76 matches found
SUSE CVE-2026-46344
liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Prior to 0.16.0, an out-of-bounds read has been identified in the XMSS and XMSS^MT stateful signature verification code. When the verification function is called with a...
CVE-2026-44518
liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Prior to 0.16.0, an out-of-bounds read has been identified in the XMSS and XMSS^MT stateful signature verification code. When the verification function is called with a signature...
CVE-2026-46344
liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Prior to 0.16.0, an out-of-bounds read has been identified in the XMSS and XMSS^MT stateful signature verification code. When the verification function is called with a...
EUVD-2026-33413
liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Prior to 0.16.0, an out-of-bounds read has been identified in the XMSS and XMSS^MT stateful signature verification code. When the verification function is called with a...
CVE-2026-44518 liboqs: XMSS Buffer Overread Bug
liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Prior to 0.16.0, an out-of-bounds read has been identified in the XMSS and XMSS^MT stateful signature verification code. When the verification function is called with a signature...
EUVD-2026-33412
liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Prior to 0.16.0, an out-of-bounds read has been identified in the XMSS and XMSS^MT stateful signature verification code. When the verification function is called with a signature...
CVE-2026-44518 liboqs: XMSS Buffer Overread Bug
liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Prior to 0.16.0, an out-of-bounds read has been identified in the XMSS and XMSS^MT stateful signature verification code. When the verification function is called with a signature...
CVE-2026-44518
liboqs (C library for post-quantum crypto) exposes a buffer overread in XMSS/XMSS^MT stateful signature verification prior to 0.16.0. If verify is called with a signature shorter than the parameter’s sig_bytes, length isn't validated and the code reads past the end of the signature buffer. The ex...
PT-2026-44940
Name of the Vulnerable Software and Affected Versions liboqs versions prior to 0.16.0 Description An out-of-bounds read exists in the XMSS and XMSS^MT stateful signature verification code. This occurs when the verification function is called with a signature buffer sized for the declared algorith...
SUSE CVE-2026-44309
Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. Prior to 0.16.0, gitsign verify and gitsign verify-tag re-encode commit/tag objects through go-git's EncodeWithoutSignature before checking the signature, instead of verifying against the raw git...
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the verify process. An attacker can cause trust confusion by submitting a commit object with duplicate tree headers, resulting in different interpretations between git-core and go-git,...
CVE-2026-44309
Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. Prior to 0.16.0, gitsign verify and gitsign verify-tag re-encode commit/tag objects through go-git's EncodeWithoutSignature before checking the signature, instead of verifying against the raw git...
CVE-2026-26015
DocsGPT (0.15.0–0.15.x) contains a remote code execution flaw via the Model Context Protocol (MCP) STDIO interface. An attacker can craft a payload through the DocsGPT website or any deployment that bypasses the MCP test, enabling arbitrary OS command execution. The issue is patchable by upgradin...
EUVD-2026-26258
DocsGPT is a GPT-powered chat for documentation. From version 0.15.0 to before version 0.16.0, an attacker accessing both the official DocsGPT website or any local and public deployment, can craft a malicious payload bypassing the "MCP test" behavior to achieve arbitrary remote code execution RCE...
DocsGPT 命令注入漏洞
DocsGPT is a cutting-edge open-source solution developed by Arc53. It simplifies the process of finding information in project documents. In versions 0.15.0 to 0.16.0 of DocsGPT, there was a command injection vulnerability. This vulnerability stemmed from bypassing MCP testing behaviors, which...
PT-2026-35960
Name of the Vulnerable Software and Affected Versions DocsGPT versions 0.15.0 through 0.15.x Description An attacker accessing the official website or any local and public deployment can craft a malicious payload that bypasses the "MCP test" behavior to achieve arbitrary remote code execution RCE...
CVE-2026-34753
vLLM is an inference and serving engine for large language models LLMs. From 0.16.0 to before 0.19.0, a server-side request forgery SSRF vulnerability in downloadbytesfromurl allows any actor who can control batch input JSON to make the vLLM batch runner issue arbitrary HTTP/HTTPS requests from t...
CVE-2026-24476
Shaarli is a personal bookmarking service. Prior to version 0.16.0, crafting a malicious tag which starting with " prematurely ends the tag on the start page and allows an attacker to add arbitrary html leading to a possible XSS attack. Version 0.16.0 fixes the issue...
CVE-2026-24476
Shaarli is a personal bookmarking service. Prior to version 0.16.0, crafting a malicious tag which starting with " prematurely ends the tag on the start page and allows an attacker to add arbitrary html leading to a possible XSS attack. Version 0.16.0 fixes the issue...
DEBIAN-CVE-2026-24476
Shaarli is a personal bookmarking service. Prior to version 0.16.0, crafting a malicious tag which starting with " prematurely ends the tag on the start page and allows an attacker to add arbitrary html leading to a possible XSS attack. Version 0.16.0 fixes the issue...