42 matches found
PYSEC-2026-326 dcap-qvl has Missing Verification for QE Identity
Impact This vulnerability involves a critical gap in the cryptographic verification process within the dcap-qvl. The library fetches QE Identity collateral including qeidentity, qeidentitysignature, and qeidentityissuerchain from the PCCS. However, it skips to verify the QE Identity signature...
darksword-Exploit
🗡️ DarkSword — iOS Full-Chain Exploit Analysis Reference:...
EUVD-2026-4661
dcap-qvl implements the quote verification logic for DCAP Data Center Attestation Primitives. A vulnerability present in versions prior to 0.3.9 involves a critical gap in the cryptographic verification process within the dcap-qvl. The library fetches QE Identity collateral including qeidentity,...
CVE-2026-22696 dcap-qvl has Missing Verification for QE Identity
dcap-qvl implements the quote verification logic for DCAP Data Center Attestation Primitives. A vulnerability present in versions prior to 0.3.9 involves a critical gap in the cryptographic verification process within the dcap-qvl. The library fetches QE Identity collateral including qeidentity,...
PT-2026-4820
Name of the Vulnerable Software and Affected Versions dcap-qvl versions prior to 0.3.9 Description The dcap-qvl library contains a flaw in its quote verification logic. The library retrieves QE Identity collateral from the PCCS, but fails to verify the QE Identity signature against its certificat...
EUVD-2006-5998
Malware in sbrugna...
EUVD-2019-15418
Malware in sbrugna...
EUVD-2019-15424
Malware in sbrugna...
EUVD-2024-1217
Malicious code in bioql PyPI...
CVE-2024-31995
@digitalbazaar/zcap provides JavaScript reference implementation for Authorization Capabilities. Prior to version 9.0.1, when invoking a capability with a chain depth of 2, i.e., it is delegated directly from the root capability, the expires property is not properly checked against the current da...
CVE-2023-41037
OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. In affected versions OpenPGP Cleartext Signed Messages are cryptographically signed messages where the signed text is readable without special tools. These messages typically contain a "Hash: ..." header declaring the hash algorit...
CVE-2025-47934
OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. Startinf in version 5.0.1 and prior to versions 5.11.3 and 6.1.1, a maliciously modified message can be passed to either openpgp.verify or openpgp.decrypt, causing these functions to return a valid signature verification result...
CVE-2025-47934
OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. Startinf in version 5.0.1 and prior to versions 5.11.3 and 6.1.1, a maliciously modified message can be passed to either openpgp.verify or openpgp.decrypt, causing these functions to return a valid signature verification result...
CVE-2025-47934
OpenPGP.js CVE-2025-47934 affects versions prior to 5.11.3 and 6.1.1, where a maliciously modified message can cause openpgp.verify or openpgp.decrypt to return a valid signature verification while the data may not have been signed. This affects inline-signed messages and signed-and-encrypted mes...
CVE-2025-47934 OpenPGP.js's message signature verification can be spoofed
OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. Startinf in version 5.0.1 and prior to versions 5.11.3 and 6.1.1, a maliciously modified message can be passed to either openpgp.verify or openpgp.decrypt, causing these functions to return a valid signature verification result...
CVE-2025-47934 OpenPGP.js's message signature verification can be spoofed
OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. Startinf in version 5.0.1 and prior to versions 5.11.3 and 6.1.1, a maliciously modified message can be passed to either openpgp.verify or openpgp.decrypt, causing these functions to return a valid signature verification result...
PT-2024-10797 · Unknown · Html2Markdown
Name of the Vulnerable Software and Affected Versions: HTML2Markdown versions all available versions Description: The issue concerns a Regular Expression Denial of Service ReDoS in the HTML2Markdown Javascript implementation, which is used for converting HTML to Markdown text. No known patches ar...
[SECURITY] [DLA 3665-1] node-json5 security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3665-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès November 25, 2023 https://wiki.debian.org/LTS -...
CVE-2023-41037 Cleartext Signed Message Signature Spoofing in openpgpjs
OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. In affected versions OpenPGP Cleartext Signed Messages are cryptographically signed messages where the signed text is readable without special tools. These messages typically contain a "Hash: ..." header declaring the hash algorit...
Memory corruption vulnerability in Microsoft Edge; MilesightVPN and router could be taken over
Since the beginning of July, Cisco Talos has published 40 vulnerability advisories affecting a range of software and hardware, including the Microsoft Edge browser. In our new series called "Vulnerability Roundup," well be recapping the vulnerabilities we recently disclosed to provide readers wit...