Lucene search
K

37 matches found

osv
osv
added 2025/05/13 5:16 p.m.5 views

UBUNTU-CVE-2025-3757

Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification...

9.8CVSS5.8AI score0.00355EPSS
Exploits0References4
snyk
snyk
added 2025/05/13 4:44 p.m.1 views

Authentication Bypass by Primary Weakness

Overview Affected versions of this package are vulnerable to Authentication Bypass by Primary Weakness due to the improper handling of JWS signature verification. An attacker can bypass security checks and authenticate using a specially crafted JWS without valid credentials. Note: CVE-2025-4658 i...

10CVSS6.9AI score0.00355EPSS
Exploits0References2
snyk
snyk
added 2025/05/13 4:44 p.m.1 views

Authentication Bypass by Primary Weakness

Overview Affected versions of this package are vulnerable to Authentication Bypass by Primary Weakness due to the improper handling of JWS signature verification. An attacker can gain unauthorized access by submitting a specially crafted JWS that bypasses the signature check. This is only...

10CVSS7AI score0.00295EPSS
Exploits0References2
cvelist
cvelist
added 2025/05/13 4:33 p.m.19 views

CVE-2025-4658 Authentication Bypass in OPKSSH

Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification. As OPKSSH depends on the OpenPubkey library for authentication, this vulnerability in OpenPubkey also applies to OPKSSH versions prior to 0.5.0 and...

9.3CVSS0.00295EPSS
Exploits0References1
osv
osv
added 2025/05/13 4:33 p.m.6 views

CVE-2025-4658 Authentication Bypass in OPKSSH

Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification. As OPKSSH depends on the OpenPubkey library for authentication, this vulnerability in OpenPubkey also applies to OPKSSH versions prior to 0.5.0 and...

9.3CVSS7.2AI score0.00295EPSS
Exploits0References3
cve
cve
added 2025/05/13 4:33 p.m.58 views

CVE-2025-4658

CVE-2025-4658 affects the OpenPubkey library prior to 0.10.0, which allows a specially crafted JWS to bypass signature verification. Because OPKSSH relies on OpenPubkey for authentication, OPKSSH versions prior to 0.5.0 are also vulnerable and could bypass authentication. Public references in OSV...

9.8CVSS6.9AI score0.00295EPSS
Exploits0References1Affected Software2
vulnrichment
vulnrichment
added 2025/05/13 4:33 p.m.9 views

CVE-2025-4658 Authentication Bypass in OPKSSH

Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification. As OPKSSH depends on the OpenPubkey library for authentication, this vulnerability in OpenPubkey also applies to OPKSSH versions prior to 0.5.0 and...

9.3CVSS6.5AI score0.00295EPSS
Exploits0References1
debiancve
debiancve
added 2025/05/13 4:33 p.m.9 views

CVE-2025-4658

Removed by vendor...

9.8CVSS9.2AI score0.00295EPSS
Exploits0
osv
osv
added 2025/05/13 4:33 p.m.7 views

CVE-2025-3757 Authentication Bypass in OpenPubKey

Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification...

9.3CVSS6AI score0.00355EPSS
Exploits0References3
cvelist
cvelist
added 2025/05/13 4:33 p.m.26 views

CVE-2025-3757 Authentication Bypass in OpenPubKey

Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification...

9.3CVSS0.00355EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/05/13 4:33 p.m.8 views

CVE-2025-3757 Authentication Bypass in OpenPubKey

Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification...

9.3CVSS6.5AI score0.00355EPSS
Exploits0References1
cve
cve
added 2025/05/13 4:33 p.m.59 views

CVE-2025-3757

OpenPubkey library, versions prior to 0.10.0, contain a vulnerability that allows a specially crafted JWS to bypass signature verification. This is documented across multiple connected sources (e.g., OSV/GHSA entries) and is the root cause described by CVE-2025-3757. Impact is high for confidenti...

9.8CVSS6.9AI score0.00355EPSS
Exploits0References1Affected Software1
debiancve
debiancve
added 2025/05/13 4:33 p.m.11 views

CVE-2025-3757

Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification...

9.8CVSS8.4AI score0.00355EPSS
Exploits0
cnnvd
cnnvd
added 2025/05/13 12:0 a.m.6 views

OpenPubkey 安全漏洞

OpenPubkey is an OpenPubkey reference implementation of OpenPubkey open source. A security vulnerability exists in OpenPubkey versions prior to 0.10.0 and OPKSSH versions prior to 0.5.0, which stems from a specially crafted JWS that can bypass signature verification and may result in bypassing...

9.8CVSS9AI score0.00295EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2025/05/13 12:0 a.m.6 views

PT-2025-20928 · Unknown +1 · Openpubkey +1

Name of the Vulnerable Software and Affected Versions: OpenPubkey library versions prior to 0.10.0 OPKSSH versions prior to 0.5.0 Description: The issue allows a specially crafted JWS to bypass signature verification. This affects OPKSSH as it depends on the OpenPubkey library for authentication,...

9.8CVSS7.3AI score0.00858EPSS
Exploits4References23
ptsecurity
ptsecurity
added 2025/05/13 12:0 a.m.2 views

PT-2025-20927 · Unknown · Openpubkey

Name of the Vulnerable Software and Affected Versions: OpenPubkey versions prior to 0.10.0 Description: The issue allows a specially crafted JWS to bypass signature verification. Recommendations: For versions prior to 0.10.0, update to version 0.10.0 or later to resolve the issue. As a temporary...

9.8CVSS8.1AI score0.00858EPSS
Exploits4References24
cnnvd
cnnvd
added 2025/05/13 12:0 a.m.4 views

OpenPubkey 安全漏洞

OpenPubkey is an OpenPubkey reference implementation of OpenPubkey open source. A security vulnerability exists in OpenPubkey versions prior to 0.10.0, which stems from a specially crafted JWS that can bypass signature verification...

9.8CVSS9AI score0.00355EPSS
Exploits0References1
Rows per page
Query Builder