PT-2026-47830

Issue Summary: The PKCS12 file processing fails to perform sufficient input validation for files that use Password-Based Message Authentication Code 1 PBMAC1 integrity mechanism allowing a certificate and private key forgery. Impact Summary: An attacker impersonating a user can cause a service...

CVE-2026-45614 OP-TEE vulnerable to ECDH private key recovery

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Prior to version 4.11.0, on many of the ECDH shared secret paths, the public key isn't verified to be a point on the correct curve. By...

WordPress plugin Subscribe To Comments Reloaded 信息泄露漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

CVE-2026-23965

sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A signature forgery vulnerability exists in the SM2 signature verification logic of sm-crypto prior to version 0.4.0. Under default configurations, an attacker can forge valid signatures for...

CVE-2026-23965

CVE-2026-23965 affects the JavaScript library sm-crypto, which implements SM2/SM3/SM4. The issue lies in the SM2 signature verification logic in versions prior to 0.4.0. Under default configurations, an attacker can forge valid signatures for arbitrary public keys, enabling signature forgery. If ...

CVE-2024-7516

CVE-2024-7516 affects Brocade Fabric OS versions before 9.2.2. The vulnerability arises from the ability to forge SSH keys during remote operations initiated by a switch admin, enabling man-in-the-middle remote service session hijacking. Impact is described as high for confidentiality, integrity,...

Brocade Fabric OS Encryption Issues Vulnerabilities

Brocade Fabric OS FOS is a set of embedded operating systems used in devices such as switches and routers from Brocade USA. A security vulnerability exists in Brocade Fabric OS FOS that stems from allowing the installation of forged or fraudulent license keys...

FortiNAC - Stored XSS triggering RCE via license key forgery

An improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability CWE-79 in FortiNAC License Management would permit an authenticated attacker to trigger remote code execution via crafted licenses...

Mozilla Thunderbird 数据伪造问题漏洞

Mozilla Thunderbird is the United States Mozilla Foundation's set of independent from the Mozilla Application Suite e-mail client software. The program supports IMAP, POP mail protocols and HTML mail format. Mozilla Thunderbird has a security vulnerability that allows an attacker to create a...

CVE-2014-5351

The kadm5randkeyprincipal3 function in lib/kadm5/srv/svrprincipal.c in kadmind in MIT Kerberos 5 aka krb5 before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access...

Ruby OpenSSL CA private key forgery vulnerability-vulnerability warning-the black bar safety net

The Ruby OpenSSL CA private key forgery vulnerability require ‘rubygems’ require ‘openssl’ require 'digest/md5' key = OpenSSL::PKey::RSA. new2 0 4 8 cipher = OpenSSL::Cipher::AES. new2 5 6, :CBC ctx = OpenSSL::SSL::SSLContext. new puts “Spoof must be in DER format and saved as root. cer” raw =...