Lucene search
K

4 matches found

OSV
OSV
added 2026/06/26 7:11 p.m.2 views

GHSA-JFC7-64V2-MR8C @sigstore/core has DSSE payloadType type-binding failure

Impact The preAuthEncoding function in @sigstore/core uses Node.js 'ascii' encoding when converting the PAE Pre-Authentication Encoding string to bytes. This allows payloadType to be mutated after signing without invalidating the signature, breaking the type-binding guarantee that DSSE is designe...

5.4CVSS5.8AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 8:45 a.m.4 views

CVE-2025-40758

A vulnerability has been identified in Mendix SAML Mendix 10.12 compatible All versions V4.0.3, Mendix SAML Mendix 10.21 compatible All versions V4.1.2, Mendix SAML Mendix 9.24 compatible All versions V3.6.21. Affected versions of the module insufficiently enforce signature validation and binding...

8.7CVSS7.3AI score0.00221EPSS
Exploits0References1
NVD
NVD
added 2025/08/14 3:15 p.m.6 views

CVE-2025-40758

A vulnerability has been identified in Mendix SAML Mendix 10.12 compatible All versions V4.0.3, Mendix SAML Mendix 10.21 compatible All versions V4.1.2, Mendix SAML Mendix 9.24 compatible All versions V3.6.21. Affected versions of the module insufficiently enforce signature validation and binding...

8.7CVSS0.00221EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/14 3:6 p.m.7 views

CVE-2025-40758

A vulnerability has been identified in Mendix SAML Mendix 10.12 compatible All versions V4.0.3, Mendix SAML Mendix 10.21 compatible All versions V4.1.2, Mendix SAML Mendix 9.24 compatible All versions V3.6.21. Affected versions of the module insufficiently enforce signature validation and binding...

8.7CVSS0.00221EPSS
Exploits0References1
Rows per page
Query Builder