CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.10)
The vulnerability in PKCS7_verify allows signer confusion, enabling forged signatures to be accepted. The lack of proper binding between a signature and its signer bypasses verification mechanisms.
Vulnerability in EVP_DigestVerifyFinal allows forgery of zero-length HMAC tags. In the OpenSSL-compatible HMAC verification path, only the supplied signature length not exceeding the MAC length was checked, allowing zero-length or truncated tags to be accepted. The fix requires the supplied tag length to exactly equal the MAC length and rejects zero-length tags.
The ML-KEM ARM64 NEON ciphertext comparison only compares half of the input, breaking the Fujisaki-Okamoto transform's implicit rejection and weakening IND-CCA2 security on that code path.
The vulnerability in PKCS#12 MAC verification uses an attacker-controlled comparison length, weakening the integrity check on the MAC and allowing a mismatched MAC to be accepted. The PKCS#12 verify path compared the locally computed HMAC against the MAC parsed from the PKCS#12 structure using a length taken directly from the attacker-supplied input, without first verifying that it equals the length of the digest actually produced by the configured algorithm. A truncated or zero-length stored MAC could therefore be accepted, defeating the integrity protection of the MAC.
The vulnerability allows an out-of-bounds write in the SetSuitesHashSigAlgo function when processing an oversized signature algorithms list, potentially leading to a buffer overflow.
Vulnerability in TLS/DTLS implementation where, when HAVE_ENCRYPT_THEN_MAC is configured, the system may incorrectly fall back to MAC-then-Encrypt instead of enforcing Encrypt-then-MAC.
Vulnerability in TLS 1.3 post-handshake authentication (PHA) where a server could accept a client's Finished message without requiring a certificate and CertificateVerify. The issue was due to incorrectly applying the empty certificate exemption intended only for the initial handshake, also during an outstanding post-handshake CertificateRequest.
The WebSocket backend uses predictable session identifiers because multiple endpoints can connect using the same session identifier. This allows unauthorized users to impersonate others or cause a denial-of-service condition by overwhelming the backend with valid session requests.
The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks or brute-force attacks to gain unauthorized access.
Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
The vulnerability in WebSocket endpoints is due to the lack of proper authentication mechanisms, allowing attackers to impersonate charging stations. As a result, an attacker can gain unauthorized access to sensitive data or perform unauthorized actions.
A heap-based buffer overflow vulnerability has been discovered in the vtk-dicom library, specifically in the vtkDICOMItem::NewDataElement function. This flaw could allow an attacker to execute arbitrary code remotely via a specially crafted DICOM file.
Use after free in AdFilter in Google Chrome on Android prior to 149.0.7827.201 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page.
Use after free in Payments in Google Chrome on Android prior to 149.0.7827.201 allowed a local attacker to potentially exploit heap corruption via physical access to the device.
Integer overflow in Mojo in Google Chrome prior to 149.0.7827.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file.
A server-side request forgery (SSRF) vulnerability was found in Apicurio Registry. The WSDLReaderAccessor creates a wsdl4j WSDLReader without disabling the javax.wsdl.importDocuments feature. When the VALIDITY rule is set to FULL, an attacker with Developer-role access can upload a WSDL document containing attacker-controlled import locations, causing the registry to issue HTTP requests to arbitrary internal URLs.
A flaw was found in Apicurio Registry where the ContentTypeUtil.isParsableXml() method creates a SAXParserFactory without enabling secure processing features or disabling external entity resolution. An attacker with artifact-write permission (or unauthenticated when the registry runs with default configuration) can upload a crafted XML document to trigger blind server-side request forgery (SSRF) via external DTD/entity fetch, or cause denial of service via entity expansion.
A flaw was found in Keycloak where JWT algorithm confusion in the JWT Authorization Grant flow allows an attacker with valid client credentials to bypass signature verification. By forging an assertion, the attacker can create unauthorized access tokens and impersonate any federated user linked to the affected Identity Provider.
The vulnerability involves missing SNI/ALPN binding on stateful (session-ID) resumption, allowing a cached session to be resumed under a different SNI/ALPN than originally negotiated. Where client-authentication policy differs across virtual hosts, this could carry the cached peer-authentication state into an unintended context.
A vulnerability in the wolfSSL_OCSP_resp_find_status function of the wolfSSL library causes serial number comparison in OCSP responses to not require equal length. This allows a SingleResponse for a certificate whose serial is a prefix of the target's serial to be incorrectly matched, returning the wrong certificate's revocation status.

