CVE-2026-22818 JWT algorithm confusion in Hono JWK Auth Middleware when JWK lacks "alg" (untrusted header.alg fallback)

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.11.4, there is a flaw in Hono’s JWK/JWKS JWT verification middleware allowed the algorithm specified in the JWT header to influence signature verification when the selected JWK did not explicitly defi...

SAP NetWeaver 加密问题漏洞

SAP NetWeaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform primarily provides a development and runtime environment for SAP applications. SAP NetWeaver is vulnerable to a cryptographic issue that arises from the use of outdated encryption...

PT-2026-2799

Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.11.4 Description Hono’s JWT verification middleware had a flaw where the algorithm specified in the JWT header could influence signature verification, even when the selected JWK did not explicitly define an algorithm...

CVE-2023-50939

IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 275129...

CVE-2021-41106

JWT is a library to work with JSON Web Token and JSON Web Signature. Prior to versions 3.4.6, 4.0.4, and 4.1.5, users of HMAC-based algorithms HS256, HS384, and HS512 combined with Lcobucci\JWT\Signer\Key\LocalFileReference as key are having their tokens issued/validated using the file path as...

CVE-2024-41763

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

TP-Link TL-WR820N 2.80 Weak Cryptography

TP-Link TL-WR820N version 2.80 uses weak cryptographic algorithms for SSH...

GNU Privacy Guard 2.5.16

GnuPG the GNU Privacy Guard or GPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As suc...

SUSE CVE-2023-54250

In the Linux kernel, the following vulnerability has been resolved: ksmbd: avoid out of bounds access in decodepreauthctxt Confirm that the accessed pnegctxt-HashAlgorithms address sits within the SMB request boundary; deassemblenegcontexts only checks that the eight byte smb2negcontext header +...

EUVD-2023-60391

In the Linux kernel, the following vulnerability has been resolved: ksmbd: avoid out of bounds access in decodepreauthctxt Confirm that the accessed pnegctxt-HashAlgorithms address sits within the SMB request boundary; deassemblenegcontexts only checks that the eight byte smb2negcontext header +...

CVE-2023-54250

In the Linux kernel, the following vulnerability has been resolved: ksmbd: avoid out of bounds access in decodepreauthctxt Confirm that the accessed pnegctxt-HashAlgorithms address sits within the SMB request boundary; deassemblenegcontexts only checks that the eight byte smb2negcontext header +...

CVE-2023-54250

In the Linux kernel, the following vulnerability has been resolved: ksmbd: avoid out of bounds access in decodepreauthctxt Confirm that the accessed pnegctxt-HashAlgorithms address sits within the SMB request boundary; deassemblenegcontexts only checks that the eight byte smb2negcontext header +...

UBUNTU-CVE-2023-54250

In the Linux kernel, the following vulnerability has been resolved: ksmbd: avoid out of bounds access in decodepreauthctxt Confirm that the accessed pnegctxt-HashAlgorithms address sits within the SMB request boundary; deassemblenegcontexts only checks that the eight byte smb2negcontext header +...

CVE-2023-54250 ksmbd: avoid out of bounds access in decode_preauth_ctxt()

In the Linux kernel, the following vulnerability has been resolved: ksmbd: avoid out of bounds access in decodepreauthctxt Confirm that the accessed pnegctxt-HashAlgorithms address sits within the SMB request boundary; deassemblenegcontexts only checks that the eight byte smb2negcontext header +...

CVE-2023-54250

In the Linux kernel ksmbd component, CVE-2023-54250 concerns an out-of-bounds access in decode_preauth_ctxt(). The issue is that the code checks only the eight-byte SMB2_neg_context header and the client-controlled DataLength, which can exceed the SMB request boundary; this is insufficient to gua...

CVE-2025-14175

The CVE-2025-14175 entry concerns the SSH server on TP-Link TL-WR820N v2.80, where weak cryptographic algorithm support is reported. The vulnerability enables an adjacent attacker to intercept and decrypt SSH traffic, impacting confidentiality. The CVSS v4.0 vector indicates an adjacent network a...

Are We Ready to Be Governed by Artificial Intelligence?

Artificial Intelligence AI overlords are a common trope in science-fiction dystopias, but the reality looks much more prosaic. The technologies of artificial intelligence are already pervading many aspects of democratic government, affecting our lives in ways both large and small. This has occurr...

CVE-2022-50731 crypto: akcipher - default implementation for setting a private key

In the Linux kernel, the following vulnerability has been resolved: crypto: akcipher - default implementation for setting a private key Changes from v1: removed the default implementation from setpubkey: it is assumed that an implementation must always have this callback defined as there are no u...

Post-Quantum Cryptography in the 5G Core

In this work, the conventional cryptographic algorithms used in the 5G Core are replaced with post-quantum alternatives and the practical impact of this transition is evaluated. Using a simulation environment, we model the registration and deregistration of varying numbers of user equipments UEs...

CVE-2025-13532

Insecure defaults in the Server Agent component of Fortra's Core Privileged Access Manager BoKS can result in the selection of weak password hash algorithms. This issue affects BoKS Server Agent 9.0 instances that support yescrypt and are running in a BoKS 8.1 domain...