Authentication Bypass

robrichards/xmlseclibs is vulnerable to authentication bypass. The vulnerability is due to improper handling in the libxml2 canonicalization process where invalid XML inputs may return an empty string, which allows an attacker to bypass authentication by manipulating the DigestValue computation...

CVE-2025-66578

xmlseclibs is a library written in PHP for working with XML Encryption and Signatures. Versions 3.1.3 contain an authentication bypass vulnerability due to a flaw in the libxml2 canonicalization process during document transformation. When libxml2’s canonicalization is invoked on an invalid XML...

PT-2025-49776

Name of the Vulnerable Software and Affected Versions xmlseclibs versions prior to 3.1.4 Description xmlseclibs is a PHP library used for XML Encryption and Signatures. Versions of the library before 3.1.4 contain a flaw in the libxml2 canonicalization process during document transformation that...

xml-crypto Vulnerable to XML Signature Verification Bypass via DigestValue Comment

Impact An attacker may be able to exploit this vulnerability to bypass authentication or authorization mechanisms in systems that rely on xml-crypto for verifying signed XML documents. The vulnerability allows an attacker to modify a valid signed XML message in a way that still passes signature...

OPENSUSE-SU-2024:0244-1 Security update for apptainer

This update for apptainer fixes the following issues: - Make sure, digest values handled by the Go library github.com/opencontainers/go-digest and used throughout the Go-implemented containers ecosystem are always validated. This prevents attackers from triggering unexpected authenticated registr...