3 matches found
CVE-2026-34240
JOSE is a Javascript Object Signing and Encryption JOSE library. Prior to version 0.3.5+1, a vulnerability in jose could allow an unauthenticated, remote attacker to forge valid JWS/JWT tokens by using a key embedded in the JOSE header jwk. The vulnerability exists because key selection could tre...
The vulnerability of the OpenSSH ECDSA Key Handler component in JavaScript-based object signing and encryption technologies allows a malicious actor to gain unauthorized access to OpenSSH ECDSA public keys.
The vulnerability of the OpenSSH ECDSA Key Handler component in JavaScript-based object signing and encryption technologies is related to the determination of the blacklist of prefixes for public keys. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to...
CVE-2011-2993
The implementation of digital signatures for JAR files in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not prevent calls from unsigned JavaScript code to signed code, which allows remote attackers to bypass the Same Origin Policy and gain privileges vi...