5304 matches found
CVE-2025-59685
Kazaar 1.25.12 allows a JWT with none in the alg field...
American Fuzzy Lop plus plus 4.34c
Google's American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple but rock-solid instrumentation-guided genetic algorithm. afl++ is a superior fork to Google's afl. It has more speed, more and better mutations, more and better instrumentation, custom module support, etc...
CVE-2025-59685
CVE-2025-59685 affects Kazaar 1.25.12, where a JSON Web Token (JWT) with alg: none can be accepted, potentially enabling authentication bypass. The NVD entry lists CVSSv3.1 base score 5.3 (Medium) with network attack vector, low attack complexity, no privileges required, and no user interaction. ...
PT-2025-40098
Name of the Vulnerable Software and Affected Versions Linux Kernel affected versions not specified Description The Linux kernel contains an issue within the erofs filesystem related to encoded extents. The algorithm sanity checks do not correctly apply to new encoded extents, leading to...
Linux Distros Unpatched Vulnerability : CVE-2025-9231
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: A timing side-channel which could potentially allow remote recovery of the private key exists in the SM2 algorithm implementation on 64 bit ARM...
PT-2025-40251
Name of the Vulnerable Software and Affected Versions Kazaar version 1.25.12 Description The software allows a JSON Web Token JWT with 'none' specified in the 'alg' field. This can potentially compromise the integrity of the authentication process. Recommendations At the moment, there is no...
OpenSSL Timing Side-Channel Vulnerability (20250930, CVE-2025-9231) - Linux
OpenSSL is prone to a timing side-channel vulnerability in SM2 algorithm on 64 bit ARM. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
OpenSSL Timing Side-Channel Vulnerability (20250930, CVE-2025-9231) - Windows
OpenSSL is prone to a timing side-channel vulnerability in SM2 algorithm on 64 bit ARM. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2025-9231
Issue summary: A timing side-channel which could potentially allow remote recovery of the private key exists in the SM2 algorithm implementation on 64 bit ARM platforms. Impact summary: A timing side-channel in SM2 signature computations on 64 bit ARM platforms could allow recovering the private...
ALPINE-CVE-2025-9231
Issue summary: A timing side-channel which could potentially allow remote recovery of the private key exists in the SM2 algorithm implementation on 64 bit ARM platforms. Impact summary: A timing side-channel in SM2 signature computations on 64 bit ARM platforms could allow recovering the private...
CVE-2025-9231 Timing side-channel in SM2 algorithm on 64 bit ARM
Issue summary: A timing side-channel which could potentially allow remote recovery of the private key exists in the SM2 algorithm implementation on 64 bit ARM platforms. Impact summary: A timing side-channel in SM2 signature computations on 64 bit ARM platforms could allow recovering the private...
CVE-2025-9231
CVE-2025-9231 describes a timing side-channel in OpenSSL’s SM2 implementation on 64-bit ARM, which could allow remote recovery of the private key under a custom provider scenario. OpenSSL TLS with SM2 certificates is not common, but the issue is considered Moderate. Connected advisories show affe...
CVE-2025-9231
Issue summary: A timing side-channel which could potentially allow remote recovery of the private key exists in the SM2 algorithm implementation on 64 bit ARM platforms. Impact summary: A timing side-channel in SM2 signature computations on 64 bit ARM platforms could allow recovering the private...
CVE-2025-9231 Timing side-channel in SM2 algorithm on 64 bit ARM
Issue summary: A timing side-channel which could potentially allow remote recovery of the private key exists in the SM2 algorithm implementation on 64 bit ARM platforms. Impact summary: A timing side-channel in SM2 signature computations on 64 bit ARM platforms could allow recovering the private...
OpenSSL 安全漏洞
OpenSSL is an open source general-purpose cryptographic library capable of implementing the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols from the OpenSSL team. It supports a wide range of cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure...
UBUNTU-CVE-2025-9231
Issue summary: A timing side-channel which could potentially allow remote recovery of the private key exists in the SM2 algorithm implementation on 64 bit ARM platforms. Impact summary: A timing side-channel in SM2 signature computations on 64 bit ARM platforms could allow recovering the private...
PT-2025-39987
Name of the Vulnerable Software and Affected Versions OpenSSL versions prior to 3.5.4 OpenSSL versions prior to 3.4.3 OpenSSL versions prior to 3.3.5 OpenSSL versions prior to 3.2.6 Description A timing side-channel exists in the SM2 algorithm implementation on 64-bit ARM platforms, potentially...
CVE-2025-59934
Formbricks is an open source qualtrics alternative. Prior to version 4.0.1, Formbricks is missing JWT signature verification. This vulnerability stems from a token validation routine that only decodes JWTs jwt.decode without verifying their signatures. Both the email verification token login path...
CVE-2025-59934 Formbricks missing JWT signature verification
Formbricks is an open source qualtrics alternative. Prior to version 4.0.1, Formbricks is missing JWT signature verification. This vulnerability stems from a token validation routine that only decodes JWTs jwt.decode without verifying their signatures. Both the email verification token login path...
PT-2025-39695
Name of the Vulnerable Software and Affected Versions Formbricks versions prior to 4.0.1 Description Formbricks, an open source qualtrics alternative, is affected by a missing JWT signature verification issue. The token validation routine only decodes JWTs without verifying their signatures,...