Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2025/08/10 12:15 a.m.7 views

CVE-2025-54887

jwe is a Ruby implementation of the RFC 7516 JSON Web Encryption JWE standard. In versions 1.1.0 and below, authentication tags of encrypted JWEs can be brute forced, which may result in loss of confidentiality for those JWEs and provide ways to craft arbitrary JWEs. This puts users at risk becau...

9.1CVSS6.8AI score0.00231EPSS
Exploits1References1
OSV
OSV
added 2025/08/07 8:55 p.m.10 views

GHSA-C7P4-HX26-PR73 JWE is missing AES-GCM authentication tag validation in encrypted JWE

Overview The authentication tag of encrypted JWEs can be brute forced, which may result in loss of confidentiality for those JWEs and provide ways to craft arbitrary JWEs. Impact - JWEs can be modified to decrypt to an arbitrary value - JWEs can be decrypted by observing parsing differences - The...

9.1CVSS6.4AI score0.00231EPSS
Exploits1References5
OSV
OSV
added 2025/05/05 9:17 p.m.3 views

MAL-2025-3927 Malicious code in world-id-discord (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 17c2aa40d0cfe3dd971a7de35ba8d570a70d3b34f516dd5d69eff3bd7309bf96 Any computer that has this package installed or running should be considered...

7AI score
Exploits0References3
OSV
OSV
added 2025/03/14 1:4 a.m.7 views

MAL-2025-2359 Malicious code in aiven-docs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f7ef5fbee116dc7c6a033971fa455298110b289026b14470eb6120ae7aa06467 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References3
OSV
OSV
added 2025/03/11 11:19 p.m.4 views

MAL-2025-2270 Malicious code in prop2json (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ba3f95e1ff84041bd744e219bdd29d520207636ad498e6d7609a6717aac068d5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
added 2025/02/07 6:0 a.m.1 views

MAL-2025-1248 Malicious code in internallib_v185 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8939bc2acda7e18713b6ff48ec41b70f18201a851beeabecd0e544cfe80430c9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References3
OSV
OSV
added 2022/11/22 11:7 a.m.12 views

MAL-2022-2292 Malicious code in cvs-codestyle (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3da5af16e19bb4b158ddf6bab94fe69208f359c22aa8538d55e4fa3e4ea41e2e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Rows per page
Query Builder