484 matches found
cosign 数据伪造问题漏洞
cosign is a container signing, verification and storage in an OCI registry in the United States. A data forgery issue vulnerability exists in Cosign versions prior to 2.6.2 and prior to 3.0.4, which stems from a specially crafted Cosign package being able to validate successfully even if the...
GNUPG 数据伪造问题漏洞
GNUPG is a suite of open source cryptographic software from the American GNU community under the GNU General Public License. The software supports public key, symmetric encryption, hashing, and other algorithms. A data forgery issue vulnerability exists in GNUPG 2.4.8 and earlier versions, which...
Ever Gauzy Platform 数据伪造问题漏洞
Ever Gauzy Platform is an open source business management platform from Ever. A Data Forgery Issue vulnerability exists in Ever Gauzy Platform version v0.281.9, which stems from an improper implementation of JWT authentication that could lead to unauthorized access...
ALTCHA 数据伪造问题漏洞
ALTCHA is a self-hosted CAPTCHA software from ALTCHA Open Source. ALTCHA suffers from a Data Forgery Problem vulnerability that stems from HMAC signatures not explicitly bound to challenge parameters, which could lead to replay attacks...
OneLogin ruby-saml 数据伪造问题漏洞
Onelogin OneLogin ruby-saml is a Ruby-based SAML Security Assertion Markup Language library for Single Sign-On SSO services from Onelogin, USA. A data forgery issue vulnerability exists in OneLogin ruby-saml version 1.12.4 and earlier, which stems from XML parsing differences and could lead to...
Ruby SAML 数据伪造问题漏洞
Ruby SAML is a SAML-Toolkits open source implementation of a SAML authorization client. Ruby SAML 1.12.4 and prior versions suffer from a Data Forgery Issue vulnerability that stems from a flaw in the libxml2 normalization process that could lead to authentication bypass...
Adobe Acrobat Reader 数据伪造问题漏洞
Adobe Acrobat Reader is a PDF viewer from the American company Audobee Adobe. The software is used to print, sign and annotate PDFs. Adobe Acrobat Reader versions 24.001.30264 and 20.005.30793 and 25.001.20982 and 24.001.30273 and 20.005.30803 and prior versions have a data forgery issue...
Adobe Acrobat Reader 数据伪造问题漏洞
Adobe Acrobat Reader is a PDF viewer from the American company Audobee Adobe. The software is used to print, sign and annotate PDFs. Adobe Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, and 20.005.30803 and earlier versions have a data forgery issue vulnerability...
Ivanti Endpoint Manager 数据伪造问题漏洞
Ivanti Endpoint Manager EPM is a suite of endpoint security managers from Ivanti USA. A data forgery issue vulnerability exists in versions prior to Ivanti Endpoint Manager 2024 SU4 SR1 that stems from improper cryptographic signature validation and could lead to remote code execution...
Fortinet FortiWeb 数据伪造问题漏洞
Fortinet FortiWeb is a Web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures Web applications and protects sensitive database content. A data forgery vulnerability exists in...
node-jws 数据伪造问题漏洞
node-jws is a JSON Web signature library open-sourced by Auth0. A data forgery issue vulnerability exists in node-jws versions 3.2.2 and earlier and 4.0.0, which stems from improper HS256 algorithm signature validation and could lead to signature validation bypass...
OrangeHRM 数据伪造问题漏洞
OrangeHRM is a human resource management system HRM from OrangeHRM, Inc. in the United States. The system supports personnel information management, leave management, attendance management and recruitment management. OrangeHRM versions 5.0 through 5.7 are vulnerable to a data forgery issue that...
cggmp21 数据伪造问题漏洞
cggmp21 is a Rust library open-sourced by Lockness. A data forgery issue vulnerability exists in versions prior to cggmp21 0.6.3, which stems from a missing check in the ZK proof that could lead to a malicious signer reconstructing the full private key...
WordPress plugin Subscriptions & Memberships for PayPal 数据伪造问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A data forgery...
Evervault Go SDK 数据伪造问题漏洞
Evervault Go SDK is an open source development toolkit from Evervault. A Data Forgery Issue vulnerability exists in Evervault Go SDK versions prior to 1.3.2, which stems from incomplete validation logic that could lead to trusting an enclave operator that does not meet integrity guarantees...
JetBrains ReSharper 数据伪造问题漏洞
JetBrains ReSharper is a Visual Studio extension for .NET development from the Czech company JetBrains. The program is mainly used for code quality analysis, code error alerts and other functions. A data forgery issue vulnerability exists in JetBrains ReSharper versions prior to 2025.2.4, which...
Always Encrypted Kubernetes 数据伪造问题漏洞
Always Encrypted Kubernetes is a container encryption software open source by Edgeless Systems. A data forgery issue vulnerability exists in versions prior to Always Encrypted Kubernetes 2.24.0 that stems from insecure handling of the empty key slot algorithm, which could lead to unencrypted...
D-Link DAP-2695 数据伪造问题漏洞
The D-Link DAP-2695 is a high-performance dual-band wireless access point from China AUO D-Link. A data forgery issue vulnerability exists in the D-Link DAP-2695 version 2.00RC13, which stems from the function sub40C6B8 in the Firmware Update Handler component not properly verifying the...
Fortinet FortiClient MacOS installer data forgery issue vulnerability
Fortinet FortiClient MacOS installer is a client installer from Fortinet. The Fortinet FortiClient MacOS installer suffers from a data forgery issue vulnerability that stems from improper cryptographic signature validation, which can be exploited by an attacker to cause elevation of privilege for...
Fortinet FortiClient MacOS installer 数据伪造问题漏洞
Fortinet FortiClient MacOS installer is a client installer from Fortinet. The Fortinet FortiClient MacOS installer suffers from a data forgery issue vulnerability that stems from improper cryptographic signature validation, which can be exploited by an attacker to cause elevation of privilege for...