2 matches found
CVE-2026-4603
A flaw was found in jsrsasign. An attacker can exploit a division by zero vulnerability by supplying a specially crafted JSON Web Key JWK whose modulus decodes to zero. This vulnerability can force RSA public-key operations, such as verification and encryption, to produce deterministic zero...
CVE-2026-4600
Versions of the package jsrsasign before 11.1.1 are vulnerable to Improper Verification of Cryptographic Signature via the DSA domain-parameter validation in KJUR.crypto.DSA.setPublic and the related DSA/X509 verification flow in src/dsa-2.0.js. An attacker can forge DSA signatures or X.509...