code. When the verification function is called with a...

5.3CVSS5.8AI score0.00305EPSS
Exploits0References3
NVD
NVD
added 2026/05/29 7:16 p.m.24 views

CVE-2026-44518

liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Prior to 0.16.0, an out-of-bounds read has been identified in the XMSS and XMSS^MT stateful signature verification code. When the verification function is called with a signature...

5.3CVSS0.00305EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/29 6:8 p.m.10 views

CVE-2026-46344

liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Prior to 0.16.0, an out-of-bounds read has been identified in the XMSS and XMSS^MT stateful signature verification code. When the verification function is called with a...

5.3CVSS5.8AI score0.00305EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/05/29 6:8 p.m.14 views

EUVD-2026-33413

liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Prior to 0.16.0, an out-of-bounds read has been identified in the XMSS and XMSS^MT stateful signature verification code. When the verification function is called with a...

5.3CVSS5.8AI score0.00305EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/29 6:7 p.m.33 views

CVE-2026-44518 liboqs: XMSS Buffer Overread Bug

liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Prior to 0.16.0, an out-of-bounds read has been identified in the XMSS and XMSS^MT stateful signature verification code. When the verification function is called with a signature...

5.3CVSS0.00305EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/29 6:7 p.m.14 views

EUVD-2026-33412

liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Prior to 0.16.0, an out-of-bounds read has been identified in the XMSS and XMSS^MT stateful signature verification code. When the verification function is called with a signature...

5.3CVSS5.8AI score0.00305EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/29 6:7 p.m.12 views

CVE-2026-44518 liboqs: XMSS Buffer Overread Bug

liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Prior to 0.16.0, an out-of-bounds read has been identified in the XMSS and XMSS^MT stateful signature verification code. When the verification function is called with a signature...

5.3CVSS5.8AI score0.00305EPSS
Exploits0References2
CVE
CVE
added 2026/05/29 6:7 p.m.34 views

CVE-2026-44518

liboqs (C library for post-quantum crypto) exposes a buffer overread in XMSS/XMSS^MT stateful signature verification prior to 0.16.0. If verify is called with a signature shorter than the parameter’s sig_bytes, length isn't validated and the code reads past the end of the signature buffer. The ex...

5.3CVSS5.8AI score0.00305EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.11 views

PT-2026-44940

Name of the Vulnerable Software and Affected Versions liboqs versions prior to 0.16.0 Description An out-of-bounds read exists in the XMSS and XMSS^MT stateful signature verification code. This occurs when the verification function is called with a signature buffer sized for the declared algorith...

5.3CVSS5.6AI score0.00305EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/05/18 1:21 p.m.10 views

SUSE CVE-2026-44309

Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. Prior to 0.16.0, gitsign verify and gitsign verify-tag re-encode commit/tag objects through go-git's EncodeWithoutSignature before checking the signature, instead of verifying against the raw git...

5.3CVSS5.8AI score0.00119EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/15 5:29 p.m.6 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the verify process. An attacker can cause trust confusion by submitting a commit object with duplicate tree headers, resulting in different interpretations between git-core and go-git,...

6CVSS5.8AI score0.00119EPSS
Exploits0References2
NVD
NVD
added 2026/05/15 5:16 p.m.14 views

CVE-2026-44309

Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. Prior to 0.16.0, gitsign verify and gitsign verify-tag re-encode commit/tag objects through go-git's EncodeWithoutSignature before checking the signature, instead of verifying against the raw git...

5.3CVSS0.00119EPSS
Exploits0References1
CVE
CVE
added 2026/04/29 5:37 p.m.15 views

CVE-2026-26015

DocsGPT (0.15.0–0.15.x) contains a remote code execution flaw via the Model Context Protocol (MCP) STDIO interface. An attacker can craft a payload through the DocsGPT website or any deployment that bypasses the MCP test, enabling arbitrary OS command execution. The issue is patchable by upgradin...

10CVSS6.7AI score0.01168EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/04/29 5:37 p.m.6 views

EUVD-2026-26258

DocsGPT is a GPT-powered chat for documentation. From version 0.15.0 to before version 0.16.0, an attacker accessing both the official DocsGPT website or any local and public deployment, can craft a malicious payload bypassing the "MCP test" behavior to achieve arbitrary remote code execution RCE...

10CVSS6.7AI score0.01168EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/29 12:0 a.m.8 views

DocsGPT 命令注入漏洞

DocsGPT is a cutting-edge open-source solution developed by Arc53. It simplifies the process of finding information in project documents. In versions 0.15.0 to 0.16.0 of DocsGPT, there was a command injection vulnerability. This vulnerability stemmed from bypassing MCP testing behaviors, which...

10CVSS6.3AI score0.01168EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.8 views

PT-2026-35960

Name of the Vulnerable Software and Affected Versions DocsGPT versions 0.15.0 through 0.15.x Description An attacker accessing the official website or any local and public deployment can craft a malicious payload that bypasses the "MCP test" behavior to achieve arbitrary remote code execution RCE...

10CVSS6.8AI score0.01168EPSS
Exploits1References9
NVD
NVD
added 2026/04/06 4:16 p.m.5 views

CVE-2026-34753

vLLM is an inference and serving engine for large language models LLMs. From 0.16.0 to before 0.19.0, a server-side request forgery SSRF vulnerability in downloadbytesfromurl allows any actor who can control batch input JSON to make the vLLM batch runner issue arbitrary HTTP/HTTPS requests from t...

5.4CVSS0.00246EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/28 3:16 a.m.8 views

CVE-2026-24476

Shaarli is a personal bookmarking service. Prior to version 0.16.0, crafting a malicious tag which starting with " prematurely ends the tag on the start page and allows an attacker to add arbitrary html leading to a possible XSS attack. Version 0.16.0 fixes the issue...

5.4CVSS6AI score0.00147EPSS
Exploits1References1
NVD
NVD
added 2026/01/26 11:16 p.m.8 views

CVE-2026-24476

Shaarli is a personal bookmarking service. Prior to version 0.16.0, crafting a malicious tag which starting with " prematurely ends the tag on the start page and allows an attacker to add arbitrary html leading to a possible XSS attack. Version 0.16.0 fixes the issue...

5.4CVSS0.00147EPSS
Exploits1References2
OSV
OSV
added 2026/01/26 11:16 p.m.2 views

DEBIAN-CVE-2026-24476

Shaarli is a personal bookmarking service. Prior to version 0.16.0, crafting a malicious tag which starting with " prematurely ends the tag on the start page and allows an attacker to add arbitrary html leading to a possible XSS attack. Version 0.16.0 fixes the issue...

5.4CVSS5.4AI score0.00147EPSS
Exploits1References1
Rows per page
Query Builder