|
261
|
7.5 |
HIGH
Network
|
wolfssl
|
wolfssl
|
HMAC zero-length tag forgery in EVP_DigestVerifyFinal, where a zero-length tag could be accepted as valid during HMAC verification. In the OpenSSL-compatibility HMAC verify path the supplied signatur…
New
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-6331
|
2026-06-28 04:48 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
262
|
7.5 |
HIGH
Network
|
wolfssl
|
wolfssl
|
PKCS7_verify signer confusion allows forged signatures, where the signer associated with a signature is not correctly bound, permitting a forged signature to be accepted.
New
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-7511
|
2026-06-28 04:48 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263
|
7.5 |
HIGH
Network
|
wolfssl
|
wolfssl
|
iPAddress name constraints bypass when WOLFSSL_IP_ALT_NAME is not defined. IP address name constraints are not enforced in that configuration, allowing a certificate to bypass an issuing CA's IP addr…
New
|
CWE-295
Improper Certificate Validation
|
CVE-2026-7532
|
2026-06-28 04:46 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264
|
7.5 |
HIGH
Network
|
wolfssl
|
wolfssl
|
wc_Blake2bHmacFinal and wc_Blake2sHmacFinal discard the message when the key length exceeds the block size, producing a MAC that is independent of the input. When the supplied key is longer than the …
New
|
CWE-354
Improper Validation of Integrity Check Value
|
CVE-2026-8720
|
2026-06-28 04:43 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265
|
10.0 |
CRITICAL
Network
|
wso2
|
api_manager
|
The WSO2 API Manager's message flow component, when processing WS-Addressing headers, does not sufficiently validate or restrict user-controlled input within these headers. This omission allows an at…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-2053
|
2026-06-28 04:38 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266
|
9.8 |
CRITICAL
Network
|
jetbrains
|
kotlin
|
In JetBrains Kotlin before 2.4.20 code execution was possible via unsafe deserialization in the build cache metadata
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-53914
|
2026-06-28 04:36 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267
|
7.5 |
HIGH
Network
|
jetbrains
|
youtrack
|
In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading users' private data via the comment templates endpoint
New
|
CWE-862
Missing Authorization
|
CVE-2026-57921
|
2026-06-28 04:35 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268
|
5.3 |
MEDIUM
Network
|
jetbrains
|
youtrack
|
In JetBrains YouTrack before 2026.2.16593 project settings disclosure via the MCP was possible
New
|
CWE-862
Missing Authorization
|
CVE-2026-57922
|
2026-06-28 04:33 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269
|
7.5 |
HIGH
Network
|
jetbrains
|
youtrack
|
In JetBrains YouTrack before 2026.2.16593 improper authorisation in the app configurations endpoint allowed modifying project settings
New
|
CWE-862
Missing Authorization
|
CVE-2026-57923
|
2026-06-28 04:32 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270
|
5.3 |
MEDIUM
Network
|
jetbrains
|
youtrack
|
In JetBrains YouTrack before 2026.2.16593 default role configuration exposed excessive user profile details
New
|
CWE-276
Incorrect Default Permissions
|
CVE-2026-57924
|
2026-06-28 04:31 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
