EUVD-2026-17245

The Debugger & Troubleshooter plugin for WordPress was vulnerable to Unauthenticated Privilege Escalation in versions up to and including 1.3.2. This was due to the plugin accepting the wpdebugtroubleshootsimulateuser cookie value directly as a user ID without any cryptographic validation or...

GHSA-W8Q8-93CX-6H7R jsrsasign: Missing cryptographic validation during DSA signing enables private key extraction

Versions of the package jsrsasign before 11.1.1 are vulnerable to Missing Cryptographic Step via the KJUR.crypto.DSA.signWithMessageHash process in the DSA signing implementation. An attacker can recover the private key by forcing r or s to be zero, so the library emits an invalid signature witho...

GHSA-M344-F55W-2M6J Authlib: Fail-Open Cryptographic Verification in OIDC Hash Binding

Executive Summary A critical library-level vulnerability was identified in the Authlib Python library concerning the validation of OpenID Connect OIDC ID Tokens. Specifically, the internal hash verification logic verifyhash responsible for validating the athash Access Token Hash and chash...

CVE-2026-30791 RustDesk Client Accepts Pseudo-Encrypted Config Strings Without Cryptographic Validation

Use of a Broken or Risky Cryptographic Algorithm vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient Config import, URI scheme handler, CLI --config modules allows Retrieve Embedded Sensitive Data. This vulnerability is associated wit...

CVE-2026-30791

CVE-2026-30791 affects RustDesk Client up to version 1.4.5 across Windows, macOS, Linux, iOS, Android, and WebClient. The issue stems from use of a broken or risky cryptographic algorithm in config import, URI scheme handler, and CLI --config modules, enabling retrieval of embedded sensitive data...

CVE-2026-30791 RustDesk Client Accepts Pseudo-Encrypted Config Strings Without Cryptographic Validation

Use of a Broken or Risky Cryptographic Algorithm vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient Config import, URI scheme handler, CLI --config modules allows Retrieve Embedded Sensitive Data. This vulnerability is associated wit...

Fortinet多款产品 数据伪造问题漏洞

Fortinet FortiOS and others are products of Fortinet, Inc.Fortinet FortiOS is a dedicated security operating system on the FortiGate network security platform.Fortinet FortiProxy is a secure network proxy that protects employees from network attacks by combining a variety of detection technologie...

CVE-2025-54549

Cryptographic validation of upgrade images could be circumventing by dropping a specifically crafted file into the upgrade ISO...

EUVD-2025-36882

Cryptographic validation of upgrade images could be circumventing by dropping a specifically crafted file into the upgrade ISO...

CVE-2025-54549 Cryptographic validation of upgrade images could be circumventing by dropping a specifically crafted file into the upgrade ISO

Cryptographic validation of upgrade images could be circumventing by dropping a specifically crafted file into the upgrade ISO...

CVE-2025-54549

CVE-2025-54549 affects Arista DANZ Monitoring Fabric, Converged Cloud Fabric, CloudVision Appliance, and Multi-Cloud Director; issue is bypass of cryptographic validation of upgrade images via a crafted upgrade ISO. Arista Fixed versions: DMF 8.7.1+ (and 8.6.2+/8.5.3+/8.4.6+), CCF 6.2.5+, CVA 7.1...

CVE-2025-54549 Cryptographic validation of upgrade images could be circumventing by dropping a specifically crafted file into the upgrade ISO

Cryptographic validation of upgrade images could be circumventing by dropping a specifically crafted file into the upgrade ISO...

PT-2025-44364

Name of the Vulnerable Software and Affected Versions Versions prior to 2025-54549 Description The cryptographic validation of upgrade images can be bypassed by placing a specially crafted file within the upgrade ISO. Recommendations At the moment, there is no information about a newer version th...

EUVD-2017-12324

Malware in sbrugna...

EUVD-2022-32816

Malicious code in bioql PyPI...

CVE-2022-28370

On Verizon 5G Home LVSKIHP OutDoorUnit ODU 3.33.101.0 devices, the RPC endpoint crtcfwupgrade provides a means of provisioning a firmware update for the device. /lib/functions/wncjsonsh/wnccrtcfw.sh has no cryptographic validation of the image, thus allowing an attacker to modify the installed...

LibreOffice 安全漏洞

LibreOffice is an open source office software suite from The Document Foundation. A security vulnerability exists in LibreOffice version 24.8 up to and including version 24.8.6 and version 25.2 up to and including version 25.2.2, which stems from improper cryptographic signature validation and...

CVE-2023-23342 HCL Nomad for web is affected by cryptographic validation of local data access that can be circumvented

If certain local files are manipulated in a certain manner, the validation to use the cryptographic keys can be circumvented...

CVE-2023-23342 HCL Nomad for web is affected by cryptographic validation of local data access that can be circumvented

If certain local files are manipulated in a certain manner, the validation to use the cryptographic keys can be circumvented...

多款Dell产品 数据伪造问题漏洞

Dell Command Update and Dell Update and Alienware Update are both products of Dell, Inc.Dell Command Update is a tool used to automatically update drivers, BIOS, and firmware in Dell products.Dell Update and Alienware Update is an update application. A security vulnerability exists in Dell...