Total
143 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-26275 | 1 Junkurihara | 1 Httpsig-hyper | 2026-03-03 | N/A | 7.5 HIGH |
|
httpsig-hyper is a hyper extension for http message signatures. An issue was discovered in `httpsig-hyper` prior to version 0.0.23 where Digest header verification could incorrectly succeed due to misuse of Rust's `matches!` macro. Specifically, the comparison `if matches!(digest, _expected_digest)` treated `_expected_digest` as a pattern binding rather than a value comparison, resulting in unconditional success of the match expression. As a consequence, digest verification could incorrectly ret ...
Show More |
|||||
| CVE-2026-28402 | 2026-03-02 | N/A | 7.1 HIGH | ||
|
nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.2.2, a malicious or compromised validator that is elected as proposer can publish a macro block proposal where `header.body_root` does not match the actual macro body hash. The proposal can pass proposal verification because the macro proposal verification path validates the header but does not validate the binding `body_root == hash(body)`; later c ...
Show More |
|||||
| CVE-2019-1163 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2026-02-20 | 4.3 MEDIUM | 5.5 MEDIUM |
|
A security feature bypass exists when Windows incorrectly validates CAB file signatures. An attacker who successfully exploited this vulnerability could inject code into a CAB file without invalidating the file's signature.
To exploit the vulnerability, an attacker could modify a signed CAB file and inject malicious code. The attacker could then convince a target user to execute the file.
The update addresses the vulnerability by correcting how Windows validates file signatures.
|
|||||
| CVE-2026-25934 | 1 Go-git Project | 1 Go-git | 2026-02-20 | N/A | 4.3 MEDIUM |
|
go-git is a highly extensible git implementation library written in pure Go. Prior to 5.16.5, a vulnerability was discovered in go-git whereby data integrity values for .pack and .idx files were not properly verified. This resulted in go-git potentially consuming corrupted files, which would likely result in unexpected errors such as object not found. For context, clients fetch packfiles from upstream Git servers. Those files contain a checksum of their contents, so that clients can perform inte ...
Show More |
|||||
| CVE-2023-41970 | 1 Zscaler | 1 Client Connector | 2026-02-19 | N/A | 6.0 MEDIUM |
|
An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on Windows during the Repair App functionality may allow Local Execution of Code.This issue affects Client Connector on Windows: before 4.1.0.62.
|
|||||
| CVE-2024-23462 | 1 Zscaler | 1 Client Connector | 2026-02-17 | N/A | 3.3 LOW |
|
An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on MacOS allows a denial of service of the Client Connector binary and thus removing client functionality.This issue affects Client Connector on MacOS: before 3.4.
|
|||||
| CVE-2024-23461 | 1 Zscaler | 1 Client Connector | 2026-02-17 | N/A | 4.2 MEDIUM |
|
An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on MacOS during the upgrade process may allow a Local Execution of Code.This issue affects Client Connector on MacOS: before 3.4.
|
|||||
| CVE-2025-39203 | 1 Hitachienergy | 1 Microscada X Sys600 | 2026-01-26 | N/A | 6.5 MEDIUM |
|
A vulnerability exists in the IEC 61850 of the MicroSCADA X SYS600 product. An IEC 61850-8 crafted message content from IED or remote system can cause a denial of service resulting in disconnection loop.
|
|||||
| CVE-2025-11543 | 1 Sharp | 52 Np-cr5450h, Np-cr5450h Firmware, Np-cr5450hl and 49 more | 2026-01-15 | N/A | 9.8 CRITICAL |
|
Improper Validation of Integrity Check Value vulnerability in Sharp Display Solutions projectors allows a attacker may create and run unauthorized firmware.
|
|||||
| CVE-2023-28802 | 1 Zscaler | 1 Client Connector | 2026-01-06 | N/A | 4.9 MEDIUM |
|
An Improper Validation of Integrity Check Value in Zscaler Client Connector on Windows allows an authenticated user to disable ZIA/ZPA by interrupting the service restart from Zscaler Diagnostics. This issue affects Client Connector: before 4.2.0.149.
|
|||||
| CVE-2025-24148 | 1 Apple | 1 Macos | 2025-12-26 | N/A | 5.5 MEDIUM |
|
This issue was addressed with improved handling of executable types. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious JAR file may bypass Gatekeeper checks.
