283 matches found
CVE-2025-69287
The BSV Blockchain SDK is a unified TypeScript SDK for developing scalable apps on the BSV Blockchain. Prior to version 2.0.0, a cryptographic vulnerability in the TypeScript SDK's BRC-104 authentication implementation caused incorrect signature data preparation, resulting in signature...
CVE-2025-69287
The BSV Blockchain SDK is a unified TypeScript SDK for developing scalable apps on the BSV Blockchain. Prior to version 2.0.0, a cryptographic vulnerability in the TypeScript SDK's BRC-104 authentication implementation caused incorrect signature data preparation, resulting in signature...
CVE-2025-69287 BSV Blockchain SDK has an Authentication Signature Data Preparation Vulnerability
The BSV Blockchain SDK is a unified TypeScript SDK for developing scalable apps on the BSV Blockchain. Prior to version 2.0.0, a cryptographic vulnerability in the TypeScript SDK's BRC-104 authentication implementation caused incorrect signature data preparation, resulting in signature...
CVE-2025-69287 BSV Blockchain SDK has an Authentication Signature Data Preparation Vulnerability
The BSV Blockchain SDK is a unified TypeScript SDK for developing scalable apps on the BSV Blockchain. Prior to version 2.0.0, a cryptographic vulnerability in the TypeScript SDK's BRC-104 authentication implementation caused incorrect signature data preparation, resulting in signature...
CVE-2025-69287
CVE-2025-69287 relates to the BSV Blockchain SDK prior to v2.0.0, where the TypeScript SDK’s BRC-104 mutual authentication data preparation was flawed. Specifically, processInitialRequest/processInitialResponse concatenated base64 nonce strings and decoded the result, producing ~32–34 bytes of si...
CVE-2025-69287 BSV Blockchain SDK has an Authentication Signature Data Preparation Vulnerability
The BSV Blockchain SDK is a unified TypeScript SDK for developing scalable apps on the BSV Blockchain. Prior to version 2.0.0, a cryptographic vulnerability in the TypeScript SDK's BRC-104 authentication implementation caused incorrect signature data preparation, resulting in signature...
Improper Following of Specification by Caller
Overview @bsv/sdk is a BSV Blockchain Software Development Kit Affected versions of this package are vulnerable to Improper Following of Specification by Caller in the Peer class, used by the processInitialRequest and processInitialResponse methods. An attacker can cause a signature to be...
PT-2026-20262
Name of the Vulnerable Software and Affected Versions BSV Blockchain SDK versions prior to 2.0.0 Description A cryptographic issue exists in the BSV Blockchain SDK's BRC-104 authentication implementation. Specifically, incorrect signature data preparation in the Peer.ts file, within the...
SMCP: Secure Model Context Protocol
Agentic AI systems built around large language models LLMs are moving away from closed, single-model frameworks and toward open ecosystems that connect a variety of agents, external tools, and resources. The Model Context Protocol MCP has emerged as a standard to unify tool access, allowing agent...
CVE-2019-18246
BIOTRONIK CardioMessenger II, The affected products do not properly enforce mutual authentication with the BIOTRONIK Remote Communication infrastructure...
CVE-2023-31127
libspdm is a sample implementation that follows the DMTF SPDM specifications. A vulnerability has been identified in SPDM session establishment in libspdm prior to version 2.3.1. If a device supports both DHE session and PSK session with mutual authentication, the attacker may be able to establis...
GHSA-VJ87-JJ27-4H9C wolfSSL Python module vulnerable to Improper Authentication
A vulnerability in the handling of verifymode = CERTREQUIRED in the wolfssl Python package wolfssl-py causes client certificate requirements to not be fully enforced. Because the WOLFSSLVERIFYFAILIFNOPEERCERT flag was not included, the behavior effectively matched CERTOPTIONAL: a peer certificate...
DEBIAN-CVE-2025-15346
A vulnerability in the handling of verifymode = CERTREQUIRED in the wolfssl Python package wolfssl-py causes client certificate requirements to not be fully enforced. Because the WOLFSSLVERIFYFAILIFNOPEERCERT flag was not included, the behavior effectively matched CERTOPTIONAL: a peer certificate...
wolfssl-py 安全漏洞
wolfssl-py is an open source Python packaging tool from wolfSSL. A security vulnerability exists in wolfssl-py version 5.8.2 and earlier that stems from not fully enforcing client certificate requirements, which could lead to improper authentication and bypassing mutual TLS client authentication...
CVE-2025-15346
The wolfssl-py Python package is affected by CVE-2025-15346 due to improper enforcement of client certificate requirements when verify_mode is CERT_REQUIRED. The root cause is failure to include WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, making behavior effectively CERT_OPTIONAL: a peer certificate is ...
CVE-2025-15346 wolfSSL Python library `CERT_REQUIRED` mode fails to enforce client certificate requirement
A vulnerability in the handling of verifymode = CERTREQUIRED in the wolfssl Python package wolfssl-py causes client certificate requirements to not be fully enforced. Because the WOLFSSLVERIFYFAILIFNOPEERCERT flag was not included, the behavior effectively matched CERTOPTIONAL: a peer certificate...
CVE-2025-61939
CVE-2025-61939 concerns Columbia Weather Systems MicroServer. An unused function can initiate a reverse SSH connection to a vendor-registered domain without mutual authentication. An attacker on a local network with admin access to the MicroServer web portal and the ability to manipulate DNS resp...
PT-2026-21768
Name of the Vulnerable Software and Affected Versions Caddy versions prior to 2.11.1 Description Caddy, an extensible server platform that uses TLS by default, has an issue where mTLS client certificate authentication can silently fail open under certain conditions. Specifically, if a CA...
Securing Cross-Domain Internet of Drones: An RFF-PUF Allied Authenticated Key Exchange Protocol with Over-The-Air Enrollment
The Internet of Drones IoD is an emerging and crucial paradigm enabling advanced applications that require seamless, secure communication across heterogeneous and untrusted domains. In such environments, access control and the transmission of sensitive data pose significant security challenges fo...
Analysis of the Security Design, Engineering, and Implementation of the SecureDNA System
We analyze security aspects of the SecureDNA system regarding its system design, engineering, and implementation. This system enables DNA synthesizers to screen order requests against a database of hazards. By applying novel cryptography, the system aims to keep order requests and the database of...