|
601
|
6.5 |
MEDIUM
Network
|
wolfssl
|
wolfssl
|
PKCS#12 MAC verification uses an attacker-controlled comparison length, weakening the integrity check on the MAC and allowing a mismatched MAC to be accepted. The PKCS#12 verify path compared the loc…
Update
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-6329
|
2026-06-28 04:51 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
602
|
6.5 |
MEDIUM
Network
|
wolfssl
|
wolfssl
|
The ML-KEM ARM64 NEON ciphertext comparison only compares half of the input, breaking the Fujisaki-Okamoto transform's implicit rejection and weakening IND-CCA2 security on that code path. The consta…
Update
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2026-6330
|
2026-06-28 04:50 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
603
|
7.5 |
HIGH
Network
|
wolfssl
|
wolfssl
|
HMAC zero-length tag forgery in EVP_DigestVerifyFinal, where a zero-length tag could be accepted as valid during HMAC verification. In the OpenSSL-compatibility HMAC verify path the supplied signatur…
Update
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-6331
|
2026-06-28 04:48 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
604
|
7.5 |
HIGH
Network
|
wolfssl
|
wolfssl
|
PKCS7_verify signer confusion allows forged signatures, where the signer associated with a signature is not correctly bound, permitting a forged signature to be accepted.
Update
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-7511
|
2026-06-28 04:48 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
605
|
7.5 |
HIGH
Network
|
wolfssl
|
wolfssl
|
iPAddress name constraints bypass when WOLFSSL_IP_ALT_NAME is not defined. IP address name constraints are not enforced in that configuration, allowing a certificate to bypass an issuing CA's IP addr…
Update
|
CWE-295
Improper Certificate Validation
|
CVE-2026-7532
|
2026-06-28 04:46 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
606
|
7.5 |
HIGH
Network
|
wolfssl
|
wolfssl
|
wc_Blake2bHmacFinal and wc_Blake2sHmacFinal discard the message when the key length exceeds the block size, producing a MAC that is independent of the input. When the supplied key is longer than the …
Update
|
CWE-354
Improper Validation of Integrity Check Value
|
CVE-2026-8720
|
2026-06-28 04:43 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
607
|
10.0 |
CRITICAL
Network
|
wso2
|
api_manager
|
The WSO2 API Manager's message flow component, when processing WS-Addressing headers, does not sufficiently validate or restrict user-controlled input within these headers. This omission allows an at…
Update
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-2053
|
2026-06-28 04:38 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
608
|
9.8 |
CRITICAL
Network
|
jetbrains
|
kotlin
|
In JetBrains Kotlin before 2.4.20 code execution was possible via unsafe deserialization in the build cache metadata
Update
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-53914
|
2026-06-28 04:36 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
609
|
7.5 |
HIGH
Network
|
jetbrains
|
youtrack
|
In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading users' private data via the comment templates endpoint
Update
|
CWE-862
Missing Authorization
|
CVE-2026-57921
|
2026-06-28 04:35 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
610
|
5.3 |
MEDIUM
Network
|
jetbrains
|
youtrack
|
In JetBrains YouTrack before 2026.2.16593 project settings disclosure via the MCP was possible
Update
|
CWE-862
Missing Authorization
|
CVE-2026-57922
|
2026-06-28 04:33 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