|
|||||
| CVE-2025-33193 | 1 Nvidia | 2 Dgx Os, Dgx Spark | 2025-12-02 | N/A | 5.7 MEDIUM |
|
NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause improper validation of integrity. A successful exploit of this vulnerability might lead to information disclosure.
|
|||||
| CVE-2019-11753 | 2 Microsoft, Mozilla | 3 Windows, Firefox, Firefox Esr | 2025-11-25 | 4.6 MEDIUM | 7.8 HIGH |
|
The Firefox installer allows Firefox to be installed to a custom user writable location, leaving it unprotected from manipulation by unprivileged users or malware. If the Mozilla Maintenance Service is manipulated to update this unprotected location and the updated maintenance service in the unprotected location has been altered, the altered maintenance service can run with elevated privileges during the update process due to a lack of integrity checks. This allows for privilege escalation if th ...
Show More |
|||||
| CVE-2025-4616 | 2025-11-18 | N/A | N/A | ||
|
An insufficient validation of an untrusted input vulnerability in Palo Alto Networks Prisma® Browser allows a locally authenticated non-admin user to revert the browser’s security controls.
|
|||||
| CVE-2025-55155 | 1 Mantisbt | 1 Mantisbt | 2025-11-10 | N/A | 5.4 MEDIUM |
|
Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions 2.27.1 and below, when a user edits their profile to change their e-mail address, the system saves it without validating that it actually belongs to the user. This could result in storing an invalid email address, preventing the user from receiving system notifications. Notifications sent to another person's email address could lead to information disclosure. This issue is fixed in version 2.27.2.
|
|||||
| CVE-2023-48795 | 42 9bis, Apache, Apple and 39 more | 68 Kitty, Sshd, Sshj and 65 more | 2025-11-04 | N/A | 5.9 MEDIUM |
|
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the ha ...
Show More |
|||||
| CVE-2024-3596 | 3 Broadcom, Freeradius, Sonicwall | 4 Brocade Sannav, Fabric Operating System, Freeradius and 1 more | 2025-11-04 | N/A | 9.0 CRITICAL |
|
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
|
|||||
| CVE-2024-49875 | 1 Linux | 1 Linux Kernel | 2025-11-03 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
nfsd: map the EBADMSG to nfserr_io to avoid warning
Ext4 will throw -EBADMSG through ext4_readdir when a checksum error
occurs, resulting in the following WARNING.
Fix it by mapping EBADMSG to nfserr_io.
nfsd_buffered_readdir
iterate_dir // -EBADMSG -74
ext4_readdir // .iterate_shared
ext4_dx_readdir
ext4_htree_fill_tree
htree_dirblock_to_tree
ext4_read_dirblock
__ext4_read_dirblock
ext4_d ...
Show More |
|||||
| CVE-2024-52550 | 1 Jenkins | 1 Pipeline\ | 2025-10-10 | N/A | 8.0 HIGH |
|
Jenkins Pipeline: Groovy Plugin 3990.vd281dd77a_388 and earlier, except 3975.3977.v478dd9e956c3 does not check whether the main (Jenkinsfile) script for a rebuilt build is approved, allowing attackers with Item/Build permission to rebuild a previous build whose (Jenkinsfile) script is no longer approved.
|
|||||
| CVE-2024-47255 | 1 2n | 1 Access Commander | 2025-09-04 | N/A | 4.7 MEDIUM |
|
In 2N Access Commander versions 3.1.1.2 and prior, a local attacker can escalate their privileges in the system which could allow for arbitrary
code execution with root permissions.
|
|||||
| CVE-2024-7402 | 2025-08-15 | N/A | N/A | ||
|
Netskope has identified a potential gap in its agent (Netskope Client) in which a malicious insider can potentially tamper the Netskope Client configuration by performing MITM (Man-in-the-Middle) activity on the Netskope Client communication channel. A successful exploitation would require administrative privileges on the machine, and could result in temporarily altering the configuration of Netskope Client or permanently disabling or removing the agent from the machine.
|
|||||
| CVE-2025-54887 | 2025-08-08 | N/A | 9.1 CRITICAL | ||
|
jwe is a Ruby implementation of the RFC 7516 JSON Web Encryption (JWE) standard. In versions 1.1.0 and below, authentication tags of encrypted JWEs can be brute forced, which may result in loss of confidentiality for those JWEs and provide ways to craft arbitrary JWEs. This puts users at risk because JWEs can be modified to decrypt to an arbitrary value, decrypted by observing parsing differences and the GCM internal GHASH key can be recovered. Users are affected by this vulnerability even if th ...
