Lucene search
+L

283 matches found

RedhatCVE
RedhatCVE
added 2026/02/19 7:21 p.m.9 views

CVE-2025-69287

The BSV Blockchain SDK is a unified TypeScript SDK for developing scalable apps on the BSV Blockchain. Prior to version 2.0.0, a cryptographic vulnerability in the TypeScript SDK's BRC-104 authentication implementation caused incorrect signature data preparation, resulting in signature...

5.4CVSS5.7AI score0.00286EPSS
Exploits0References1
NVD
NVD
added 2026/02/18 7:21 p.m.7 views

CVE-2025-69287

The BSV Blockchain SDK is a unified TypeScript SDK for developing scalable apps on the BSV Blockchain. Prior to version 2.0.0, a cryptographic vulnerability in the TypeScript SDK's BRC-104 authentication implementation caused incorrect signature data preparation, resulting in signature...

5.4CVSS0.00286EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/18 6:42 p.m.27 views

CVE-2025-69287 BSV Blockchain SDK has an Authentication Signature Data Preparation Vulnerability

The BSV Blockchain SDK is a unified TypeScript SDK for developing scalable apps on the BSV Blockchain. Prior to version 2.0.0, a cryptographic vulnerability in the TypeScript SDK's BRC-104 authentication implementation caused incorrect signature data preparation, resulting in signature...

5.4CVSS0.00286EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/18 6:42 p.m.3 views

CVE-2025-69287 BSV Blockchain SDK has an Authentication Signature Data Preparation Vulnerability

The BSV Blockchain SDK is a unified TypeScript SDK for developing scalable apps on the BSV Blockchain. Prior to version 2.0.0, a cryptographic vulnerability in the TypeScript SDK's BRC-104 authentication implementation caused incorrect signature data preparation, resulting in signature...

5.4CVSS5.7AI score0.00286EPSS
Exploits0References2
CVE
CVE
added 2026/02/18 6:42 p.m.15 views

CVE-2025-69287

CVE-2025-69287 relates to the BSV Blockchain SDK prior to v2.0.0, where the TypeScript SDK’s BRC-104 mutual authentication data preparation was flawed. Specifically, processInitialRequest/processInitialResponse concatenated base64 nonce strings and decoded the result, producing ~32–34 bytes of si...

5.4CVSS5.7AI score0.00286EPSS
Exploits0References2
OSV
OSV
added 2026/02/18 6:42 p.m.8 views

CVE-2025-69287 BSV Blockchain SDK has an Authentication Signature Data Preparation Vulnerability

The BSV Blockchain SDK is a unified TypeScript SDK for developing scalable apps on the BSV Blockchain. Prior to version 2.0.0, a cryptographic vulnerability in the TypeScript SDK's BRC-104 authentication implementation caused incorrect signature data preparation, resulting in signature...

5.4CVSS5.7AI score0.00286EPSS
Exploits0References4
Snyk
Snyk
added 2026/02/17 4:13 p.m.4 views

Improper Following of Specification by Caller

Overview @bsv/sdk is a BSV Blockchain Software Development Kit Affected versions of this package are vulnerable to Improper Following of Specification by Caller in the Peer class, used by the processInitialRequest and processInitialResponse methods. An attacker can cause a signature to be...

7.3CVSS5.6AI score0.00286EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.12 views

PT-2026-20262

Name of the Vulnerable Software and Affected Versions BSV Blockchain SDK versions prior to 2.0.0 Description A cryptographic issue exists in the BSV Blockchain SDK's BRC-104 authentication implementation. Specifically, incorrect signature data preparation in the Peer.ts file, within the...

5.4CVSS5.4AI score0.00286EPSS
Exploits0References5
Packet Storm News
Packet Storm News
added 2026/02/01 12:0 a.m.9 views

SMCP: Secure Model Context Protocol

Agentic AI systems built around large language models LLMs are moving away from closed, single-model frameworks and toward open ecosystems that connect a variety of agents, external tools, and resources. The Model Context Protocol MCP has emerged as a standard to unify tool access, allowing agent...

5.4AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/09 10:18 a.m.17 views

CVE-2019-18246

BIOTRONIK CardioMessenger II, The affected products do not properly enforce mutual authentication with the BIOTRONIK Remote Communication infrastructure...

