Lucene search
K

6 matches found

vulnersOsv
vulnersOsv
added 2025/06/05 12:37 a.m.8 views

alertwise (=1.0.0), aos-signer (>=0.0.6 <=1.8.0b9) +15 more potentially affected by CVE-2025-48995 via signxml (>=2.10.1 <=4.0.2)

signxml PYPI version =2.10.1, =0.0.6, =0.5.1, =1.0.0, =0.5.1, =1.1.0, =0.1.0, =1.4.0, =2.0.0, =1.0.0, =0.5.3, =0.5.27, =1.5.3, =1.6.3 and more Source cves: CVE-2025-48995 Source advisory: OSV:GHSA-GMHF-GG8W-JW42...

6.9CVSS5.8AI score0.00199EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/06/02 5:41 p.m.6 views

alertwise (=1.0.0) potentially affected by CVE-2025-48995 via signxml (=4.0.2)

signxml PYPI version =4.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on signxml and may be impacted: - alertwise =1.0.0 Source cves: CVE-2025-48995 Source advisory: SNYK:PYTHON-SIGNXML-10303872...

6.9CVSS5.8AI score0.00199EPSS
Exploits0
NVD
NVD
added 2025/06/02 5:15 p.m.12 views

CVE-2025-48995

SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set signxml.XMLVerifier.verifyrequirex509=False, hmackey=..., versions of SignXML prior to 4.0.4 are vulnerable to a potential...

6.9CVSS0.00199EPSS
Exploits0References2
Circl
Circl
added 2025/06/02 5:4 p.m.18 views

CVE-2025-48995

creationtimestamp| type| source ---|---|--- 2025-06-02 17:04:06+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqnawo6y44y2...

6.9CVSS7AI score0.00199EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2025/06/02 4:23 p.m.9 views

CVE-2025-48995

SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set signxml.XMLVerifier.verifyrequirex509=False, hmackey=..., versions of SignXML prior to 4.0.4 are vulnerable to a potential...

6.9CVSS5.2AI score0.00199EPSS
Exploits0
CVE
CVE
added 2025/06/02 4:23 p.m.63 views

CVE-2025-48995

CVE-2025-48995 affects SignXML (Python implementation of W3C XML Signature) prior to 4.0.4. When verify() is called with require_x509=False and an HMAC secret (hmac_key=...), the timing-based vulnerability may leak information about the correct HMAC during the comparison, enabling reconstruction ...

6.9CVSS6.2AI score0.00199EPSS
Exploits0References2
Rows per page
Query Builder