Show More |
|||||
| CVE-2024-47573 | 1 Fortinet | 1 Fortindr | 2025-07-24 | N/A | 6.5 MEDIUM |
|
An improper validation of integrity check value vulnerability [CWE-354] in FortiNDR version 7.4.2 and below, version 7.2.1 and below, version 7.1.1 and below, version 7.0.6 and below may allow an authenticated attacker with at least Read/Write permission on system maintenance to install a corrupted firmware image.
|
|||||
| CVE-2025-7096 | 1 Comodo | 1 Internet Security | 2025-07-18 | 7.6 HIGH | 8.1 HIGH |
|
A vulnerability classified as critical was found in Comodo Internet Security Premium 12.3.4.8162. This vulnerability affects unknown code of the file cis_update_x64.xml of the component Manifest File Handler. The manipulation leads to improper validation of integrity check value. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early ab ...
Show More |
|||||
| CVE-2025-3247 | 1 Rocklobster | 1 Contact Form 7 | 2025-07-08 | N/A | 5.3 MEDIUM |
|
The Contact Form 7 plugin for WordPress is vulnerable to Order Replay in all versions up to, and including, 6.0.5 via the 'wpcf7_stripe_skip_spam_check' function due to insufficient validation on a user controlled key. This makes it possible for unauthenticated attackers to reuse a single Stripe PaymentIntent for multiple transactions. Only the first transaction is processed via Stripe, but the plugin sends a successful email message for each transaction, which may trick an administrator into fu ...
Show More |
|||||
| CVE-2024-46992 | 2025-07-03 | N/A | 7.8 HIGH | ||
|
Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From versions 30.0.0-alpha.1 to before 30.0.5 and 31.0.0-alpha.1 to before 31.0.0-beta.1, Electron is vulnerable to an ASAR Integrity bypass. This only impacts apps that have the embeddedAsarIntegrityValidation and onlyLoadAppFromAsar fuses enabled. Apps without these fuses enabled are not impacted. This issue is specific to Windows, apps using these fuses on macOS are not impacte ...
Show More |
|||||
| CVE-2025-25183 | 1 Vllm | 1 Vllm | 2025-07-01 | N/A | 2.6 LOW |
|
vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Maliciously constructed statements can lead to hash collisions, resulting in cache reuse, which can interfere with subsequent responses and cause unintended behavior. Prefix caching makes use of Python's built-in hash() function. As of Python 3.12, the behavior of hash(None) has changed to be a predictable constant value. This makes it more feasible that someone could try exploit hash collisions. The impact of ...
Show More |
|||||
| CVE-2024-31958 | 1 Samsung | 6 Exynos 1480, Exynos 1480 Firmware, Exynos 2200 and 3 more | 2025-06-26 | N/A | 6.8 MEDIUM |
|
An issue was discovered in Samsung Mobile Processor EExynos 2200, Exynos 1480, Exynos 2400. It lacks a check for the validation of native handles, which can result in an Out-of-Bounds Write.
|
|||||
| CVE-2024-25678 | 1 Litespeedtech | 1 Lsquic | 2025-06-20 | N/A | 9.8 CRITICAL |
|
In LiteSpeed QUIC (LSQUIC) Library before 4.0.4, DCID validation is mishandled.
|
|||||
| CVE-2024-51141 | 1 Totolink | 2 A6000ub, A6000ub Firmware | 2025-06-17 | N/A | 7.8 HIGH |
|
An issue in TOTOLINK Bluetooth Wireless Adapter A600UB allows a local attacker to execute arbitrary code via the WifiAutoInstallDriver.exe and MSASN1.dll components.
|
|||||
| CVE-2025-4418 | 2025-06-16 | N/A | 4.4 MEDIUM | ||
|
An improper validation of integrity check value vulnerability exists in
AVEVA PI Connector for CygNet Versions 1.6.14 and prior that, if exploited,
could allow a miscreant with elevated privileges to modify PI Connector
for CygNet local data files (cache and buffers) in a way that causes the
connector service to become unresponsive.
