5 matches found
EUVD-2025-15798
Malicious code in bioql PyPI...
EUVD-2022-5003
Malicious code in bioql PyPI...
Improper Verification Of Cryptographic Signature
OpenPGP.js is vulnerable to Signature Spoofing. The vulnerability is due to improper signature verification due to functions openpgp.verify and openpgp.decrypt returning valid signature results on tampered data in inline-signed or signed-and-encrypted messages...
OpenPGP.js's message signature verification can be spoofed
Impact A maliciously modified message can be passed to either openpgp.verify or openpgp.decrypt, causing these functions to return a valid signature verification result while returning data that was not actually signed. This flaw allows signature verifications of inline non-detached signed messag...
PT-2025-22082 · Unknown · Openpgp.Js
Name of the Vulnerable Software and Affected Versions: OpenPGP.js versions 5.0.1 through 5.11.2 OpenPGP.js versions 6.0.0 through 6.1.0 Description: A maliciously modified message can be passed to either openpgp.verify or openpgp.decrypt, causing these functions to return a valid signature...