570 matches found
CVE-2026-23965 sm-crypto Affected by Signature Forgery in SM2-DSA
sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A signature forgery vulnerability exists in the SM2 signature verification logic of sm-crypto prior to version 0.4.0. Under default configurations, an attacker can forge valid signatures for...
CVE-2026-23965
sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A signature forgery vulnerability exists in the SM2 signature verification logic of sm-crypto prior to version 0.4.0. Under default configurations, an attacker can forge valid signatures for...
CVE-2026-23965
CVE-2026-23965 affects the JavaScript library sm-crypto, which implements SM2/SM3/SM4. The issue lies in the SM2 signature verification logic in versions prior to 0.4.0. Under default configurations, an attacker can forge valid signatures for arbitrary public keys, enabling signature forgery. If ...
CVE-2026-23965 sm-crypto Affected by Signature Forgery in SM2-DSA
sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A signature forgery vulnerability exists in the SM2 signature verification logic of sm-crypto prior to version 0.4.0. Under default configurations, an attacker can forge valid signatures for...
CVE-2026-23967
sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A signature malleability vulnerability exists in the SM2 signature verification logic of the sm-crypto library prior to version 0.3.14. An attacker can derive a new valid signature for a...
sm-crypto data forgery vulnerability
sm-crypto is an encryption algorithm developed by June01, a personal developer. Versions of sm-crypto prior to 0.4.0 had a data forgery vulnerability. This vulnerability stemmed from defects in the SM2 signature verification logic, which could lead to signature forgery...
sm-crypto Affected by Signature Forgery in SM2-DSA
Summary A signature forgery vulnerability exists in the SM2 signature verification logic of sm-crypto. Under default configurations, an attacker can forge valid signatures for arbitrary public keys. If the message space contains sufficient redundancy, the attacker can fix the prefix of the messag...
GHSA-HPWG-XG7M-3P6M sm-crypto Affected by Signature Forgery in SM2-DSA
Summary A signature forgery vulnerability exists in the SM2 signature verification logic of sm-crypto. Under default configurations, an attacker can forge valid signatures for arbitrary public keys. If the message space contains sufficient redundancy, the attacker can fix the prefix of the messag...
Improper Verification of Cryptographic Signature
Overview sm-crypto is a sm-crypto Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the SM2 signature verification process. An attacker can create a new valid signature for a previously signed message by manipulating an existing signature...
PT-2026-3892
Name of the Vulnerable Software and Affected Versions sm-crypto versions prior to 0.4.0 Description sm-crypto provides JavaScript implementations of Chinese cryptographic algorithms SM2, SM3, and SM4. A flaw exists in the SM2 signature verification logic that allows an attacker to forge valid...
Siemens Ruggedcom ROX Improper Neutralization of Special Elements in Output Used by a Downstream Component (CVE-2022-34903)
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints e.g., use of GPGME are met, allows signature forgery via injection into the status line. This plugin only works with Tenable.ot. Please visit...
Unity Linux 20.1070e Security Update: poppler (UTSA-2025-993337)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993337 advisory. NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries. Tenable ha...
DEBIAN-CVE-2025-68972
In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds although an "invalid armor" message is printed...
cggmp24 and cggmp21 are vulnerable to signature forgery through altered presignatures
Impact This attack is against presignatures used in very specific context: Presignatures + HD wallets derivation: security level reduces to 85 bits \ Previously users could generate a presignature, and then choose a HD derivation path while issuing a partial signature via...
CGGMP21 presignatures can be used in the way that significantly reduces security
This attack is against presignatures used in very specific context: Presignatures + HD wallets derivation: security level reduces to 85 bits \ Previously you could generate a presignature, and then choose a HD derivation path while issuing a partial signature via Presignature::setderivationpath,...
CGGMP21 presignatures can be used in the way that significantly reduces security
This attack is against presignatures used in very specific context: Presignatures + HD wallets derivation: security level reduces to 85 bits \ Previously you could generate a presignature, and then choose a HD derivation path while issuing a partial signature via Presignature::setderivationpath,...
TencentOS Server 4: poppler (TSSA-2025:0636)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0636 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
OESA-2025-2522 poppler security update
is a PDF rendering library. Security Fixes: NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries.CVE-2025-43903...
OESA-2025-2521 poppler security update
is a PDF rendering library. Security Fixes: NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries.CVE-2025-43903...
JLSEC-2025-92 GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information fr...
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints e.g., use of GPGME are met, allows signature forgery via injection into the status line...