ALTCHA 数据伪造问题漏洞

ALTCHA is a self-hosted CAPTCHA software from ALTCHA Open Source. ALTCHA suffers from a Data Forgery Problem vulnerability that stems from HMAC signatures not explicitly bound to challenge parameters, which could lead to replay attacks...

Ivanti Endpoint Manager 数据伪造问题漏洞

Ivanti Endpoint Manager EPM is a suite of endpoint security managers from Ivanti USA. A data forgery issue vulnerability exists in versions prior to Ivanti Endpoint Manager 2024 SU4 SR1 that stems from improper cryptographic signature validation and could lead to remote code execution...

Adobe Acrobat Reader 数据伪造问题漏洞

Adobe Acrobat Reader is a PDF viewer from the American company Audobee Adobe. The software is used to print, sign and annotate PDFs. Adobe Acrobat Reader versions 24.001.30264 and 20.005.30793 and 25.001.20982 and 24.001.30273 and 20.005.30803 and prior versions have a data forgery issue...

Adobe Acrobat Reader 数据伪造问题漏洞

Adobe Acrobat Reader is a PDF viewer from the American company Audobee Adobe. The software is used to print, sign and annotate PDFs. Adobe Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, and 20.005.30803 and earlier versions have a data forgery issue vulnerability...

Fortinet FortiWeb 数据伪造问题漏洞

Fortinet FortiWeb is a Web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures Web applications and protects sensitive database content. A data forgery vulnerability exists in...

Ruby SAML 数据伪造问题漏洞

Ruby SAML is a SAML-Toolkits open source implementation of a SAML authorization client. Ruby SAML 1.12.4 and prior versions suffer from a Data Forgery Issue vulnerability that stems from a flaw in the libxml2 normalization process that could lead to authentication bypass...

OneLogin ruby-saml 数据伪造问题漏洞

Onelogin OneLogin ruby-saml is a Ruby-based SAML Security Assertion Markup Language library for Single Sign-On SSO services from Onelogin, USA. A data forgery issue vulnerability exists in OneLogin ruby-saml version 1.12.4 and earlier, which stems from XML parsing differences and could lead to...

node-jws 数据伪造问题漏洞

node-jws is a JSON Web signature library open-sourced by Auth0. A data forgery issue vulnerability exists in node-jws versions 3.2.2 and earlier and 4.0.0, which stems from improper HS256 algorithm signature validation and could lead to signature validation bypass...

OrangeHRM 数据伪造问题漏洞

OrangeHRM is a human resource management system HRM from OrangeHRM, Inc. in the United States. The system supports personnel information management, leave management, attendance management and recruitment management. OrangeHRM versions 5.0 through 5.7 are vulnerable to a data forgery issue that...

cggmp21 数据伪造问题漏洞

cggmp21 is a Rust library open-sourced by Lockness. A data forgery issue vulnerability exists in versions prior to cggmp21 0.6.3, which stems from a missing check in the ZK proof that could lead to a malicious signer reconstructing the full private key...

WordPress plugin Subscriptions & Memberships for PayPal 数据伪造问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A data forgery...

Evervault Go SDK 数据伪造问题漏洞

Evervault Go SDK is an open source development toolkit from Evervault. A Data Forgery Issue vulnerability exists in Evervault Go SDK versions prior to 1.3.2, which stems from incomplete validation logic that could lead to trusting an enclave operator that does not meet integrity guarantees...

JetBrains ReSharper 数据伪造问题漏洞

JetBrains ReSharper is a Visual Studio extension for .NET development from the Czech company JetBrains. The program is mainly used for code quality analysis, code error alerts and other functions. A data forgery issue vulnerability exists in JetBrains ReSharper versions prior to 2025.2.4, which...

D-Link DAP-2695 数据伪造问题漏洞

The D-Link DAP-2695 is a high-performance dual-band wireless access point from China AUO D-Link. A data forgery issue vulnerability exists in the D-Link DAP-2695 version 2.00RC13, which stems from the function sub40C6B8 in the Firmware Update Handler component not properly verifying the...

Always Encrypted Kubernetes 数据伪造问题漏洞

Always Encrypted Kubernetes is a container encryption software open source by Edgeless Systems. A data forgery issue vulnerability exists in versions prior to Always Encrypted Kubernetes 2.24.0 that stems from insecure handling of the empty key slot algorithm, which could lead to unencrypted...

Fortinet FortiClient MacOS installer data forgery issue vulnerability

Fortinet FortiClient MacOS installer is a client installer from Fortinet. The Fortinet FortiClient MacOS installer suffers from a data forgery issue vulnerability that stems from improper cryptographic signature validation, which can be exploited by an attacker to cause elevation of privilege for...

Microsoft Playwright 数据伪造问题漏洞

Microsoft Playwright is an automation framework from Microsoft Corporation USA. Microsoft Playwright suffers from a Data Forgery Issue vulnerability, which can be exploited by an attacker to perform spoofing attacks...

Fortinet FortiClient MacOS installer 数据伪造问题漏洞

Fortinet FortiClient MacOS installer is a client installer from Fortinet. The Fortinet FortiClient MacOS installer suffers from a data forgery issue vulnerability that stems from improper cryptographic signature validation, which can be exploited by an attacker to cause elevation of privilege for...

EUVD-2019-16035

Malware in sbrugna...

WordPress plugin OAuth Single Sign On – SSO (OAuth Client) 数据伪造问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A data forgery issue...