888 matches found
Apache Log4j JSON Template Layout: Improper serialization of non-finite floating-point values in JsonTemplateLayout
Apache Log4j's JsonTemplateLayout, in versions up to and including 2.25.3, produces invalid JSON output when log events contain non-finite floating-point values NaN, Infinity, or -Infinity, which are prohibited by RFC 8259. This may cause downstream log processing systems to reject or fail to ind...
Improper Encoding or Escaping of Output
Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output when JsonTemplateLayout logs a MapMessage. An attacker can cause downstream log processing systems to reject or fail to index affected records by supplying non-finite floating-point values such as...
CVE-2026-32614
Go ShangMi Commercial Cryptography Library GMSM is a cryptographic library that covers the Chinese commercial cryptographic public algorithms SM2/SM3/SM4/SM9/ZUC. Prior to 0.41.1, the current SM9 decryption implementation contains an infinity-point ciphertext forgery vulnerability. The root cause...
SUSE CVE-2026-32614
Go ShangMi Commercial Cryptography Library GMSM is a cryptographic library that covers the Chinese commercial cryptographic public algorithms SM2/SM3/SM4/SM9/ZUC. Prior to 0.41.1, the current SM9 decryption implementation contains an infinity-point ciphertext forgery vulnerability. The root cause...
📄 PEGA Infinity Brute Force / Insecure Direct Object Reference
PEGA Infinity suffers from brute forcing and insecure direct object reference vulnerabilities. Pega Platform versions 7.1.0 through Infinity 25.1.0 are affected by the brute force issue. Pega Platform versions 8.7.5 to Infinity 24.2.2 are affected by the idor issue. SEC Consult Vulnerability Lab...
CVE-2026-32614
Go ShangMi Commercial Cryptography Library GMSM is a cryptographic library that covers the Chinese commercial cryptographic public algorithms SM2/SM3/SM4/SM9/ZUC. Prior to 0.41.1, the current SM9 decryption implementation contains an infinity-point ciphertext forgery vulnerability. The root cause...
CVE-2026-32614
CVE-2026-32614 concerns the Go ShangMi (GMSM) library’s SM9 decryption, where the ciphertext can be forged if the point C1 is the point at infinity. The root cause is that during decryption, C1 is deserialized and checked for curve membership, but the code does not reject the point at infinity, a...
CVE-2026-32614 Go ShangMi SM9 Infinity-Point Ciphertext Forgery Vulnerability
Go ShangMi Commercial Cryptography Library GMSM is a cryptographic library that covers the Chinese commercial cryptographic public algorithms SM2/SM3/SM4/SM9/ZUC. Prior to 0.41.1, the current SM9 decryption implementation contains an infinity-point ciphertext forgery vulnerability. The root cause...
CVE-2026-32614 Go ShangMi SM9 Infinity-Point Ciphertext Forgery Vulnerability
Go ShangMi Commercial Cryptography Library GMSM is a cryptographic library that covers the Chinese commercial cryptographic public algorithms SM2/SM3/SM4/SM9/ZUC. Prior to 0.41.1, the current SM9 decryption implementation contains an infinity-point ciphertext forgery vulnerability. The root cause...
CVE-2026-32614
Go ShangMi Commercial Cryptography Library GMSM is a cryptographic library that covers the Chinese commercial cryptographic public algorithms SM2/SM3/SM4/SM9/ZUC. Prior to 0.41.1, the current SM9 decryption implementation contains an infinity-point ciphertext forgery vulnerability. The root cause...
CVE-2026-32614 Go ShangMi SM9 Infinity-Point Ciphertext Forgery Vulnerability
Go ShangMi Commercial Cryptography Library GMSM is a cryptographic library that covers the Chinese commercial cryptographic public algorithms SM2/SM3/SM4/SM9/ZUC. Prior to 0.41.1, the current SM9 decryption implementation contains an infinity-point ciphertext forgery vulnerability. The root cause...
GO-2026-4694 SM9 Infinity-Point Ciphertext Forgery Vulnerability in github.com/emmansun/gmsm
SM9 Infinity-Point Ciphertext Forgery Vulnerability in github.com/emmansun/gmsm...
EUVD-2026-12101
SM9 Infinity-Point Ciphertext Forgery Vulnerability...
GHSA-5XXP-2VRJ-X855 SM9 Infinity-Point Ciphertext Forgery Vulnerability
Overview The current SM9 decryption implementation contains an infinity-point ciphertext forgery vulnerability. The root cause is that, during decryption, the elliptic-curve point C1 in the ciphertext is only deserialized and checked to be on the curve, but the implementation does not explicitly...
SM9 Infinity-Point Ciphertext Forgery Vulnerability
Overview The current SM9 decryption implementation contains an infinity-point ciphertext forgery vulnerability. The root cause is that, during decryption, the elliptic-curve point C1 in the ciphertext is only deserialized and checked to be on the curve, but the implementation does not explicitly...
PT-2026-25376
Name of the Vulnerable Software and Affected Versions Go ShangMi Commercial Cryptography Library GMSM versions prior to 0.41.1 Description The Go ShangMi Commercial Cryptography Library GMSM contains a cryptographic vulnerability in the SM9 decryption implementation. The issue stems from a failur...
CVE-2023-31455
Pexip Infinity before 31.2 has Improper Input Validation for RTCP, allowing remote attackers to trigger an abort...
CVE-2023-31289
Pexip Infinity before 31.2 has Improper Input Validation for signalling, allowing remote attackers to trigger an abort...
CVE-2018-10432
Pexip Infinity before 18 allows Remote Denial of Service TLS handshakes in RTMP...
CVE-2018-10585
Pexip Infinity before 18 allows remote Denial of Service XML parsing...