10 matches found
CVE-2025-29774 vulnerabilities
Vulnerabilities for packages: sqlpad...
CVE-2025-29774 vulnerabilities
Vulnerabilities for packages: sqlpad...
CVE-2025-29774
creationtimestamp| type| source ---|---|--- 2025-03-14 18:40:25+00:00| seen| https://bsky.app/profile/cyberalerts.bsky.social/post/3lkeb4sgac42p 2025-03-14 19:00:48+00:00| published-proof-of-concept| Telegram/pRPgTuKpNgH7y7yHOR5VIq4CCObEljNgHBGQunGS6T0fn0Q 2025-03-14 19:13:10+00:00| seen|...
CVE-2025-29774
xml-crypto is an XML digital signature and encryption library for Node.js. An attacker may be able to exploit a vulnerability in versions prior to 6.0.1, 3.2.1, and 2.1.6 to bypass authentication or authorization mechanisms in systems that rely on xml-crypto for verifying signed XML documents. Th...
@boxyhq/saml-jackson (>=1.11.2 <=1.40.2), @boxyhq/saml20 (>=1.2.4 <=1.8.0) +8 more potentially affected by CVE-2025-29774 via xml-crypto (>=4.1.0 <=6.0.0)
xml-crypto NPM version =4.1.0, =1.11.2, =1.2.4, =1.0.0, =4.0.0, =1.0.0, =0.0.1, =0.0.2 - saml-nofs =3.0.2 - verifactu-utils =1.1.0 Source cves: CVE-2025-29774 Source advisory: OSV:GHSA-9P8X-F768-WP2G...
@boxyhq/saml-jackson (>=1.3.2 <=1.11.1), @boxyhq/saml20 (>=1.0.11 <=1.2.3) +4 more potentially affected by CVE-2025-29774 via xml-crypto (>=3.0.0 <=3.2.0)
xml-crypto NPM version =3.0.0, =1.3.2, =1.0.11, =1.13.3, =1.13.5, =2.1.0, =1.0.0, =1.0.1 Source cves: CVE-2025-29774 Source advisory: OSV:GHSA-9P8X-F768-WP2G...
@13w/soap (=0.26.0), @3wks/gae-node-nestjs (>=0.1.0 <=6.0.0-rc.0) +845 more potentially affected by CVE-2025-29774 via xml-crypto (>=0.0.10 <=2.1.5)
xml-crypto NPM version =0.0.10, =0.1.0, =1.0.4, =0.34.1, =0.34.0, =0.0.1, =0.6.1, =0.1.1, =0.16.9, =0.7.1, =1.0.0, =1.0.0, =0.1.1, =0.1.7 - @amazon-spider-tools/exchange-rate =0.1.0 and more Source cves: CVE-2025-29774 Source advisory: OSV:GHSA-9P8X-F768-WP2G...
CVE-2025-29774 xml-crypto Vulnerable to XML Signature Verification Bypass via Multiple SignedInfo References
xml-crypto is an XML digital signature and encryption library for Node.js. An attacker may be able to exploit a vulnerability in versions prior to 6.0.1, 3.2.1, and 2.1.6 to bypass authentication or authorization mechanisms in systems that rely on xml-crypto for verifying signed XML documents. Th...
CVE-2025-29774
CVE-2025-29774 concerns the xml-crypto Node.js library. The issue allows an attacker to modify a valid signed XML message such that signature verification still passes, enabling bypass of authentication/authorization in systems that rely on xml-crypto for verifying signed XML. Affected versions a...
CVE-2025-29774 xml-crypto Vulnerable to XML Signature Verification Bypass via Multiple SignedInfo References
xml-crypto is an XML digital signature and encryption library for Node.js. An attacker may be able to exploit a vulnerability in versions prior to 6.0.1, 3.2.1, and 2.1.6 to bypass authentication or authorization mechanisms in systems that rely on xml-crypto for verifying signed XML documents. Th...