Lucene search
K

148 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-2883

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00307EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-2944

Malicious code in bioql PyPI...

5.9CVSS6AI score0.00687EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2025-16666

Malicious code in bioql PyPI...

6.9CVSS6.3AI score0.00192EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2025-48994

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared...

6.9CVSS5.8AI score0.00192EPSS
Exploits0References2
Veracode
Veracode
added 2025/06/06 6:19 a.m.7 views

Algorithm Confusion

signxml is vulnerable to an Algorithm Confusion. The vulnerability is due to Improper enforcement of signature algorithm restrictions are not properly enforced when hmackey is set and requirex509 is disabled, allowing an attacker to bypass verification by using a different signing algorithm inste...

6.9CVSS6.1AI score0.00192EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/06/05 12:38 a.m.17 views

SignXML's signature verification with HMAC is vulnerable to an algorithm confusion attack

When verifying signatures with X509 certificate validation turned off and HMAC shared secret set signxml.XMLVerifier.verifyrequirex509=False, hmackey=..., prior versions of SignXML are vulnerable to a potential algorithm confusion attack. Unless the user explicitly limits the expected signature...

6.9CVSS6.6AI score0.00192EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/06/05 12:38 a.m.8 views

GHSA-6VX8-PCWV-XHF4 SignXML's signature verification with HMAC is vulnerable to an algorithm confusion attack

When verifying signatures with X509 certificate validation turned off and HMAC shared secret set signxml.XMLVerifier.verifyrequirex509=False, hmackey=..., prior versions of SignXML are vulnerable to a potential algorithm confusion attack. Unless the user explicitly limits the expected signature...

6.9CVSS5.8AI score0.00192EPSS
Exploits0References4
NVD
NVD
added 2025/06/02 5:15 p.m.12 views

CVE-2025-48994

SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set signxml.XMLVerifier.verifyrequirex509=False, hmackey=..., versions of SignXML prior to 4.0.4 are vulnerable to a potential...

6.9CVSS0.00192EPSS
Exploits0References2
OSV
OSV
added 2025/06/02 5:15 p.m.2 views

DEBIAN-CVE-2025-48994

SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set signxml.XMLVerifier.verifyrequirex509=False, hmackey=..., versions of SignXML prior to 4.0.4 are vulnerable to a potential...

6.9CVSS5.2AI score0.00192EPSS
Exploits0References1
OSV
OSV
added 2025/06/02 5:15 p.m.3 views

UBUNTU-CVE-2025-48994

SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set signxml.XMLVerifier.verifyrequirex509=False, hmackey=..., versions of SignXML prior to 4.0.4 are vulnerable to a potential...

6.9CVSS5.8AI score0.00192EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/06/02 4:22 p.m.19 views

CVE-2025-48994 SignXML's signature verification with HMAC is vulnerable to an algorithm confusion attack

SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set signxml.XMLVerifier.verifyrequirex509=False, hmackey=..., versions of SignXML prior to 4.0.4 are vulnerable to a potential...

6.9CVSS0.00192EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/06/02 4:22 p.m.13 views

CVE-2025-48994 SignXML's signature verification with HMAC is vulnerable to an algorithm confusion attack

SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set signxml.XMLVerifier.verifyrequirex509=False, hmackey=..., versions of SignXML prior to 4.0.4 are vulnerable to a potential...

6.9CVSS6.5AI score0.00192EPSS
Exploits0References2
CVE
CVE
added 2025/06/02 4:22 p.m.72 views

CVE-2025-48994

SignXML (Python) prior to 4.0.4 is vulnerable to an algorithm confusion attack when verifying signatures with require_x509=False and hmac_key is set, allowing an attacker to forge a signature under a different algorithm if the expected signature algorithms are not restricted (verify(expect_config...

6.9CVSS6.5AI score0.00192EPSS
Exploits0References2
OSV
OSV
added 2025/06/02 4:22 p.m.5 views

CVE-2025-48994 SignXML's signature verification with HMAC is vulnerable to an algorithm confusion attack

SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set signxml.XMLVerifier.verifyrequirex509=False, hmackey=..., versions of SignXML prior to 4.0.4 are vulnerable to a potential...

6.9CVSS6.5AI score0.00192EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/06/02 12:0 a.m.3 views

PT-2025-23537 · Signxml · Signxml

Name of the Vulnerable Software and Affected Versions: SignXML versions prior to 4.0.4 Description: The issue concerns a potential algorithm confusion attack when verifying signatures with X509 certificate validation turned off and HMAC shared secret set. This could allow an attacker to supply a...

6.9CVSS6.2AI score0.00192EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2025/05/23 8:12 a.m.11 views

CVE-2024-54150

cjwt is a C JSON Web Token JWT Implementation. Algorithm confusion occurs when a system improperly verifies the type of signature used, allowing attackers to exploit the lack of distinction between signing methods. If the system doesn't differentiate between an HMAC signed token and an RS/EC/PS...

9.1CVSS6.8AI score0.00384EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:44 a.m.8 views

CVE-2023-48238

joaquimserafim/json-web-token is a javascript library use to interact with JSON Web Tokens JWT which are a compact URL-safe means of representing claims to be transferred between two parties. Versions prior to 4.0.0 are vulnerable to a JWT algorithm confusion attack. On line 86 of the 'index.js'...

7.5CVSS7AI score0.00307EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2024-33663

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217. CVE-2024-33663 Note that...

6.5CVSS6.9AI score0.00307EPSS
Exploits1References3
NVD
NVD
added 2024/12/19 7:15 p.m.18 views

CVE-2024-54150

cjwt is a C JSON Web Token JWT Implementation. Algorithm confusion occurs when a system improperly verifies the type of signature used, allowing attackers to exploit the lack of distinction between signing methods. If the system doesn't differentiate between an HMAC signed token and an RS/EC/PS...

9.1CVSS0.00384EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/12/19 6:22 p.m.16 views

CVE-2024-54150 Algorithm Confusion Vulnerability in cjwt

cjwt is a C JSON Web Token JWT Implementation. Algorithm confusion occurs when a system improperly verifies the type of signature used, allowing attackers to exploit the lack of distinction between signing methods. If the system doesn't differentiate between an HMAC signed token and an RS/EC/PS...

8.7CVSS6.8AI score0.00384EPSS
Exploits0References2
Rows per page
Query Builder