148 matches found
EUVD-2023-2883
Malicious code in bioql PyPI...
EUVD-2023-2944
Malicious code in bioql PyPI...
EUVD-2025-16666
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2025-48994
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared...
Algorithm Confusion
signxml is vulnerable to an Algorithm Confusion. The vulnerability is due to Improper enforcement of signature algorithm restrictions are not properly enforced when hmackey is set and requirex509 is disabled, allowing an attacker to bypass verification by using a different signing algorithm inste...
SignXML's signature verification with HMAC is vulnerable to an algorithm confusion attack
When verifying signatures with X509 certificate validation turned off and HMAC shared secret set signxml.XMLVerifier.verifyrequirex509=False, hmackey=..., prior versions of SignXML are vulnerable to a potential algorithm confusion attack. Unless the user explicitly limits the expected signature...
GHSA-6VX8-PCWV-XHF4 SignXML's signature verification with HMAC is vulnerable to an algorithm confusion attack
When verifying signatures with X509 certificate validation turned off and HMAC shared secret set signxml.XMLVerifier.verifyrequirex509=False, hmackey=..., prior versions of SignXML are vulnerable to a potential algorithm confusion attack. Unless the user explicitly limits the expected signature...
CVE-2025-48994
SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set signxml.XMLVerifier.verifyrequirex509=False, hmackey=..., versions of SignXML prior to 4.0.4 are vulnerable to a potential...
DEBIAN-CVE-2025-48994
SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set signxml.XMLVerifier.verifyrequirex509=False, hmackey=..., versions of SignXML prior to 4.0.4 are vulnerable to a potential...
UBUNTU-CVE-2025-48994
SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set signxml.XMLVerifier.verifyrequirex509=False, hmackey=..., versions of SignXML prior to 4.0.4 are vulnerable to a potential...
CVE-2025-48994 SignXML's signature verification with HMAC is vulnerable to an algorithm confusion attack
SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set signxml.XMLVerifier.verifyrequirex509=False, hmackey=..., versions of SignXML prior to 4.0.4 are vulnerable to a potential...
CVE-2025-48994 SignXML's signature verification with HMAC is vulnerable to an algorithm confusion attack
SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set signxml.XMLVerifier.verifyrequirex509=False, hmackey=..., versions of SignXML prior to 4.0.4 are vulnerable to a potential...
CVE-2025-48994
SignXML (Python) prior to 4.0.4 is vulnerable to an algorithm confusion attack when verifying signatures with require_x509=False and hmac_key is set, allowing an attacker to forge a signature under a different algorithm if the expected signature algorithms are not restricted (verify(expect_config...
CVE-2025-48994 SignXML's signature verification with HMAC is vulnerable to an algorithm confusion attack
SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set signxml.XMLVerifier.verifyrequirex509=False, hmackey=..., versions of SignXML prior to 4.0.4 are vulnerable to a potential...
PT-2025-23537 · Signxml · Signxml
Name of the Vulnerable Software and Affected Versions: SignXML versions prior to 4.0.4 Description: The issue concerns a potential algorithm confusion attack when verifying signatures with X509 certificate validation turned off and HMAC shared secret set. This could allow an attacker to supply a...
CVE-2024-54150
cjwt is a C JSON Web Token JWT Implementation. Algorithm confusion occurs when a system improperly verifies the type of signature used, allowing attackers to exploit the lack of distinction between signing methods. If the system doesn't differentiate between an HMAC signed token and an RS/EC/PS...
CVE-2023-48238
joaquimserafim/json-web-token is a javascript library use to interact with JSON Web Tokens JWT which are a compact URL-safe means of representing claims to be transferred between two parties. Versions prior to 4.0.0 are vulnerable to a JWT algorithm confusion attack. On line 86 of the 'index.js'...
Linux Distros Unpatched Vulnerability : CVE-2024-33663
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217. CVE-2024-33663 Note that...
CVE-2024-54150
cjwt is a C JSON Web Token JWT Implementation. Algorithm confusion occurs when a system improperly verifies the type of signature used, allowing attackers to exploit the lack of distinction between signing methods. If the system doesn't differentiate between an HMAC signed token and an RS/EC/PS...
CVE-2024-54150 Algorithm Confusion Vulnerability in cjwt
cjwt is a C JSON Web Token JWT Implementation. Algorithm confusion occurs when a system improperly verifies the type of signature used, allowing attackers to exploit the lack of distinction between signing methods. If the system doesn't differentiate between an HMAC signed token and an RS/EC/PS...