Lucene search
+L

5 matches found

nessus
nessus
added 2025/09/10 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2025-48994

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared...

6.9CVSS6.1AI score0.00192EPSS
Exploits0References2
redhatcve
redhatcve
added 2025/06/04 5:14 p.m.14 views

CVE-2025-48994

SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set signxml.XMLVerifier.verifyrequirex509=False, hmackey=..., versions of SignXML prior to 4.0.4 are vulnerable to a potential...

6.9CVSS7.1AI score0.00192EPSS
Exploits0References1
circl
circl
added 2025/06/02 5:4 p.m.10 views

CVE-2025-48994

creationtimestamp| type| source ---|---|--- 2025-06-02 17:04:09+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqnaxexf24s2...

6.9CVSS7AI score0.00192EPSS
Exploits0References1
cvelist
cvelist
added 2025/06/02 4:22 p.m.21 views

CVE-2025-48994 SignXML's signature verification with HMAC is vulnerable to an algorithm confusion attack

SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set signxml.XMLVerifier.verifyrequirex509=False, hmackey=..., versions of SignXML prior to 4.0.4 are vulnerable to a potential...

6.9CVSS0.00192EPSS
Exploits0References2
cve
cve
added 2025/06/02 4:22 p.m.75 views

CVE-2025-48994

SignXML (Python) prior to 4.0.4 is vulnerable to an algorithm confusion attack when verifying signatures with require_x509=False and hmac_key is set, allowing an attacker to forge a signature under a different algorithm if the expected signature algorithms are not restricted (verify(expect_config...

6.9CVSS6.5AI score0.00192EPSS
Exploits0References2
Rows per page
Query Builder