CVE-2026-31946

OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. From version 10.5.4 to before version 20.2.5, OpenOLAT's OpenID Connect implicit flow implementation does not verify JWT signatures. The JSONWebToken.parse method silently discards the...

CVE-2025-15575

The firmware update functionality does not verify the authenticity of the supplied firmware update files. This allows attackers to flash malicious firmware update files on the device. Initial analysis of the firmware update functionality does not show any cryptographic checks e.g. digital signatu...

CVE-2025-15575

The firmware update functionality does not verify the authenticity of the supplied firmware update files. This allows attackers to flash malicious firmware update files on the device. Initial analysis of the firmware update functionality does not show any cryptographic checks e.g. digital signatu...

CVE-2025-15575

The CVE-2025-15575 issue affects Solax Power Pocket WiFi. The firmware update functionality does not verify the authenticity of supplied firmware update files and lacks cryptographic checks (e.g., digital signatures). ESP32 security features such as secure boot are not used. Root cause: no authen...

PT-2026-7837

Name of the Vulnerable Software and Affected Versions Solax Power Pocket WiFi affected versions not specified Description The firmware update functionality lacks verification of the authenticity of supplied firmware update files. This allows attackers to flash malicious firmware updates onto the...

SUSE CVE-2025-12816

An interpretation-conflict CWE-436 vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic verifications and security decisions...

DEBIAN-CVE-2025-12816

An interpretation-conflict CWE-436 vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic verifications and security decisions...

CVE-2025-12816

An interpretation-conflict CWE-436 vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic verifications and security decisions...

Interpretation Conflict

Overview node-forge is a JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities. Affected versions of this package are vulnerable to Interpretation Conflict via the asn1.validate function. An attacker can cause schema validation to...

PT-2025-48075

Name of the Vulnerable Software and Affected Versions node-forge versions 1.3.1 and earlier Description An interpretation-conflict issue exists in node-forge. Unauthenticated attackers can create specific ASN.1 structures that disrupt schema validations. This can lead to a difference in how data ...

CVE-2021-38396

The programmer installation utility does not perform a cryptographic authenticity or integrity checks of the software on the flash drive. An attacker could leverage this weakness to install unauthorized software using a specially crafted USB...

CVE-2021-38396

The CVE-2021-38396 issue affects Boston Scientific ZOOM LATITUDE Programmer/Recorder/Monitor Model 3120. The vulnerability is due to the programmer installation utility not performing cryptographic authenticity or integrity checks on software on the flash drive, enabling an attacker with physical...

PT-2021-22109 · Boston Scientific · Zoom Latitude +1

Name of the Vulnerable Software and Affected Versions: Programmer installation utility affected versions not specified Description: The issue arises from the programmer installation utility's failure to perform cryptographic authenticity or integrity checks on the software stored on a flash drive...

ntp: incomplete checks in ntp_crypto.c

It was found that the fix for CVE-2014-9750 was incomplete: three issues were found in the value length checks in NTP's ntpcrypto.c, where a packet with particular autokey operations that contained malicious data was not always being completely validated. A remote attacker could use a specially...