AppleSEPKeyStore Stress Tester / Fuzzer

This code is not a fully functional exploit, but rather a concurrency stress test and race-condition trigger targeting the Apple Secure Enclave key management driver AppleSEPKeyStore...

CVE-2026-34240

JOSE is a Javascript Object Signing and Encryption JOSE library. Prior to version 0.3.5+1, a vulnerability in jose could allow an unauthenticated, remote attacker to forge valid JWS/JWT tokens by using a key embedded in the JOSE header jwk. The vulnerability exists because key selection could tre...

GHSA-VM9R-H74P-HG97 jose vulnerable to untrusted JWK header key acceptance during signature verification

Impact A vulnerability in jose versions up to and including 0.3.5 could allow an unauthenticated, remote attacker to forge valid JWS/JWT tokens by using a key embedded in the JOSE header jwk. The vulnerability exists because key selection could treat header-provided jwk as a verification candidat...

CVE-2026-34240

JOSE is a Javascript Object Signing and Encryption JOSE library. Prior to version 0.3.5+1, a vulnerability in jose could allow an unauthenticated, remote attacker to forge valid JWS/JWT tokens by using a key embedded in the JOSE header jwk. The vulnerability exists because key selection could tre...

CVE-2026-34240

JOSE is a Javascript Object Signing and Encryption JOSE library. Prior to version 0.3.5+1, a vulnerability in jose could allow an unauthenticated, remote attacker to forge valid JWS/JWT tokens by using a key embedded in the JOSE header jwk. The vulnerability exists because key selection could tre...

CVE-2026-34240

Summary : CVE-2026-34240 affects the JOSE JavaScript library. Prior to 0.3.5+1, an unauthenticated, remote attacker could forge valid JWS/JWT tokens by embedding an attacker-controlled public key in the JOSE header (jwk) and exploiting header-provided keys as verification candidates even if not p...

CVE-2026-34240 jose vulnerable to untrusted JWK header key acceptance during signature verification

JOSE is a Javascript Object Signing and Encryption JOSE library. Prior to version 0.3.5+1, a vulnerability in jose could allow an unauthenticated, remote attacker to forge valid JWS/JWT tokens by using a key embedded in the JOSE header jwk. The vulnerability exists because key selection could tre...

EUVD-2026-17498

JOSE is a Javascript Object Signing and Encryption JOSE library. Prior to version 0.3.5+1, a vulnerability in jose could allow an unauthenticated, remote attacker to forge valid JWS/JWT tokens by using a key embedded in the JOSE header jwk. The vulnerability exists because key selection could tre...

CVE-2026-34240 jose vulnerable to untrusted JWK header key acceptance during signature verification

JOSE is a Javascript Object Signing and Encryption JOSE library. Prior to version 0.3.5+1, a vulnerability in jose could allow an unauthenticated, remote attacker to forge valid JWS/JWT tokens by using a key embedded in the JOSE header jwk. The vulnerability exists because key selection could tre...

PT-2026-29287

JOSE is a Javascript Object Signing and Encryption JOSE library. Prior to version 0.3.5+1, a vulnerability in jose could allow an unauthenticated, remote attacker to forge valid JWS/JWT tokens by using a key embedded in the JOSE header jwk. The vulnerability exists because key selection could tre...

MiracleLinux 9 : nss-3.79.0-17.el9 (AXSA:2023-5231:02)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-5231:02 advisory. nss: Arbitrary memory write via PKCS 12 CVE-2023-0767 Bug Fixes: In FIPS mode, nss should reject RSASSA-PSS salt lengths larger than the output size of the...

IBM AIX和IBM VIOS 安全漏洞

IBM AIX and IBM VIOS are both products of the International Business Machines IBM Corporation.IBM AIX is an open standards-based UNIX operating system developed for the IBM Power architecture.IBM VIOS is part of the PowerVm® Editions hardware feature set.IBM AIX is an open standards-based UNIX...

EUVD-2020-24606

Malware in sbrugna...

EUVD-2020-1477

Malware in sbrugna...

EUVD-2006-6590

Malware in sbrugna...

EUVD-2017-1358

Malware in sbrugna...

CVE-2025-9785

The CVE concerns PaperCut Print Deploy (NG/MF integration) where using self‑signed or private CA certificates, without proper trust store configuration, can allow man‑in‑the‑middle attacks between clients and the server. The documentation gap on SSL configuration is cited as a contributing factor...

CVE-2025-9785 Misconfigured certificate validation with self-signed certificates for Print Deploy

PaperCut Print Deploy is an optional component that integrates with PaperCut NG/MF which simplifies printer deployment and management. When the component is deployed to an environment, the customer has an option to configure the system to use a self-signed certificate. If the customer does not...

CVE-2024-29952

A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow an authenticated user to print the Auth, Priv, and SSL key store passwords in unencrypted logs by manipulating command variables...

CVE-2020-26234

Opencast before versions 8.9 and 7.9 disables HTTPS hostname verification of its HTTP client used for a large portion of Opencast's HTTP requests. Hostname verification is an important part when using HTTPS to ensure that the presented certificate is valid for the host. Disabling it can allow for...