EUVD-2026-33073

Better Auth is an authentication and authorization library for TypeScript. Prior to 1.4.17 and 1.5.0-beta.9, Better Auth's HTTP rate limiter keyed each request by the exact textual IP address it received in x-forwarded-for or the configured IP-bearing header. IPv6 clients controlling a typical /6...

JLSEC-2026-69

In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS11-hosted private keys, these constraints are only applied to the first key, even if a PKCS11 token returns multiple keys...

Advanced Python Payload Encryption Framework with Hybrid Cryptography Steganography and Anti‑Debugging

This Python program implements an advanced payload protection framework that combines multiple security and obfuscation techniques to encrypt, package, and distribute Python code. The framework supports hybrid encryption, multi‑key protection, anti‑debugging checks, and optional steganographic...

On the Impossibility of Simulation Security for Quantum Functional Encryption

Functional encryption is a powerful cryptographic primitive that enables fine-grained access to encrypted data and underlies numerous applications. Although the ideal security notion for FE simulation security has been shown to be impossible in the classical setting, those impossibility results...

EUVD-2023-25793

Malicious code in bioql PyPI...

CVE-2023-21626

Cryptographic issue in HLOS due to improper authentication while performing key velocity checks using more than one key...

Important: containerd

Issue Overview: Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is in fact used to...

AZL-54353 CVE-2024-45337 affecting package cri-o 1.30.1-1

Applications and libraries which misuse connection.serverAuthenticate via callback field ServerConfig.PublicKeyCallback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is...

Malicious code in multiple-keys (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware da4233e3b39779d62d23e578c4ceb25ff5a78a6f0285b709b91ef0cf36ed7d7e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-9013 Malicious code in multiple-keys (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware da4233e3b39779d62d23e578c4ceb25ff5a78a6f0285b709b91ef0cf36ed7d7e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

ALPINE-CVE-2023-51384

In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS11-hosted private keys, these constraints are only applied to the first key, even if a PKCS11 token returns multiple keys...

Missing Critical Step in Authentication

Overview Affected versions of this package are vulnerable to Missing Critical Step in Authentication due to improper enforcement of security constraints on PKCS11-hosted private keys. An attacker can bypass intended security restrictions by exploiting the issue where only the first key is...

PT-2023-18289 · Hlos · Hlos

Name of the Vulnerable Software and Affected Versions: HLOS affected versions not specified Description: The issue is related to a cryptographic problem in HLOS due to improper authentication during key velocity checks when using more than one key. Recommendations: At the moment, there is no...

SUSE CVE-2013-3704

The RPM GPG key import and handling feature in libzypp 12.15.0 and earlier reports a different key fingerprint than the one used to sign a repository when multiple key blobs are used, which might allow remote attackers to trick users into believing that the repository was signed by a...

SUSE CVE-2022-24812

Grafana is an open-source platform for monitoring and observability. When fine-grained access control is enabled and a client uses Grafana API Key to make requests, the permissions for that API Key are cached for 30 seconds for the given organization. Because of the way the cache ID is constructe...

Grafana fine-grained access control API Key privilege escalation

Grafana is an open-source platform for monitoring and observability. When fine-grained access control is enabled and a client uses Grafana API Key to make requests, the permissions for that API Key are cached for 30 seconds for the given organization. Because of the way the cache ID is constructe...

CVE-2021-46743

In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue e.g., RS256 / HS256 exists via the kid aka Key ID header, when multiple types of keys are loaded in a key ring. This allows an attacker to forge tokens that validate under the incorrect key. NOTE: this provides a straightforward way t...

PT-2022-12914 · Firebase +1 · Firebase Php-Jwt +1

Name of the Vulnerable Software and Affected Versions: Firebase PHP-JWT versions prior to 6.0.0 Description: The issue is related to an algorithm-confusion problem, where an attacker can forge tokens that validate under the incorrect key when multiple types of keys are loaded in a key ring. This...

Linux/x86 - Multiple keys XOR Encoder / Decoder execve(/bin/sh) Shellcode (59 bytes)

Title: Linux/x86 - Multiple keys XOR Encoder / Decoder execve/bin/sh Shellcode 59 bytes Author: Xavi Beltran Date: 05/05/2019 Contact: email protected Purpose: spawn /bin/sh shell Tested On: Ubuntu 3.5.0-17-generic Arch: x86 Size: 59 bytes sh.nasm global start section .text start: xor eax, eax pu...