|
|||||
| CVE-2023-42143 | 1 Shelly | 2 Trv, Trv Firmware | 2025-05-30 | N/A | 5.4 MEDIUM |
|
Missing Integrity Check in Shelly TRV 20220811-152343/v2.1.8@5afc928c allows malicious users to create a backdoor by redirecting the device to an attacker-controlled machine which serves the manipulated firmware file. The device is updated with the manipulated firmware.
|
|||||
| CVE-2025-3479 | 1 Wpmudev | 1 Forminator Forms | 2025-05-28 | N/A | 5.3 MEDIUM |
|
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Order Replay in all versions up to, and including, 1.42.0 via the 'handle_stripe_single' function due to insufficient validation on a user controlled key. This makes it possible for unauthenticated attackers to reuse a single Stripe PaymentIntent for multiple transactions. Only the first transaction is processed via Stripe, but the plugin sends a successful email message for each transac ...
Show More |
|||||
| CVE-2022-38956 | 1 Netgear | 2 Wpn824ext, Wpn824ext Firmware | 2025-05-28 | N/A | 5.3 MEDIUM |
|
An exploitable firmware downgrade vulnerability was discovered on the Netgear WPN824EXT WiFi Range Extender. An attacker can conduct a MITM attack to replace the user-uploaded firmware image with an original old firmware image. This affects Firmware 1.1.1_1.1.9 and earlier.
|
|||||
| CVE-2022-38955 | 1 Netgear | 2 Wpn824ext, Wpn824ext Firmware | 2025-05-28 | N/A | 7.5 HIGH |
|
An exploitable firmware modification vulnerability was discovered on the Netgear WPN824EXT WiFi Range Extender. An attacker can conduct a MITM attack to modify the user-uploaded firmware image and bypass the CRC check. A successful attack can either introduce a backdoor to the device or make the device DoS. This affects Firmware Version: 1.1.1_1.1.9.
|
|||||
| CVE-2020-6228 | 1 Sap | 1 Business Client | 2025-05-27 | 4.3 MEDIUM | 7.5 HIGH |
|
SAP Business Client, versions 6.5, 7.0, does not perform necessary integrity checks which could be exploited by an attacker under certain conditions to modify the installer.
|
|||||
| CVE-2018-5382 | 2 Bouncycastle, Redhat | 3 Bc-java, Satellite, Satellite Capsule | 2025-05-12 | 3.6 LOW | 4.4 MEDIUM |
|
The default BKS keystore use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS keystore. Bouncy Castle release 1.47 changes the BKS format to a format which uses a 160 bit HMAC instead. This applies to any BKS keystore generated prior to BC 1.47. For situations where people need to create the files for legacy reasons a specific keystore type "BKS-V1" was introduced in 1.49. It should be noted that the use of "BKS-V1" is discouraged by the library ...
Show More |
|||||
| CVE-2018-6336 | 1 Linuxfoundation | 1 Osquery | 2025-05-06 | 6.8 MEDIUM | 7.8 HIGH |
|
An issue was discovered in osquery. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute. This issue affects osquery prior to v3.2.7
|
|||||
| CVE-2023-2975 | 2 Netapp, Openssl | 3 Management Services For Element Software And Netapp Hci, Ontap Select Deploy Administration Utility, Openssl | 2025-04-23 | N/A | 5.3 MEDIUM |
|
Issue summary: The AES-SIV cipher implementation contains a bug that causes
it to ignore empty associated data entries which are unauthenticated as
a consequence.
Impact summary: Applications that use the AES-SIV algorithm and want to
authenticate empty data entries as associated data can be misled by removing,
adding or reordering such empty entries as these are ignored by the OpenSSL
implementation. We are currently unaware of any such applications.
The AES-SIV algorithm allows for authentic ...
Show More |
|||||
| CVE-2024-56169 | 1 Nicmx | 1 Fort Validator | 2025-04-22 | N/A | 5.3 MEDIUM |
|
A validation integrity issue was discovered in Fort through 1.6.4 before 2.0.0. RPKI Relying Parties (such as Fort) are supposed to maintain a backup cache of the remote RPKI data. This can be employed as a fallback in case a new fetch fails or yields incorrect files. However, the product currently uses its cache merely as a bandwidth saving tool (because fetching is performed through deltas). If a fetch fails midway or yields incorrect files, there is no viable fallback. This leads to incomplet ...
Show More |
|||||