Huawei EulerOS: Security Advisory for krb5 (EulerOS-SA-2025-2547)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2025-52522

Name of the Vulnerable Software and Affected Versions Ever Gauzy version 0.281.9 Description The software contains a JWT authentication issue due to a weak HMAC secret key implementation. This allows attackers to exploit the exposed JWT token to authenticate and gain unauthorized access,...

CVE-2013-10031

Plack-Middleware-Session versions before 0.17 may be vulnerable to HMAC comparison timing attacks Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability ...

CVE-2025-68113

ALTCHA is privacy-first software for captcha and bot protection. A cryptographic semantic binding flaw in ALTCHA libraries allows challenge payload splicing, which may enable replay attacks. The HMAC signature does not unambiguously bind challenge parameters to the nonce, allowing an attacker to...

CVE-2025-68113 ALTCHA Proof-of-Work Vulnerable to Challenge Splicing and Replay

ALTCHA is privacy-first software for captcha and bot protection. A cryptographic semantic binding flaw in ALTCHA libraries allows challenge payload splicing, which may enable replay attacks. The HMAC signature does not unambiguously bind challenge parameters to the nonce, allowing an attacker to...

CVE-2025-68113 ALTCHA Proof-of-Work Vulnerable to Challenge Splicing and Replay

ALTCHA is privacy-first software for captcha and bot protection. A cryptographic semantic binding flaw in ALTCHA libraries allows challenge payload splicing, which may enable replay attacks. The HMAC signature does not unambiguously bind challenge parameters to the nonce, allowing an attacker to...

CVE-2025-68113 ALTCHA Proof-of-Work Vulnerable to Challenge Splicing and Replay

ALTCHA is privacy-first software for captcha and bot protection. A cryptographic semantic binding flaw in ALTCHA libraries allows challenge payload splicing, which may enable replay attacks. The HMAC signature does not unambiguously bind challenge parameters to the nonce, allowing an attacker to...

EUVD-2025-203484

ALTCHA is privacy-first software for captcha and bot protection. A cryptographic semantic binding flaw in ALTCHA libraries allows challenge payload splicing, which may enable replay attacks. The HMAC signature does not unambiguously bind challenge parameters to the nonce, allowing an attacker to...

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the HMAC computation. An attacker can bypass intended challenge expiration and reuse previously solved challenges by submitting a valid proof-of-work with a modified expiration value,...

ALTCHA 数据伪造问题漏洞

ALTCHA is a self-hosted CAPTCHA software from ALTCHA Open Source. ALTCHA suffers from a Data Forgery Problem vulnerability that stems from HMAC signatures not explicitly bound to challenge parameters, which could lead to replay attacks...

ALTCHA Proof-of-Work Vulnerable to Challenge Splicing and Replay

A cryptographic semantic binding flaw in ALTCHA libraries allows challenge payload splicing, which may enable replay attacks. The HMAC signature does not unambiguously bind challenge parameters to the nonce, allowing an attacker to reinterpret a valid proof-of-work submission with a modified...

ALTCHA Proof-of-Work Vulnerable to Challenge Splicing and Replay

Impact A cryptographic semantic binding flaw in ALTCHA libraries allows challenge payload splicing, which may enable replay attacks. The HMAC signature does not unambiguously bind challenge parameters to the nonce, allowing an attacker to reinterpret a valid proof-of-work submission with a modifi...

Unity Linux 20.1070e Security Update: krb5 (UTSA-2025-991244)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991244 advisory. A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If...

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization via the EOTS manager endpoints when these endpoints are accessible to the public without HMAC protection. An attacker can trigger unauthorized actions by sending crafted requests to the exposed RPC endpoints...

GHSA-4JMP-X7MH-RGMR Finality Provider vulnerable to anti-slashing bypassing due to misconfiguration

Summary The anti-slashing is not effective if the attacker can access EOTS manager endpoints. Impact If the EOTS manager endpoints are open to public without HMAC protection, the attacker can manually cause slashing of the finality provider through the RPC endpoints. Report credits go to:...

CVE-2025-53960

When issuing JSON Web Tokens JWT, Apache StreamPark directly uses the user's password as the HMAC signing key e.g., with the HS256 algorithm. An attacker can exploit this vulnerability to perform offline brute-force attacks on the user's password using a captured JWT, or to arbitrarily forge...

Network-Vuln

🔍 Network Vulnerability Scanner !Pythonhttps://img.shiel...

EUVD-2013-7289

Plack-Middleware-Session versions before 0.17 may be vulnerable to HMAC comparison timing attacks...

CVE-2013-10031

Plack-Middleware-Session versions before 0.17 may be vulnerable to HMAC comparison timing attacks...

DEBIAN-CVE-2013-10031

Plack-Middleware-Session versions before 0.17 may be vulnerable to HMAC comparison timing attacks...