CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

66 matches found

Malwarebytes•added 2025/12/12 2:26 p.m.•11 views

Google ads funnel Mac users to poisoned AI chats that spread the AMOS infostealer

Researchers have found evidence that AI conversations were inserted in Google search results to mislead macOS users into installing the Atomic macOS Stealer AMOS. Both Grok and ChatGPT were found to have been abused in these attacks. Forensic investigation of an AMOS alert showed the infection...

6.9AI score

Exploits0

EUVD•added 2025/10/03 8:7 p.m.•5 views

EUVD-2022-5902

Malicious code in bioql PyPI...

9.8CVSS9.4AI score0.01775EPSS

Exploits1References9

RedhatCVE•added 2025/02/05 5:57 p.m.•12 views

CVE-2019-5127

A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. The parameter base64Url in...

10CVSS7.4AI score0.93982EPSS

Exploits1References1

Hacker One•added 2024/02/18 12:17 p.m.•27 views

Node.js: fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect

The vulnerability in the undici library in Node.js was that the parseHashWithOptions function did not properly handle base64url encoded hashes and invalid hashes. This allowed resources to be loaded without the expected Subresource Integrity SRI checks being performed...

3.5CVSS4.3AI score0.00066EPSS

Exploits1

VulnCheck KEV•added 2023/11/15 12:0 a.m.•2 views

VulnCheck KEV: CVE-2019-5128

10CVSS7.2AI score0.9306EPSS

Exploits1References1

VulnCheck KEV•added 2023/11/13 12:0 a.m.•0 views

VulnCheck KEV: CVE-2019-5127

10CVSS7.2AI score0.93982EPSS

Exploits1References1

OSV•added 2022/07/01 8:15 p.m.•10 views

CVE-2022-25898

The package jsrsasign before 10.5.25 are vulnerable to Improper Verification of Cryptographic Signature when JWS or JWT signature with non Base64URL encoding special characters or number escaped characters may be validated as valid by mistake. Workaround: Validate JWS or JWT signature if it has...

9.8CVSS9.5AI score

Exploits0References6

Prion•added 2022/07/01 8:15 p.m.•7 views

Design/Logic Flaw

7.5CVSS9.4AI score0.01775EPSS

Exploits1References6Affected Software1

CVE•added 2022/07/01 8:2 p.m.•89 views

CVE-2022-25898

The CVE-2022-25898 entry concerns the jsrsasign library (pre-10.5.25) where JWS/JWT signatures with non Base64URL-encoded or escaped characters may be validated as valid. Affected component: jsrsasign; root cause: improper verification of cryptographic signatures. Impact (per sources): potential ...

9.8CVSS8.7AI score0.01775EPSS

Exploits1References6Affected Software1

ATTACKERKB•added 2022/07/01 8:0 p.m.•0 views

CVE-2022-25898

9.8CVSS7.1AI score0.01775EPSS

Exploits1References7

CNNVD•added 2022/07/01 12:0 a.m.•1 views

jsrsasign 数据伪造问题漏洞

The jsrsasign package is an open source cryptographic library from the individual developer Kenji Urashima in Japan. A security vulnerability exists in jsrsasign versions prior to 10.5.25, which stems from a vulnerability to incorrect validation of cryptographic signatures when JWS or JWT...

9.8CVSS8.2AI score0.01775EPSS

Exploits1References7

Veracode•added 2022/06/27 3:47 a.m.•27 views

Insecure Signature Verification

jsrsasign is vulnerable to insecure signature verification. The vulnerability exists because the library does not properly validate the JWS or JWT signature with non-Base64URL encoding special characters or number escaped characters such as !@$% or \11...

9.8CVSS8.9AI score0.01775EPSS

Exploits1References3Affected Software1

OSV•added 2022/06/25 7:19 a.m.•0 views

GHSA-3FVG-4V2M-98JF JWS and JWT signature validation vulnerability with special characters

Impact Jsrsasign supports JWSJSON Web Signatures and JWTJSON Web Token validation. However JWS or JWT signature with non Base64URL encoding special characters or number escaped characters may be validated as valid by mistake. For example, even if a string of non Base64URL encoding characters such...

8.6CVSS7.1AI score0.01775EPSS

Exploits1References9

Snyk•added 2022/06/13 11:15 a.m.•4 views

Improper Verification of Cryptographic Signature

Overview jsrsasign is a free pure JavaScript cryptographic library. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature when JWS or JWT signature with non Base64URL encoding special characters or number escaped characters may be validated as valid ...

9.8CVSS7AI score0.01775EPSS

Exploits1References2

seebug.org•added 2021/07/05 12:0 a.m.•171 views

ForgeRock AM远程代码执行漏洞（CVE-2021-35464）

Pre-auth RCE in ForgeRock OpenAM CVE-2021-35464 Michael Stepankin Researcher @artsploit Published: 29 June 2021 at 11:23 UTC Updated: 29 June 2021 at 18:15 UTC While participating in one private bug bounty program, I discovered a pre-auth RCE in ForgeRock OpenAM server - a popular access manageme...

0.94386EPSS

Exploits8

vulnersOsv•added 2020/09/01 8:42 p.m.•1 views

00ld8nuivn (=2.1.0), 00rqiw31nd (=2.1.0) +4461 more potentially affected by unknown CVE via base64url (>=0.0.3 <=2.0.0)

base64url NPM version =0.0.3, =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on base64url and may be impacted: - 00ld8nuivn =2.1.0 - 00rqiw31nd =2.1.0 - 01dk01majk =2.1.0 - 02rjq8i863 =1.1.0 - 02vx8qsp01 =2.1.0 - 05y6tjgmws =1.1.0 - 066m7q8o0z...

5.8AI score

Exploits0

OSV•added 2020/09/01 8:42 p.m.•10 views

GHSA-RVG8-PWQ2-XJ7Q Out-of-bounds Read in base64url

Versions of base64url before 3.0.0 are vulnerable to to out-of-bounds reads as it allocates uninitialized Buffers when number is passed in input on Node.js 4.x and below. Recommendation Update to version 3.0.0 or later...

7.1AI score

Exploits0References4