Improper Verification of Cryptographic Signature

Overview org.webjars.npm:node-forge is a WebJar for node-forge. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the ed25519.verify function. An attacker can bypass authentication and authorization logic by submitting forged non-canonical...

EUVD-2026-14301

A vulnerability was detected in PuTTY 0.83. Affected is the function eddsaverify of the file crypto/ecc-ssh.c of the component Ed25519 Signature Handler. The manipulation results in improper verification of cryptographic signature. The attack may be performed from remote. The attack requires a hi...

Linux Distros Unpatched Vulnerability : CVE-2026-4115

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was detected in PuTTY 0.83. Affected is the function eddsaverify of the file crypto/ecc- ssh.c of the component Ed25519 Signature Handler. The...

Philips Hue Bridge 数据伪造问题漏洞

The Philips Hue Bridge is an intelligent lighting gateway device developed by the Japanese company Philips Hue. The Philips Hue Bridge has a vulnerability related to data manipulation, stemming from improper verification of encrypted signatures by the ed25519signopen function. This vulnerability...

PT-2026-23780

Name of the Vulnerable Software and Affected Versions Philips Hue Bridge versions affected versions not specified Description A flaw exists in the Philips Hue Bridge’s hk hap component related to Ed25519 signature verification. This issue allows for authentication bypass. The vulnerability was...

CVE-2026-26319 OpenClaw has Missing Webhook Authentication in Telnyx Provider Allowing Unauthenticated Requests

OpenClaw is a personal AI assistant. Versions 2026.2.13 and below allow the optional @openclaw/voice-call plugin Telnyx webhook handler to accept unsigned inbound webhook requests when telnyx.publicKey is not configured, enabling unauthenticated callers to forge Telnyx events. Telnyx webhooks are...

PT-2026-26977

Name of the Vulnerable Software and Affected Versions PuTTY version 0.83 Description A flaw exists in the Ed25519 Signature Handler component, specifically within the eddsa verify function of the crypto/ecc-ssh.c file. This issue involves improper verification of cryptographic signatures and can ...

Security Bulletin: Multiple vulnerabilities in Bouncy Castle Crypto affect IBM Robotic Process Automation.

Summary Multiple vulnerabilities in Bouncy Castle Crypto affect IBM Robotic Process Automation. IBM Robotic Process Automation uses Bouncy Catle Crypto for some cryptographic processing. This bulletin identifies the security fixes to apply to address the vulnerabilities. Vulnerability Details...

org.bouncycastle:bcprov-jdk18on: Infinite loop in ED25519 verification in the ScalarUtil class

A flaw was found in the Bouncy Castle Java Cryptography APIs. Affected versions of this package are vulnerable to an Infinite loop issue in ED25519 verification in the ScalarUtil class. This flaw allows an attacker to send a malicious signature and public key to trigger a denial of service...

org.bouncycastle:bcprov-jdk18on: Infinite loop in ED25519 verification in the ScalarUtil class

A flaw was found in the Bouncy Castle Java Cryptography APIs. Affected versions of this package are vulnerable to an Infinite loop issue in ED25519 verification in the ScalarUtil class. This flaw allows an attacker to send a malicious signature and public key to trigger a denial of service...

org.bouncycastle:bcprov-jdk18on: Infinite loop in ED25519 verification in the ScalarUtil class

A flaw was found in the Bouncy Castle Java Cryptography APIs. Affected versions of this package are vulnerable to an Infinite loop issue in ED25519 verification in the ScalarUtil class. This flaw allows an attacker to send a malicious signature and public key to trigger a denial of service...

org.bouncycastle:bcprov-jdk18on: Infinite loop in ED25519 verification in the ScalarUtil class

A flaw was found in the Bouncy Castle Java Cryptography APIs. Affected versions of this package are vulnerable to an Infinite loop issue in ED25519 verification in the ScalarUtil class. This flaw allows an attacker to send a malicious signature and public key to trigger a denial of service...

org.bouncycastle:bcprov-jdk18on: Infinite loop in ED25519 verification in the ScalarUtil class

A flaw was found in the Bouncy Castle Java Cryptography APIs. Affected versions of this package are vulnerable to an Infinite loop issue in ED25519 verification in the ScalarUtil class. This flaw allows an attacker to send a malicious signature and public key to trigger a denial of service...

Security Bulletin: Vulnerability with The Bouncy Castle Crypto affect IBM Cloud Object Storage Systems (July 2024v2)

Summary Vulnerability with The Bouncy Castle CryptoCVE-2024-29857, , Snappy CVE-2024-36124, CVE-2024-30171, CVE-2024-30172, This vulnerability has been addressed in the latest ClevOS release Vulnerability Details CVEID:CVE-2024-29857 DESCRIPTION: The Bouncy Castle Crypto Package For Java is...

org.bouncycastle:bcprov-jdk18on: Infinite loop in ED25519 verification in the ScalarUtil class

A flaw was found in the Bouncy Castle Java Cryptography APIs. Affected versions of this package are vulnerable to an Infinite loop issue in ED25519 verification in the ScalarUtil class. This flaw allows an attacker to send a malicious signature and public key to trigger a denial of service...

Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 273. Vulnerability Details CVEID:CVE-2024-29857 DESCRIPTION: The Bouncy Castle Crypto Package For Java is vulnerable to a denial of service, caused by improper input...

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop in ED25519 verification in the ScalarUtil class. An attacker can send a malicious signature and public key to trigger denial of service. Remediation Upgrade BouncyCastle.Cryptography to version 2.3.1 or higher. References ...