Lucene search
K

10 matches found

Wolfi
Wolfi
added 2025/03/17 10:43 p.m.18 views

CVE-2025-29774 vulnerabilities

Vulnerabilities for packages: sqlpad...

9.3CVSS7.2AI score0.0905EPSS
Exploits0
Chainguard
Chainguard
added 2025/03/17 10:12 p.m.15 views

CVE-2025-29774 vulnerabilities

Vulnerabilities for packages: sqlpad...

9.3CVSS7.2AI score0.0905EPSS
Exploits0
Circl
Circl
added 2025/03/14 6:40 p.m.8 views

CVE-2025-29774

creationtimestamp| type| source ---|---|--- 2025-03-14 18:40:25+00:00| seen| https://bsky.app/profile/cyberalerts.bsky.social/post/3lkeb4sgac42p 2025-03-14 19:00:48+00:00| published-proof-of-concept| Telegram/pRPgTuKpNgH7y7yHOR5VIq4CCObEljNgHBGQunGS6T0fn0Q 2025-03-14 19:13:10+00:00| seen|...

9.3CVSS8.5AI score0.0905EPSS
Exploits0References9
NVD
NVD
added 2025/03/14 5:15 p.m.11 views

CVE-2025-29774

xml-crypto is an XML digital signature and encryption library for Node.js. An attacker may be able to exploit a vulnerability in versions prior to 6.0.1, 3.2.1, and 2.1.6 to bypass authentication or authorization mechanisms in systems that rely on xml-crypto for verifying signed XML documents. Th...

9.3CVSS0.0905EPSS
Exploits0References8
vulnersOsv
vulnersOsv
added 2025/03/14 5:14 p.m.8 views

@boxyhq/saml-jackson (>=1.11.2 <=1.40.2), @boxyhq/saml20 (>=1.2.4 <=1.8.0) +8 more potentially affected by CVE-2025-29774 via xml-crypto (>=4.1.0 <=6.0.0)

xml-crypto NPM version =4.1.0, =1.11.2, =1.2.4, =1.0.0, =4.0.0, =1.0.0, =0.0.1, =0.0.2 - saml-nofs =3.0.2 - verifactu-utils =1.1.0 Source cves: CVE-2025-29774 Source advisory: OSV:GHSA-9P8X-F768-WP2G...

9.3CVSS7.2AI score0.0905EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/03/14 5:14 p.m.7 views

@boxyhq/saml-jackson (>=1.3.2 <=1.11.1), @boxyhq/saml20 (>=1.0.11 <=1.2.3) +4 more potentially affected by CVE-2025-29774 via xml-crypto (>=3.0.0 <=3.2.0)

xml-crypto NPM version =3.0.0, =1.3.2, =1.0.11, =1.13.3, =1.13.5, =2.1.0, =1.0.0, =1.0.1 Source cves: CVE-2025-29774 Source advisory: OSV:GHSA-9P8X-F768-WP2G...

9.3CVSS7.2AI score0.0905EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/03/14 5:14 p.m.8 views

@13w/soap (=0.26.0), @3wks/gae-node-nestjs (>=0.1.0 <=6.0.0-rc.0) +845 more potentially affected by CVE-2025-29774 via xml-crypto (>=0.0.10 <=2.1.5)

xml-crypto NPM version =0.0.10, =0.1.0, =1.0.4, =0.34.1, =0.34.0, =0.0.1, =0.6.1, =0.1.1, =0.16.9, =0.7.1, =1.0.0, =1.0.0, =0.1.1, =0.1.7 - @amazon-spider-tools/exchange-rate =0.1.0 and more Source cves: CVE-2025-29774 Source advisory: OSV:GHSA-9P8X-F768-WP2G...

9.3CVSS7.2AI score0.0905EPSS
Exploits0
Cvelist
Cvelist
added 2025/03/14 5:5 p.m.17 views

CVE-2025-29774 xml-crypto Vulnerable to XML Signature Verification Bypass via Multiple SignedInfo References

xml-crypto is an XML digital signature and encryption library for Node.js. An attacker may be able to exploit a vulnerability in versions prior to 6.0.1, 3.2.1, and 2.1.6 to bypass authentication or authorization mechanisms in systems that rely on xml-crypto for verifying signed XML documents. Th...

9.3CVSS0.0905EPSS
Exploits0References7
CVE
CVE
added 2025/03/14 5:5 p.m.2071 views

CVE-2025-29774

CVE-2025-29774 concerns the xml-crypto Node.js library. The issue allows an attacker to modify a valid signed XML message such that signature verification still passes, enabling bypass of authentication/authorization in systems that rely on xml-crypto for verifying signed XML. Affected versions a...

9.3CVSS6.9AI score0.0905EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2025/03/14 5:5 p.m.12 views

CVE-2025-29774 xml-crypto Vulnerable to XML Signature Verification Bypass via Multiple SignedInfo References

xml-crypto is an XML digital signature and encryption library for Node.js. An attacker may be able to exploit a vulnerability in versions prior to 6.0.1, 3.2.1, and 2.1.6 to bypass authentication or authorization mechanisms in systems that rely on xml-crypto for verifying signed XML documents. Th...

9.3CVSS7AI score0.0905EPSS
Exploits0References7
Rows per page
Query Builder