4.3CVSS7.3AI score0.00464EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:58 a.m.4 views

CVE-2023-31127

libspdm is a sample implementation that follows the DMTF SPDM specifications. A vulnerability has been identified in SPDM session establishment in libspdm prior to version 2.3.1. If a device supports both DHE session and PSK session with mutual authentication, the attacker may be able to establis...

9CVSS6.9AI score0.00943EPSS
Exploits0References1
OSV
OSV
added 2026/01/08 12:31 a.m.5 views

GHSA-VJ87-JJ27-4H9C wolfSSL Python module vulnerable to Improper Authentication

A vulnerability in the handling of verifymode = CERTREQUIRED in the wolfssl Python package wolfssl-py causes client certificate requirements to not be fully enforced. Because the WOLFSSLVERIFYFAILIFNOPEERCERT flag was not included, the behavior effectively matched CERTOPTIONAL: a peer certificate...

9.3CVSS6.7AI score0.00272EPSS
Exploits0References5
OSV
OSV
added 2026/01/08 12:15 a.m.4 views

DEBIAN-CVE-2025-15346

A vulnerability in the handling of verifymode = CERTREQUIRED in the wolfssl Python package wolfssl-py causes client certificate requirements to not be fully enforced. Because the WOLFSSLVERIFYFAILIFNOPEERCERT flag was not included, the behavior effectively matched CERTOPTIONAL: a peer certificate...

9.3CVSS6.7AI score0.00272EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/08 12:0 a.m.6 views

wolfssl-py 安全漏洞

wolfssl-py is an open source Python packaging tool from wolfSSL. A security vulnerability exists in wolfssl-py version 5.8.2 and earlier that stems from not fully enforcing client certificate requirements, which could lead to improper authentication and bypassing mutual TLS client authentication...

9.3CVSS6.6AI score0.00272EPSS
Exploits0References3
CVE
CVE
added 2026/01/07 11:32 p.m.27 views

CVE-2025-15346

The wolfssl-py Python package is affected by CVE-2025-15346 due to improper enforcement of client certificate requirements when verify_mode is CERT_REQUIRED. The root cause is failure to include WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, making behavior effectively CERT_OPTIONAL: a peer certificate is ...

9.3CVSS6.4AI score0.00272EPSS
Exploits0References3
OSV
OSV
added 2026/01/07 11:32 p.m.6 views

CVE-2025-15346 wolfSSL Python library `CERT_REQUIRED` mode fails to enforce client certificate requirement

A vulnerability in the handling of verifymode = CERTREQUIRED in the wolfssl Python package wolfssl-py causes client certificate requirements to not be fully enforced. Because the WOLFSSLVERIFYFAILIFNOPEERCERT flag was not included, the behavior effectively matched CERTOPTIONAL: a peer certificate...

9.3CVSS5.9AI score0.00272EPSS
Exploits0References7
CVE
CVE
added 2026/01/07 7:56 p.m.20 views

CVE-2025-61939

CVE-2025-61939 concerns Columbia Weather Systems MicroServer. An unused function can initiate a reverse SSH connection to a vendor-registered domain without mutual authentication. An attacker on a local network with admin access to the MicroServer web portal and the ability to manipulate DNS resp...

8.8CVSS6.2AI score0.00241EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.11 views

PT-2026-21768

Name of the Vulnerable Software and Affected Versions Caddy versions prior to 2.11.1 Description Caddy, an extensible server platform that uses TLS by default, has an issue where mTLS client certificate authentication can silently fail open under certain conditions. Specifically, if a CA...

9.9CVSS5.2AI score0.34346EPSS
Exploits45References123
Packet Storm News
Packet Storm News
added 2025/12/25 12:0 a.m.7 views

Securing Cross-Domain Internet of Drones: An RFF-PUF Allied Authenticated Key Exchange Protocol with Over-The-Air Enrollment

The Internet of Drones IoD is an emerging and crucial paradigm enabling advanced applications that require seamless, secure communication across heterogeneous and untrusted domains. In such environments, access control and the transmission of sensitive data pose significant security challenges fo...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/09 12:0 a.m.5 views

Analysis of the Security Design, Engineering, and Implementation of the SecureDNA System

We analyze security aspects of the SecureDNA system regarding its system design, engineering, and implementation. This system enables DNA synthesizers to screen order requests against a database of hazards. By applying novel cryptography, the system aims to keep order requests and the database of...

7.3AI score
Exploits0
Rows per page
Query Builder